First: Code!
loginform.html
<form action="" method="post" id="loginform">
<h3>Login</h3>
<input type="text" name="username" placeholder="Username">
<br>
<br>
<input type="password" name="password" placeholder="Password">
<br>
<input type="submit" name="logsubmit" value="Login" class="registerbutton">
</form>
login.php
<?php
require_once("../resources/config.php");
require_once("../resources/library/dbconnect.php");
function checkUser($con) {
if (isset($_POST['username']) && isset($_POST['password'])){
$username = $_POST['username'];
$pw = md5($_POST['password']);
$sql="SELECT * FROM `users` WHERE username='$username' and pw='$pw'";
$result = mysqli_query($con, $sql);
$row = mysqli_fetch_assoc($result);
if ($result==true && $username == $row["username"] && $pw==$row["pw"]) {
$_SESSION["logged_in"] = 1;
$_SESSION["admin"] = $row["admin"];
$_SESSION["username"] = $row["username"];
}
else {
$msg = "Das war nichts! Passwort oder Username falsch? <br>".mysqli_error($con);
unset($_SESSION["logged_in"]);
}
}
}
checkUser($connection);
header('location: ../public_html/index.php');
exit;
?>
index.php
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Barstone</title>
<link rel="stylesheet" href="css/default.php" type="text/css">
<link href='http://fonts.googleapis.com/css?family=Bitter:700&subset=latin,latin-ext' rel='stylesheet' type='text/css'>
</head>
<body>
<?php require_once("../resources/config.php");
require_once("../resources/library/header_nav.php");?>
<div class="pagewrapper">
<div class="register-container">
<?php if(!isset($_SESSION['logged_in']) || !isset($_POST['regsubmit']))
{require_once("../resources/library/registerform.php");}
if (isset($_POST['regsubmit']) && $_SESSION['register_check']==true) {printf("Success! Welcome %s!",$_POST['username']);}
?>
</div>
<div class="login-container">
<?php if (isset($_SESSION['logged_in'])) { printf ("<form action='../resources/library/logout.php' method='post' id='loginform'><h3> Hello %s! </h3> Nice to see you!<input type='submit' class='logoutbutton' value='logout'> </form>",$_SESSION["username"]);
}?>
<?php if (isset($_POST["logsubmit"])) {require_once("../resources/library/login.php");
}
else { if (!isset($_SESSION['username'])) {require_once("../resources/library/loginform.html");}}
?>
</div>
<div class="content">
<?php require_once("../resources/library/articles.php");?>
</div>
</div>
</body>
</html>
relevant index.php part
{printf ("<form action='../resources/library/logout.php' method='post' id='loginform'>
<h3> Hello %s!</h3> Nice to see you!
<input type='submit' class='logoutbutton' value='logout'>
</form>",$_SESSION["username"]);}
?>
<?php if (isset($_POST["logsubmit"])) {require_once("../resources/library/login.php");}
else {if (!isset($_SESSION['username']))
{require_once("../resources/library/loginform.html");}
}?>
</div>
What this is supposed to do:
If the user is not logged in, show the loginform.html. If the login button got pressed, use the login.php to log the user in.
After someone has used the login-form to log in to the website, it displays a little welcome message and a new button for logout purposes.
What this does:
Displaying the login form works fine.
After someone logged in, it displays nothing. But after reloading the page, the button is there and works fine.
The $_SESSION['logged_in'] variable is set with the login, but why does the page need another reload to interpret this statement correctly?
I admit that the way I do it isn't necessarily 'best practice' and I am open for any advice. Still learning. :)
For testing: http://hsturnierv2.pixelpioniere.net/public_html/index.php login as "test" with pw "test"
The problem is most probably the fact that you have
header('location: ../public_html/index.php');
instead of:
header('Location: ../public_html/index.php');
in login.php. It should have a capital L. It doesn't and you get no redirection, thus the blank page ...
UPDATE
So you redirect ok but your script dies for some reason. It is not a logical error rather a fatal script error that kills your script before it can output anything more ... Your code is:
<?php if (isset($_SESSION['logged_in']))
{
printf ("<form action='../resources/library/logout.php' method='post' id='loginform'>
<h3> Hello %s!</h3> Nice to see you!
