Link to home
Start Free TrialLog in
Avatar of Sunny Jain
Sunny Jain

asked on

How to make user redirect to correct page on login

For my site, I am having trouble make the user redirect to the proper page using header("location: ... ");. Instead, on the log in, it redirects to the form's action: login.php. How do I make it so that the user is redirected to the correct page and not the php file that the login form uses?

Below is the HTML code (the form):
<h2>Log In</h2>
      <form method="POST" action="login.php">
            <input type="number" placeholder="student id" required name="studentid"><br>
            <input type="password" placeholder="password" required name="password"><br>
            <button type="submit" name="submit">Go</button>
</form>

Below is the relevant sections of the PHP:
$uid = mysqli_real_escape_string($conn, $_POST['studentid']);
$pwd = mysqli_real_escape_string($conn, $_POST['password']);

$sql = "SELECT * FROM users WHERE studentid='$uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);

//username check
if ($resultCheck < 1) {
      //redirect and exit
      } else {
            if ($row = mysqli_fetch_assoc($result)) {
                  //De-hashing the password
                  $hashedPwdCheck = password_verify($pwd,  $row['password']);
                        if ($hashedPwdCheck == false) {
                              //redirect and exit
                        } elseif ($hashedPwdCheck == true) {
                              //Log in the user here and get session variables
                              header("location: index.php?login=success");
                              exit();
                        }
                  }
            }
Avatar of Michelle Solangel Phillips
Michelle Solangel Phillips
Flag of Panama image

Good day,
Try using:

header ('Location:    '.$newURL);
die ();

For example:
<?php
header ('Location:  http://www.something.com/new_page.html');
die();
?>

Or you can use a function to help stablish some mechanism on the redirect if it doesn't load properly. You need to set it up correctly and maybe a little warning message could help letting the user know it will be redirected to the logging screen.

Hope it helps.
Avatar of kenfcamp
Your users are being sent back to the login.php form because you're sending them there

                  //Log in the user here and get session variables]

                              header("location: index.php?login=success");

Change the header location to where you want them to go as referenced above by Michelle, making sure you redirect "after" your session variables have been established
1. HTTP headers are not case-sensitive, but it's good practice to use proper-case like Michelle has in her example: "Location" rather than "location"

2. Just a note about this line:
$pwd = mysqli_real_escape_string($conn, $_POST['password']);

You're escaping the string prior to doing the password hash check. If the original value was not ALSO escaped prior to being hashed, then you could have some inconsistent hashing. Example:

Originally hashed "It's a wonderful life" to:
9dabbd0084c9c7bf77ff222eb8938a07

But on your login form, the value is escaped to "It\'s a wonderful life" which hashes to:
a4c0c8f5578ceecc45dfd611150f324e

Generally speaking, you shouldn't need to use mysqli_real_escape_string on the password if you're working with hashes. Even if there's an injection attempt using the password field, the raw password won't be used in a query.

3. Use var_dump() on your values after your password_verify call:
 $hashedPwdCheck = password_verify($pwd,  $row['password']);
var_dump($hashedPwdCheck);
var_dump($pwd);
var_dump($row['password']);
exit();

Open in new window


...and see if it will reach the intended destination in the code.
Oh sorry, I just realized you were using the standard password_verify() function. My point still stands about escaping, but ignore the part about the MD5 examples of hashing, since the password_hash() function takes care of that.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.