PHP login Script Generate Session But Not Header() Move to Home page

Question

PHP login Script Generate Session But Not Header() Move to Home page.

<?php
session_start();
$message="";
if(isset($_REQUEST['submit'])) {
    if(count($_POST)>0) {
        $username=$_POST["user_name"];
        $password=$_POST["password"];
        if(!empty($username) && !empty($password)){
            //include  connection file
            require_once "connection.php";
            $sql="SELECT * FROM `admin_users` WHERE `admin_user` LIKE  'username' AND `admin_pass`LIKE'$password'";
            $result = mysqli_query($con,$sql);
            $row=mysqli_fetch_row($result);
            if(is_array($row)) {
                $_SESSION["user_id"] = $row[0];
                $_SESSION["admin_name"] = $row[1];
                $_SESSION["type"]="admin_map";

                mysql_close($dbhandle);
            } else {
                $message = "Invalid Username or Password!";
            }
        }
        if(isset($_SESSION["user_id"]) &&  isset($_SESSION["admin_name"]) &&  isset($_SESSION["admin_name"])=="admin@map") {
            header("Location:user_dashboard.php");
        }
    }
    else{
        $message = "Fill All Fields!";
    }
}
?>

Have you tried `header("Location: /user_dashboard.php");` See http://stackoverflow.com/a/25241503/1604068 — Sevvlor, Feb 14 '16 at 10:17

devpro · Accepted Answer · 2016-02-14T11:22:14.970

1

First of all add spaces in your query. And you are missing $ sign before username $username.

$sql="SELECT * FROM `admin_users` WHERE `admin_user` LIKE '$username' AND `admin_pass` LIKE '$password'";

I don't know why are you using LIKE in Login form. This must be check with = operator. (Just Suggestion)

Main issue in your code is that you are using mysqli_* extension and using mysql_close() for closing database connection.

mysql_close($dbhandle);

This should be

mysqli_close($dbhandle);

but use connection close at the end of your PHP script not between.

edited Feb 14 '16 at 11:22

answered Feb 14 '16 at 10:37

devpro

16,184
3
27
38

I would also **strongly** recommend using `mysqli_real_escape_string()` because you're leaving this query wide open to SQL-injection attacks. http://php.net/manual/en/mysqli.real-escape-string.php#example-1905 – Sevvlor Feb 14 '16 at 16:56
@sevvlor yes u r right. Code open for SQL injection – devpro Feb 14 '16 at 17:02

score 0 · Answer 2 · answered Feb 14 '16 at 10:19

0

change

header("Location:user_dashboard.php");

to

echo "<script>window.locaion='user_dashboard.php'</script>"

or add ob_start()in first line of code

answered Feb 14 '16 at 10:19

paranoid

6,799
19
49
86

1

firstly there is a typo in the suggested javascript and secondly this is not a good idea – Professor Abronsius Feb 14 '16 at 10:25

PHP login Script Generate Session But Not Header() Move to Home page

2 Answers2