Am not able to login, the page just refreshes itself, what could be the problem?

index.php

<!DOCTYPE html>

    <head>
        <meta charset="UTF-8" />
        <!-- <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">  -->
        <title>CHURCH MANAGER</title>
        <meta name="viewport" content="width=device-width, initial-scale=1.0"> 
        <meta name="description" content="Church Manager" />
        <meta name="keywords" content="Church, Manager, Member registration, Donation, Tithe Manager" />
        <meta name="author" content="Codrops" />
        <link rel="shortcut icon" href="../favicon.ico"> 
        <link rel="stylesheet" type="text/css" href="css/demo.css" />
        <link rel="stylesheet" type="text/css" href="css/style3.css" />
		<link rel="stylesheet" type="text/css" href="css/animate-custom.css" />
    </head>
    <body>
        <div class="container">
            <!-- Codrops top bar -->
            <div class="codrops-top">
               
               
                <div class="clr"></div>
            </div><!--/ Codrops top bar -->
            <header>
                <h1>CHURCH MANAGER <span>ACCESS POINT</span></h1>
				
            </header>
            <section>				
                <div id="container_demo" >
                    <!-- hidden anchor to stop jump http://www.css3create.com/Astuce-Empecher-le-scroll-avec-l-utilisation-de-target#wrap4  -->
                    <a class="hiddenanchor" id="toregister"></a>
                    <a class="hiddenanchor" id="tologin"></a>
                    <div id="wrapper">
                        <div id="login" class="animate form">
                            <form  action="login.php" method="POST" autocomplete="on"> 
                                <h1>Log in</h1> 
                                <p> 
                                    <label for="username" class="uname" data-icon="u" > Username </label>
                                    <input id="username" name="username" required="required" type="text" placeholder="Mobile Number"/>
                                </p>
                                <p> 
                                    <label for="password" class="youpasswd" data-icon="p"> Your password </label>
                                    <input id="password" name="password" required="required" type="password" placeholder="eg. X8df!90EO" /> 
                                </p>
                                <p class="keeplogin"> 
									<input type="checkbox" name="loginkeeping" id="loginkeeping" value="loginkeeping" /> 
									<label for="loginkeeping">Keep me logged in</label>
								</p>
                                <p class="login button"> 
                                    <input type="submit" value="Login"  name="login"/> 
								</p>
                                <p class="change_link">
									Not a member yet ?
									<a href="#toregister" class="to_register">Join us</a>
								</p>
                            </form>
                        </div>

                        <div id="register" class="animate form">
                            <form  action="reg.php" method="POST" autocomplete="on"> 
                                <h1> Sign up </h1> 
                                <p> 
                                    <label for="usernamesignup" class="uname" data-icon="u">First Name</label>
                                    <input id="usernamesignup" name="fname" required="required" type="text" placeholder="John" />
                                </p>
                                <p> 
                                    <label for="usernamesignup" class="uname" data-icon="u" > Middle Name</label>
                                    <input id="usernamesignup" name="sname" required="required" type="text" placeholder="Doe"/> 
                                </p>
								<p> 
                                    <label for="usernamesignup" class="uname" data-icon="u">Last Name</label>
                                    <input id="usernamesignup" name="lname" required="required" type="text" placeholder="John" />
                                </p>
								<p> 
                                    <label for="usernamesignup" class="uname" data-icon="u">Gender</label>
                                    
									 <select name="gender" id="usernamesignup" required="required" type="text">
  <option value="Select Gender">Select Gender</option>
  <option value="Male">Male</option>
  <option value="Female">Female</option>

</select> 
                                </p>
								<p> 
                                    <label for="usernamesignup" class="uname" data-icon="u">Date Of Birth</label>
                                    <input id="usernamesignup" type="date" name="birthday" min="1900-01-02" />
                                </p>
								<p> 
                                    <label for="usernamesignup" class="uname" data-icon="u">Residence</label>
                                    <input id="usernamesignup" name="residence" required="required" type="text" placeholder="Huruma" />
                                </p>
								<p> 
                                    <label for="usernamesignup" class="uname" data-icon="u">Place of Birth</label>
                                    <input id="usernamesignup" name="pob" required="required" type="text" placeholder="Kirinyaga" />
                                </p>
								<p> 
                                    <label for="usernamesignup" class="uname" data-icon="u">Ministry</label>
                                    <select name="ministry" id="usernamesignup" required="required" type="text">
  <option value="None">None</option>
  <option value="Praise and Worship">Praise and Worship</option>
  <option value="Ushering">Ushering</option>
  <option value="Hostessing">Hostessing</option>
  <option value="Media and IT">Media and IT</option>
  <option value="Sunday School">Sunday School</option>
</select> 
                                </p>
								 <p> 
                                    <label for="emailsignup" class="youmail" data-icon="e" > Your email</label>
                                    <input id="emailsignup" name="email" required="required" type="email" placeholder="mysupermail@mail.com"/> 
                                </p>
                                <p> 
                                    <label for="passwordsignup" class="youpasswd" data-icon="p">Mobile Number </label>
                                    <input id="passwordsignup" name="mobile" required="required" type="text" placeholder="eg.0700000000"/>
                                </p>
                                <p> 
                                    <label for="passwordsignup_confirm" class="youpasswd" data-icon="p">Password </label>
                                    <input id="passwordsignup_confirm" name="password" required="required" type="password" placeholder="eg. X8df!90EO"/>
                                </p>
                                <p class="signin button"> 
									<input type="submit" value="Sign up" name="submit"/> 
								</p>
                                <p class="change_link">  
									Already a member ?
									<a href="#tologin" class="to_register"> Go and log in </a>
								</p>
                            </form>
                        </div>
						
                    </div>
                </div>  
            </section>
        </div>
    </body>
</html>

Open in new window


login.php

<?php
$host="localhost";
		$uname="root";
		$pas="";
		$db_name="cman";
		$tbl_name="members";
		
		$link = mysqli_connect($host, $uname, $pas, $db_name) or die ("cannot connect");
		$select_db_result = mysqli_select_db($link, $db_name);
		?>
<?php
if (isset($_POST['login'])){

$username=$_POST['username'];
$password=$_POST['password'];

$login_query=mysqli_query("select * from members where mobile='$username' and password='$password'");
$count=mysqli_num_rows($login_query);
$row=mysqli_fetch_array($login_query);


if ($count > 0){
session_start();
$_SESSION['id']=$row['id'];
header('location:members/dashboard.php');

}else{
	header('location:index.php');
}
}
?>

Open in new window


reg.php

<?php
error_reporting(0);
 $db = mysql_select_db('cman',@mysql_connect('localhost','root','')); ?>
<?php
if (isset($_POST['submit'])){
$fname = $_POST['fname'];
$sname = $_POST['sname'];
$lname = $_POST['lname'];
$Gender = $_POST['gender'];
$birthday = $_POST['birthday'];
$residence= $_POST['residence'];
$pob = $_POST['pob'];
$ministry = $_POST['ministry'];
$mobile= $_POST['mobile'];
$email= $_POST['email'];
$password = $_POST['password'];


$query = @mysql_query("select * from members where  mobile = '$mobile'  ")or die(mysql_error());
$count = mysql_num_rows($query);

if ($count > 0){ ?>
<script>
alert('This Member Already Exists');
window.location = "index.php";
</script>
<?php
}else{
mysql_query("insert into members (fname,sname,lname,Gender,birthday,residence,pob,ministry,mobile,email,thumbnail,password,id) 
values('$fname','$sname','$lname','$Gender','$birthday','$residence','$pob','$ministry','$mobile','$email','uploads/none.png','$password','$mobile')")or die(mysql_error());

mysql_query("insert into activity_log (date,username,action) values(NOW(),'$admin_username','Added member $mobile')")or die(mysql_error());
?>
<script>
window.location = "index.php";
$.jGrowl("Member Successfully added", { header: 'Member add' });
</script>
<?php
}
}
?>

Open in new window

Anita CoertezAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Anita CoertezAuthor Commented:
i love this platform, questions are really answered. thanks alot
gr8gonzoConsultantCommented:
There are several issues with your code.

1. You are correctly using "mysqli_" functions in your login.php file, but you are still using the old "mysql_" functions in your reg.php file. Update your reg.php file to use mysqli, too.


2. Your login.php and reg.php files both have queries that are vulnerable to SQL injection. Please read my article on how to avoid this:
https://www.experts-exchange.com/articles/1263/5-Steps-to-Securing-Your-Web-Application.html


3. When using mysqli, you have to pass the database connection as the first parameter of your query:

$link = mysqli_connect(....);
...
$result = mysqli_query($link, "query here");


4. When using header() to redirect, always add an exit() afterwards. If you don't, then you might end up accidentally running more code afterwards in the page. