<html>
<div class="panel-body">
<form method="post" action="index.php">
<div class="form-group">
<input class="form-control" placeholder="username" name="username" type="text" autofocus>
</div>
<div class="form-group">
<input class="form-control" placeholder="password" name="password" type="password" value="">
</div>
<input type='submit' name="submit" value='Login'>
</form>
<?php
if(isset($_POST['submit']))
{
$username = sanitize($_POST['username']);
$password = sanitize($_POST['password']);
if($username && $password)
{
$query = mysql_query("SELECT Name, Password FROM users WHERE Name = '$username' LIMIT 1");
if(mysql_num_rows($query) == 1)
{
while($row = mysql_fetch_assoc($query))
{
$dbusername = $row['Name'];
$dbpassword = $row['Password'];
}
$somename = hash( 'whirlpool', $password);
$somename = strtoupper($somename);
if($username == $dbusername && $somename == $dbpassword)
{
$_SESSION['username'] = $dbusername;
header('location: /pcp/home.php');
}
else $error = "Wrong password!";
}
else $error = "Username doesn't exist!";
}
else $error = "Type name and password!";
}
?>
</div>
</html>
When I submit the button with correct password and user, it doesn't go to home.php but when I reload, it goes.
It's using bootstrap, is this the reason why? If so or not, could you help me fix it.
If you want to add your php code together with form elements, you need to write
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" >
or not. Simply separate form page & php page. It means that
index.php
<html>
<div class="panel-body">
<form method="post" action="check.php">
<div class="form-group">
<input class="form-control" placeholder="username" name="username" type="text" autofocus>
</div>
<div class="form-group">
<input class="form-control" placeholder="password" name="password" type="password" value="">
</div>
<input type='submit' name="submit" value='Login'>
</form>
</div>
</html>
ckeck.php
<?php
if(isset($_POST['submit']))
{
$username = sanitize($_POST['username']);
$password = sanitize($_POST['password']);
if($username && $password)
{
$query = mysql_query("SELECT Name, Password FROM users WHERE Name = '$username' LIMIT 1");
if(mysql_num_rows($query) == 1)
{
while($row = mysql_fetch_assoc($query))
{
$dbusername = $row['Name'];
$dbpassword = $row['Password'];
}
$somename = hash( 'whirlpool', $password);
$somename = strtoupper($somename);
if($username == $dbusername && $somename == $dbpassword)
{
$_SESSION['username'] = $dbusername;
header('location: /pcp/home.php');
}
else $error = "Wrong password!";
}
else $error = "Username doesn't exist!";
}
else $error = "Type name and password!";
}
?>