<input type='submit' class='logoutbutton' value='logout'>
</form>",$_SESSION["username"]);
}
?>
<?php if (isset($_POST["logsubmit"]))
{
require_once("../resources/library/login.php");
}else
{
if (!isset($_SESSION['username'])) {require_once("../resources/library/loginform.html");
}
}
?>
So i got it. When someone is actually logging in index.php requires a login.php which when done sends a relocation header and exits. But the output has already started! you have already half of the page out! So the header issues an error (which is not displayed probably due to php.ini settings) and then exits. Therefore you get half a page.
You should change your index.php code to:
<?php
session_start();
if (isset($_POST["logsubmit"]))
{
require_once("../resources/library/login.php");
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Barstone</title>
<link rel="stylesheet" href="css/default.php" type="text/css">
<link href='http://fonts.googleapis.com/css?family=Bitter:700&subset=latin,latin-ext' rel='stylesheet' type='text/css'>
</head>
<body>
<?php require_once("../resources/config.php");
require_once("../resources/library/header_nav.php");?>
<div class="pagewrapper">
<div class="register-container">
<?php if(!isset($_SESSION['logged_in']) || !isset($_POST['regsubmit']))
{
if (isset($msg)) echo $msg .'<br>';
require_once("../resources/library/registerform.php");}
if (isset($_POST['regsubmit']) && $_SESSION['register_check']==true) {printf("Success! Welcome %s!",$_POST['username']);}
?>
</div>
<div class="login-container">
<?php if (isset($_SESSION['logged_in'])) { printf ("<form action='../resources/library/logout.php' method='post' id='loginform'><h3> Hello %s! </h3> Nice to see you!<input type='submit' class='logoutbutton' value='logout'> </form>",$_SESSION["username"]);
}else { if (!isset($_SESSION['username'])) {require_once("../resources/library/loginform.html");}}
?>
</div>
<div class="content">
<?php require_once("../resources/library/articles.php");?>
</div>
</div>
</body>
</html>
This prevents output before header and also shows the error if you enter wrong credentials. Then you should also change your login.php file so that it doesn't redirect every time, rather only if the login was successful, like so:
<?php
require_once("../resources/config.php");
require_once("../resources/library/dbconnect.php");
function checkUser($con) {
if (isset($_POST['username']) && isset($_POST['password'])){
$username = $_POST['username'];
$pw = md5($_POST['password']);
$sql="SELECT * FROM `users` WHERE username='$username' and pw='$pw'";
$result = mysqli_query($con, $sql);
$row = mysqli_fetch_assoc($result);
if ($result==true && $username == $row["username"] && $pw==$row["pw"]) {
$_SESSION["logged_in"] = 1;
$_SESSION["admin"] = $row["admin"];
$_SESSION["username"] = $row["username"];
$msg='OK';
}
else {
$msg = "Das war nichts! Passwort oder Username falsch? <br>".mysqli_error($con);
unset($_SESSION["logged_in"]);
}
}
return $msg
}
$result = checkUser($connection);
if ($msg=='OK')
{
header('location: ../public_html/index.php');
exit;
}
?>
Well what you are doing basically:
<?php if (isset($_SESSION['logged_in']))
// output something
?>
<?php
if (isset($_POST["logsubmit"])) {
// process login with login.php
} else {
if (!isset($_SESSION['username'])) {
//display login form
}
?>
Okay what happens here...
User visits site for the first time. ( Is not logged in and has not submitted login form)
$_SESSION['logged_in'] is not set and // output something not reached
$_POST['logsubmit'] is not set and also $_SESSION ['username'] is not set so the login form is displayed
User submits Loginform $_SESSION['logged_in'] is not set and // output something not reached
$_POST['logsubmit'] is set and login.php is called If you have no output in login.php the page stays blank. I assume you set the session vars in login.php
User reloads the page after login $_SESSION['logged_in'] is set now -> you reach // output something
I personally would handle the login in a seperate file:
<?php
if(!isset($_SESSION['logged_in'])) {
// redirect to login.php
}
?>
// here comes the content when user is logged in
in login.php:
<?php
if(isset($_POST['logsubmit']) {
// handle login and redirect to page that needs login if successfull
}
if($loginError) { // print login errors }
// print login form
?>
Edit: don't forget session_start() ( In included files session_start() is not neccessary)