PHP HTML Login page

noobe1
noobe1 used Ask the Experts™
on
Hi Experts,
I was going thru a PHP tutorial on the following website :
http://www.php-mysql-tutorial.com/user-authentication/basic-authentication.php

Everything worked fine except that the login page (login.php) would not be directed to main.php, I've added the following code in between the "header" command:
echo XYZ;
echo 456;

After a user successfully logs in, the login.php displays XYZ456 instead of being directed to main.php.

Below is the code for login.php:

<?php
// we must never forget to start the session
session_start();

$errorMessage = '';
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
      include 'PHPLib/config.php';
      include 'PHPLib/opendb.php';
      
      $userId   = $_POST['txtUserId'];
      $password = $_POST['txtPassword'];
      
      // check if the user id and password combination exist in database
      $sql = "SELECT UserName
              FROM User
                  WHERE UserName = '$userId' AND PW =  '$password'";
      
      $result = mysql_query($sql) or die('Query failed. ' . mysql_error());
      
      if (mysql_num_rows($result) == 1) {
            // the user id and password match,
            // set the session
            $_SESSION['db_is_logged_in'] = true;
            
            // after login we move to the main page
echo XYZ;
               header("Location: main.php");
echo 456;
            exit;
      } else {
            
$errorMessage = $sql;

      }
      
      include 'library/closedb.php';
}
?>
<html>
<head>
<title>Basic Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<?php
if ($errorMessage != '') {
?>
<p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p>
<?php
}
?>
<form action="" method="post" name="frmLogin" id="frmLogin">
 <table width="400" border="1" align="center" cellpadding="2" cellspacing="2">
  <tr>
   <td width="150">User Id</td>
   <td><input name="txtUserId" type="text" id="txtUserId"></td>
  </tr>
  <tr>
   <td width="150">Password</td>
   <td><input name="txtPassword" type="password" id="txtPassword"></td>
  </tr>
  <tr>
   <td width="150">&nbsp;</td>
   <td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td>
  </tr>
 </table>
</form>
</body>
</html>


Thanks
noobe1
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2007

Commented:
the echo will disable the redirect. If you remove the two echo does the script works then?
also replace
      $userId   = $_POST['txtUserId'];
      $password = $_POST['txtPassword'];
with
      $userId   = mysql_real_escape_string($_POST['txtUserId']);
      $password = mysql_real_escape_string($_POST['txtPassword']);
to prevent sql injections.

Author

Commented:
Hi hernst42,
I've replaced the text as you instructed and removed the echo but the script still doesn't work.

Thanks.
Is your <?php on the very first line of the script, with no whitespace above it? header() will only work if there has been *nothing* output to the browser beforehand. Check for any output (blank lines before/after <? and ?>, or any echo/print statements) from your opendb.php and config.php as well.

Author

Commented:
Hi DrNikon,
There was a blank line in my opendb.php. Removing it solved the problem.
Thanks

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial