I have completed a login form and it works 100% on my WAMP server. However when I run it on a live server everything works 100%, apart from when I log in it does not redirect my page to the page it should (just displays a blank HTML page). It is however logged in, because if I enter the url of the page it should go, it displays like it should. The path to the file is correct. I hope my problem is clear. Here is the code for my login form:
<?php
include_once "includes/scripts.php";
session_start();
include_once ("includes/connect.php");
if(isset($_SESSION['logged_in'])) {
header('location: admin_cms.php');
exit();
} else {
if(isset($_POST['username'], $_POST['password'])) {
$username = $_POST['username'];
$password = md5($_POST['password']);
if(empty($username) or empty($password)) {
$error = '<p>NOTE: Fields are blank</p>';
} else {
$query = $pdo->prepare("SELECT * FROM users WHERE user_name = ? AND user_password =?");
$query->bindValue(1, $username);
$query->bindValue(2, $password);
$query->execute();
$num = $query->rowCount();
if($num == 1) {
$_SESSION['logged_in'] = true;
header('location: admin_cms.php');
exit();
} else {
$error = "<p>NOTE: The username or password is incorrect</p>";
}
}
}
?>
<div id="login_container">
<br><img src="images/camelhorst_logo_full.png" style="margin-top:38px;">
<h1>LOGIN<img src="images/three_column_grid_line.png" alt="line"></h1>
<form acton = "admin.php" method="post" autocompleate="off">
<label>Username:</label>
<input type="text" name="username" placeholder="Your Username" required autocomplete="off">
<label>Password:</label>
<input type="password" name="password" placeholder="Your Password" required autocomplete="off">
<input type="submit" value="Login" name="submit_login">
</form>
<?php
if(isset($error)) {
echo $error;
}
?>
<p id="copyright_admin"> © CAMELHORSE CREATIVE STUDIO 2013 </p>
</div><!--login_container-->
<?php
}
?>
</body>
</html>
Firstly, the
session_start()
must be at the very top of the page. There can be nothing, no whitespace before it.
Secondly,
if (empty($username) or empty($password)){
needs to be replaced with this
if (empty($username) || empty($password)){
Try that and see if it works
Also, this is a bit off topic and I'm sure that it's not what's causing your problem, but md5() is very outdated. Try using
sha1();
for encryption instead. sha1() is also a bit old, but it's better than md5().
This too, is kind of off topic. But, it seems notable. You have
if(isset($_POST['username'], $_POST['password'])) {
$username = $_POST['username'];
$password = md5($_POST['password']);
if(empty($username) or empty($password)){
$error = '<p>NOTE: Fields are blank</p>';
}
By default, md5 returns a 32 character hex number even if the value of what's being encrypted is empty. So, the condition
empty($password)
is kind of redundant. What's better to have is this:
if(isset($_POST['username'], $_POST['password'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$pass_enc = md5($_POST['password']);
if(empty($username) || empty($password)){
$error = '<p>NOTE: Fields are blank</p>';
}
change redirection to this.
echo "<script>window.location='admin_cms.php'<script>";
Most times, when your header() redirection fails, it is because there has been previous output (even a whitespace matters here), so you may need to be sure there has been no previous output on the file or any included files.
<?php include_once "includes/scripts.php"; ?>
include_once ("includes/connect.php");
NB: Any space outside the <?php ?> tags is considered output. E.g.
<?php ...some php code... '
//space below causes output to be written to html
?>
<?php
...more php code here...
?>
Iqbal Malik is right. you should use echo "window.location='admin_cms.php'";
for the redirection however if you want to keep the header() thing you must put
ob_start()
on top of the page, right under
session_start()
it will work like a charm.
edit: About the md5 / sha1 thing, Ijust started using:
hash("sha512", md5($password))
for my password encryption.