0

I am building as a site as an admin and learn more about php. I am not sure what is wrong with my script, but I have to login twice to the page in order for it to work. Can anybody help me on what I am doing wrong here or am I missing something? Thank you.

Submit page - including the post.

<?php
                    if(isset($_POST['submit']))
                    {
                        include('common.php');

                        $username = trim($_POST['username']);
                        $password = trim($_POST['password']);

                        if($sqlquery = $conn->prepare("SELECT userID FROM user WHERE username = ? AND password = ?"))
                        {
                            $sqlquery->bind_param("ss", $username, $password);
                            $sqlquery->execute();
                            $sqlquery->store_result();
                            $count = $sqlquery->num_rows;

                            if($count > 0)
                            {
                                $sqlquery->bind_result($userid);
                                $sqlquery->fetch();
                                $_SESSION['currentUserID'] = $userid;
                                echo "<META http-equiv='refresh' content='0;URL=http://www.whatever.com/newPage.php'>";
                            }
                            else
                            {
                                echo "Wrong Username or Password";
                            }
                        }
                    }

The common.php has the info of the database and everything.... Here is it copied.

<?php
    $db_server = "localhost";
    $db_name = "something";
    $db_username = "something";
    $db_password = "something";
    
    $conn = mysqli_connect($db_server, $db_username, $db_password, $db_name );



    if (session_status() == PHP_SESSION_NONE) {
        ini_set('session.save_path',realpath(dirname($_SERVER['DOCUMENT_ROOT']) . '/session'));
        session_start();
        //echo "new session started user id: ".$_SESSION['currentUserID'];
}


    if (!$conn)
    {
        print "Could not connect." ;
        exit;
    }
?>
HelloItsMe
  • 11
  • 2
  • **Never store passwords in clear text or using MD5/SHA1!** Only store password hashes created using PHP's [`password_hash()`](https://php.net/manual/en/function.password-hash.php), which you can then verify using [`password_verify()`](https://php.net/manual/en/function.password-verify.php). Take a look at this post: [How to use password_hash](https://stackoverflow.com/q/30279321/1839439) and learn more about [bcrypt & password hashing in PHP](https://stackoverflow.com/a/6337021/1839439) – Dharman Feb 20 '21 at 00:31
  • What is `echo "";`? – Dharman Feb 20 '21 at 00:31
  • 1
    It's probably just a logical error. You perform login after checking if the user is logged in or not. – Dharman Feb 20 '21 at 00:32
  • newPage is where it redirects too after login. – HelloItsMe Feb 20 '21 at 00:35
  • Can't you just use `exit(header('Location: ...'));` – Dharman Feb 20 '21 at 00:37

0 Answers0