This is login code with session. Iam using bootstrap.The code is not redirecting to index.html, when I test it in Postman it works but it is not working in this bootstrap template. I didnt get the reason? Please Help
<?php
if($_SERVER["REQUEST_METHOD"]=="POST") {
$email=$_POST["email"];
$password=$_POST["password"];
$sql = "SELECT * FROM login where email='$email' and password='$password'";
$result = mysqli_query($conn,$sql);
$row=mysqli_fetch_array($result,MYSQLI_ASSOC);
$count = mysqli_num_rows($result);
if ($count>0) {
// output data of each row
if($row['admin_role']==1) {
//$_SESSION["email"]=$email;
//$_SESSION["id"]=$row['user_id'];
//echo "Login successfull";
header('Location: index.html');
exit;
}
} else {
echo "0 results";
}
}
?>
<div class="row">
<div class="col-xs-10 col-xs-offset-1 col-sm-8 col-sm-offset-2 col-md-4 col-md-offset-4">
<div class="login-panel panel panel-default">
<div class="panel-heading"> Admin Log in</div>
<div class="panel-body">
<form role="form">
<fieldset>
<div class="form-group">
<input class="form-control" placeholder="E-mail" name="email" type="email" autofocus="">
</div>
<div class="form-group">
<input class="form-control" placeholder="Password" name="password" type="password" value="">
</div>
<div class="checkbox">
<label>
<input name="remember" type="checkbox" value="Remember Me">Remember Me
</label>
</div>
<a href="" class="btn btn-primary">Login</a>
</fieldset>
</form>
</div>
</div>
</div><!-- /.col-->
</div><!-- /.row -->
Your form is a GET form, you need to set method="POST" on your <form> tag.
Other than that, your code is very vulnerable, you should be hashing the passwords in your database, and you should use PDO as it's more secure and you should also use prepared statements and turn off emulated ones with that.
Currently, your code is vulnerable to SQL injection, one of the most basic but the most dangerous security threats for a web application.
OverCoder was right, and by the way, you should check isset for two POST variables before assign value: if (isset($_POST["email"]) && isset($_POST["password"])) { //bla bla }
You forgot about submit button, you forgot about form method and type so: action="#" tell you that come on the same php file. And very important change this: $email=$_POST["email"]; on $email=strip_tags($_POST["email"]);
Read about strip_tags() function :)
<div class="row">
<div class="col-xs-10 col-xs-offset-1 col-sm-8 col-sm-offset-2 col-md-4 col-md-offset-4">
<div class="login-panel panel panel-default">
<div class="panel-heading"> Admin Log in</div>
<div class="panel-body">
<form role="form" action="#" method="post">
<fieldset>
<div class="form-group">
<input class="form-control" placeholder="E-mail" name="email" type="email" autofocus="">
</div>
<div class="form-group">
<input class="form-control" placeholder="Password" name="password" type="password" value="">
</div>
<div class="checkbox">
<label>
<input name="remember" type="checkbox" value="Remember Me">Remember Me
</label>
</div>
<button type="submit" class="btn btn-primary">Login</button>
</fieldset>
</form>
</div>
</div>
</div><!-- /.col-->
I think
Step1: You can set your form method with POST like as method="post" and use button type submit (not use anchor and type="button" is not work for data sent from form).Only used submit button.
Step2: You can use condition for input field is required to login. isset() is mean not empty data for field(PHP Function) and used && for both condition.
Step3: You need to start session(session_start()) if you can store data in session. Data can't store if you can't start session.
if(isset($_POST["email"]) && isset($_POST["password"])) {
$email = trim($_POST["email"]);
$password = trim($_POST["password"]);
$sql = "SELECT * FROM login where email='$email' and password='$password'";
$result = mysqli_query($conn,$sql);
$row=mysqli_fetch_array($result,MYSQLI_ASSOC);
$count = mysqli_num_rows($result);
if ($count>0) {
// output data of each row
if($row['admin_role']==1) {
//session_start();
//$_SESSION["email"] = $email;
//$_SESSION["id"] = $row['user_id'];
//echo "Login successfull";
header('Location: index.html');
}
} else {
echo "0 results";
}
}
<div class="row">
<div class="col-xs-10 col-xs-offset-1 col-sm-8 col-sm-offset-2 col-md-4 col-md-offset-4">
<div class="login-panel panel panel-default">
<div class="panel-heading"> Admin Log in</div>
<div class="panel-body">
<form role="form" action="" method="POST">
<fieldset>
<div class="form-group">
<input class="form-control" placeholder="E-mail" name="email" type="email" autofocus="">
</div>
<div class="form-group">
<input class="form-control" placeholder="Password" name="password" type="password" value="">
</div>
<div class="checkbox">
<label>
<input name="remember" type="checkbox" value="Remember Me">Remember Me
</label>
</div>
<button type="submit" class="btn btn-primary">Login</button>
</fieldset>
</form>
</div>
</div>
</div><!-- /.col-->
</div><!-- /.row -->