A
Anonymous
Guest
Hi,
I posted this as a follow-on to a different topic but that never had any views so I thought I'd best start a new topic -
I have the following code as my login.php
and the following is the login.html
Although the login details are correct, and no error message is passed, the page is not redirecting to welcome.php but, for some bizzare reason is going to a totally different php file in the same directory. The connect.php echos that the connection has been made succesfully and my file - register.php - connects and correctly adds a username and hashed password to the adminusers table.
If anyone has any ideas why, and how I can make it go to the correct redirected file, I would be very grateful (sorry, not financially as I'm doing this for a charity so I'm not getting anything for it either)
I posted this as a follow-on to a different topic but that never had any views so I thought I'd best start a new topic -
I have the following code as my login.php
Code:
require 'connect.php';
//reads the database connect details and connects to the server
//If the POST var "login" exists (from the submit button), then we can
//assume that the user has submitted the login form to run this script.
if(isset($_POST['login'])){
//Retrieve the field values from our login form.
$username = !empty($_POST['username']) ? trim($_POST['username']) : null;
$passwordAttempt = !empty($_POST['password']) ? trim($_POST['password']) : null;
//Retrieve the user account information for the given username.
$sql = "SELECT id, username, password FROM adminusers WHERE username = :username";
$stmt = $pdo->prepare($sql);
//Bind value.
$stmt->bindValue(':username', $username);
//Execute.
$stmt->execute();
//Fetch row.
$user = $stmt->fetch(PDO::FETCH_ASSOC);
//If $row is FALSE.
if($user === false){
//Cannot find a user with that username!
die('Incorrect username / password combination!');
} else{
//User account found. Check to see if the given password matches the
//password hash that was stored in the adminusers table.
//Compare the passwords.
$validPassword = password_verify($passwordAttempt, $user['password']);
//If $validPassword is TRUE, the login has been successful.
if($validPassword){
//Provide the user with a login session and Redirect to our protected page, which is called welcome.php
$_SESSION['user_id'] = $user['id'];
$_SESSION['logged_in'] = time();
header('Location: welcome.php');
/* Make sure that code below does not get executed when it redirects. */
exit;
} else{
//$validPassword was FALSE. Passwords do not match.
die('Incorrect username / password combination!');
}
}
}
and the following is the login.html
Code:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Login</title>
</head>
<body>
<h1>Login</h1>
<form action="login.php" method="post">
<label for="username">Username</label>
<input type="text" id="username" name="username"><br>
<label for="password">Password</label>
<input type="text" id="password" name="password"><br>
<input type="submit" name="login" value="Login">
</form>
</body>
</html>
Although the login details are correct, and no error message is passed, the page is not redirecting to welcome.php but, for some bizzare reason is going to a totally different php file in the same directory. The connect.php echos that the connection has been made succesfully and my file - register.php - connects and correctly adds a username and hashed password to the adminusers table.
If anyone has any ideas why, and how I can make it go to the correct redirected file, I would be very grateful (sorry, not financially as I'm doing this for a charity so I'm not getting anything for it either)