So im having problem with code in php, it drives me crazy.. The thing is, i am making login page, and i have index.php, login.php and dashboard.php. Login form is in index.php, in login.php it checks if user is in database, and if it is redirect user to dashboard.php, but when i type right user and pass, it redirects me to index.php instead of dashboard.php??
login.php
<?php
session_start();
include($_SERVER['DOCUMENT_ROOT'] . "/new_cms/includes/db.php");
$username = $_POST['username'];
$password = $_POST['password'];
$btn = $_POST['submit'];
if(isset($btn)){
if(empty($username) || empty($password)){
echo "You must fill all fields";
}else{
$sql = "SELECT * FROM admins WHERE username = '$username' AND password = '$password'";
$query = mysqli_query($dbconn, $sql);
$rows = mysqli_num_rows($query);
if($rows > 0){
$_SESSION['usr'] = $rows['password'];
header("Location: dashboard.php");
}else{
echo "Invalid login";
}
}
}
?>
dashboad.php
<?php
session_start();
include($_SERVER["DOCUMENT_ROOT"] . "/new_cms/includes/db.php");
include($_SERVER["DOCUMENT_ROOT"] . "/new_cms/admin/login.php");
if(!isset($_SESSION['usr'])){
header("Location: index.php");
}else{
echo "Welcome";
}
?>
What am i doing wrong?
$rows is just a number, not an array, since you used mysqli_num_rows. Still you try to get $rows['password'].
instead, fetch the first row of the result and use this to assign to the session variable.
if(isset($btn)){
if(empty($username) || empty($password)){
echo "You must fill all fields";
}else{
$sql = "SELECT * FROM admins WHERE username = '$username' AND password = '$password'";
$query = mysqli_query($dbconn, $sql);
$rows = mysqli_num_rows($query);
if($rows > 0){
$user = mysqli_fetch_assoc($query);
$_SESSION['usr'] = $user['password'];
header("Location: dashboard.php");
}else{
echo "Invalid login";
}
}
}