Unable to Redirect User

LiveOne · December 15, 2016, 11:21am

Hey Everyone

I’m very new to Php code and I need to redirect users of a website to the Home page once they have logged in.

I’m trying to create a car rental website so what needs to be done in order to make it work.

[php]
//get the number of rows in the result set: should be 1 if a match
if (mysqli_num_rows($result) == 1) {

//if authorized, get the values of f_name 1_name
while ($info = mysqli_fetch_array($result)) {
	$f_name = stripslashes($info['Username']);
	//$1_name = stripslashes($info['1_name']);
}


//set authorisation cookie
setcookie("auth", "1");


header("Location: home.php");
die();

}
[/php]
Any help would be appreciated.

astonecipher · December 15, 2016, 1:26pm

Please tell me the car rental site, is just for practice?

What isn’t working properly?

LiveOne · December 15, 2016, 3:54pm

I’m making the website in order to see how mysql and php work together as an exercise.

Whenever I try to run the login function that allows a user to enter their username and password, they aren’t redirected to the homepage of the website. Instead, the User Login page just turns completely blank and doesn’t do anything.

I’ve tried changing the code and doing trial by error work, but so far nothings worked.

astonecipher · December 15, 2016, 3:59pm

White pages generally mean a fatal error. Turn error reporting on, or go to the error logs, and see what happened.

JimL · December 15, 2016, 4:52pm

This doesn’t look like code from some login functionality, please add the entire login code if you want some advise

LiveOne · December 17, 2016, 1:39am

This is the entire code.
[php]<?php
//check for required fields from the form
if ((!isset($_POST[“Username”])) || (!isset($_POST[“Password”]))) {
header(“Location: userlogin.html”);
exit;
}

//connect to server and select database
$mysqli = mysqli_connect(“localhost”, “root”, “”, “car_rentals”)
or die (“Couldn’t connect to server.”);

//create and issue the query
$sql = “SELECT Username FROM customer WHERE Username = '”.$_POST[“Username”]."’ AND Password = ‘".$_POST[“Password”]."’";
$result = mysqli_query($mysqli, $sql) or die(mysqli_error($mysqli));

//get the number of rows in the result set: should be 1 if a match
if (mysqli_num_rows($result) == 1) {

//if authorized, get the values of f_name 1_name
while ($info = mysqli_fetch_array($result)) {
	$f_name = stripslashes($info['Username']);
	//$1_name = stripslashes($info['1_name']);
}


//set authorisation cookie
setcookie("auth", "1");


header("Location: home.php");
die();

}
?>

User Login [/php] I've already made a database table for the Username and Password. But I'm using Notepad++ to create the website and I'm unsure how to turn error reporting on or how to go to the error logs.

Thank you for your help so far.

benanamen · December 17, 2016, 3:29am

That is some really bad code. It is vulnerable to an SQL Injection Attack. You NEVER EVER save plaintext passwords to the DB and you NEVER EVER send user supplied data directly to the database. You need to learn about prepared statements. Despite it being in a lot of tutorials, you don’t output the DB errors to the user. For one, it is useless to the user and it is a security hole.

You are only looking for one result. There is no need for a while loop.

Since you are just starting you should just learn PDO. https://phpdelusions.net/pdo