2

Why when I input the correct username and password, it not redirect to index.php but instead reloads login.php ?

Help me to fix the following code:

<?php
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST")
{
require_once('conn/conn.php');
$user=$_POST['user'];
$pass=md5($_POST['pass']);
$addonq = "WHERE username='".$user."' AND password='".$pass."'"; 
$user = $koneksi->prepare("SELECT * FROM user ".$addonq."");
$user->execute();
$row = $user->fetch(PDO::FETCH_ASSOC);

if(empty($row['username'])){

echo "Your Login Name or Password is invalid";

}else {
$_SESSION['login_user'] = $user;

header("location: index.php");
}
}
?>
<form action="" method="post">
<label>UserName :</label>
<input type="text" name="user"/><br />
<label>Password :</label>
<input type="password" name="pass"/><br/>
<input type="submit" value=" Submit "/><br />
</form>
Jonas Czech
  • 12,018
  • 6
  • 44
  • 65
FadLy
  • 107
  • 1
  • 9
  • 1
    Not an answer to your question, but: you should be using more than just md5 hashing for passwords. md5 is not secure. Your code also seems to be vulnerable to SQL injection. – Jonas Czech Mar 09 '16 at 16:07
  • ok, thanks for your suggestion – FadLy Mar 09 '16 at 16:21
  • I guess this answer will help you to resolve your issue. http://stackoverflow.com/questions/3553698/php-should-i-call-exit-after-calling-location-header – K Ahir Mar 09 '16 at 16:23

2 Answers2

1

You need to add exit(); after header() to terminate the current process.

header("location: index.php");
exit();
Tuan Duong
  • 515
  • 3
  • 7
0

Try this .. Modify this line

$user = $koneksi->prepare("SELECT * FROM user ".$addonq."");

to

$user = $koneksi->prepare("SELECT * FROM user ".$addonq);
Tom
  • 83
  • 9