0

I already searched here on stackoverflow and on google but couldn't solve the problem.

For my login page I used the code here https://github.com/Tutorialwork/Tutorials/tree/ac1ee61c5b43bde9b811759eaabcbed027b56385

With all respect to the developer who originally wrote this code.

When I click on the submit button (named as "Einloggen") it is not redirecting to the "geheim.php". This is not working on my server only. If I use XAMPP and put in the database credentials it is working without any problem.

On the server it looks like it is just refreshing the index.php page. There is no error in the Chrome console. I tried it with Chrome and Safari. Both on the Mac.

In the mysql.php the credentials I used are the credentials for the server. I put in the real credentials and not the credentials as in the code. This anyhow is not the problem.

When I echo the variable $count then it gives me value of 1 which means that the connection is working. I used the code like I posted it here. So, the echo I just used for testing purposes. Because I read that echo's causing problems with "Location".

When I type in wrong password or wrong user it shows me the echo as expected and written in the code ("Der Login ist fehlgeschlagen"). Means that database is really not the problem.

This line is not working:

header("Location: geheim.php");

I didn't post the register.php here because it shouldn't be the cause of the problem. But you can use it to create a user.

In sql or in PhpMyAdmin I created the database table.

CREATE TABLE accounts (USERNAME varchar(255), PASSWORD varchar(255));

index.php:Main page where I can login. mysql.php: Contains database credentials. logout.php: Is doing the logout on the geheim.php page by clicking on the button geheim.php: The page which should be displayed after I click the submit Button on the index.php

Like I said, the credentials are fine and it is working locally on my computer. It is redirecting, login logout. But when I upload it on the server it is not redirecting.

index.php

<!DOCTYPE html>
<html lang="en" dir="ltr">
  <head>
    <meta charset="utf-8">
    <title>Login</title>
  </head>
  <body>
    <?php
    if(isset($_POST["submit"])){
      require("mysql.php");
      $stmt = $mysql->prepare("SELECT * FROM accounts WHERE USERNAME = :user"); //Username überprüfen
      $stmt->bindParam(":user", $_POST["username"]);
      $stmt->execute();
      $count = $stmt->rowCount();
      if($count == 1){
        //Username ist frei
        $row = $stmt->fetch();
        if(password_verify($_POST["pw"], $row["PASSWORD"])){
          session_start();
          $_SESSION["username"] = $row["USERNAME"];
          header("Location: geheim.php");
        } else {
          echo "Der Login ist fehlgeschlagen";
        }
      } else {
        echo "Der Login ist fehlgeschlagen";
      }
    }
     ?>
    <h1>Anmelden</h1>
    <form action="index.php" method="post">
      <input type="text" name="username" placeholder="Username" required><br>
      <input type="password" name="pw" placeholder="Passwort" required><br>
      <button type="submit" name="submit">Einloggen</button>
    </form>
    <br>
    <a href="register.php">Noch keinen Account?</a>
  </body>
</html>

mysql.php

<?php
$host = "localhost";
$name = "test";
$user = "root";
$passwort = "";
try{
    $mysql = new PDO("mysql:host=$host;dbname=$name", $user, $passwort);
} catch (PDOException $e){
    echo "SQL Error: ".$e->getMessage();
}
 ?>

logout.php

<?php
session_start();
session_destroy();
header("Location: index.php");
 ?>

geheim.php

<?php
session_start();
if(!isset($_SESSION["username"])){
  header("Location: index.php");
  exit;
}
 ?>
<!DOCTYPE html>
<html lang="en" dir="ltr">
  <head>
    <meta charset="utf-8">
    <title></title>
  </head>
  <body>
    <h1>Top Secret</h1>
    <a href="logout.php">Abmelden</a>
  </body>
</html>

UPDATE: If I use

echo '<meta http-equiv="refresh" content="0; url=geheim.php">';

instead of

header("Location: geheim.php");

it shows at least the geheim.php But the problem still exists.

enter image description here

ADyson
  • 57,178
  • 14
  • 51
  • 63
Data Science
  • 19
  • 3
  • 3
    You should be getting a warning (either in your PHP log, or on-screen, depending on your PHP settings). This is almost certainly a duplicate of [How to fix "Headers already sent" error in PHP](https://stackoverflow.com/questions/8028957/how-to-fix-headers-already-sent-error-in-php). Move your form-processing code to _before_ you output any HTML. – ADyson Apr 27 '23 at 09:17
  • The problem is that the static HTML causes PHP to start outputting the body of the HTTP response to the browser. in a HTTP response the headers must come before the body, so when it starts body it also sends all the configured response headers first, to fulfil that requirement. Therefore, you cannot then set more headers (such as the "Location" redirect header) later in the code, after that has already happened. – ADyson Apr 27 '23 at 09:19
  • 1
    P.S. catching the connection error here: `} catch (PDOException $e){ echo "SQL Error: ".$e->getMessage(); }` is an anti-pattern. Think about it...if the connection attempt fails,your code is echoing the error (which is itself a security risk...in a live environment it should always be logged to a file!), but then just allowing the code to carry on! That really isn't logical, because it will just lead to more errors when the code tries to run a query on a non-existent connection. It would be much more sensible to just let it crash. https://phpdelusions.net/pdo#errors has good advice on this. – ADyson Apr 27 '23 at 09:22
  • thanks for replying. To write the errors in a log file is really helpful. Wasn't thinking about it. I recently started web programming. I didn't get any errors. Not even a warning referring to the link you posted like "Warning: Cannot modify header information - headers already sent by (output started at /some/file.php:12) in /some/file.php on line 23". Can you please share the solution as code? – Data Science Apr 27 '23 at 10:29
  • `Can you please share the solution as code`...you literally just need to move all that HTML before `` – ADyson Apr 27 '23 at 10:30
  • You might also want to consider converting `echo "Der Login ist fehlgeschlagen";` into something like `$message = "Der Login ist fehlgeschlagen";` and then having `if (!empty($message)) { echo $message; }` later on in the page, so that the message (if any) still appears in the intended place in the page. – ADyson Apr 27 '23 at 10:31
  • 2
    `I didn't get any errors. Not even a warning`...possibly your environment has error and warning reporting switched off then? That is never a good thing. Or possibly it's recording them in a PHP error log file that you're not aware of. You can look up online how to configure your PHP environment's error settings (via the PHP.ini file) according to your needs. Most of the time, people set it for on-screen errors, warnings and notices to appear in their development environment, so it's easy to see, and then on a live server you would configure it to log them to a file instead. – ADyson Apr 27 '23 at 10:38
  • From your latest screenshot, it shows that the browser went to geheim.php, but that geheim.php immediately redirected back to index.php (a 302 response code [indicates a redirect](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/302)). That must mean that the `session_start(); if(!isset($_SESSION["username"])){ header("Location: index.php"); exit; }` code in geheim.php was used to make the redirect. The only reason that could happen would be if `$_SESSION["username"] = $row["USERNAME"];` was never executed in the login code. So maybe your code never actually gets to that bit? – ADyson Apr 27 '23 at 10:46

0 Answers0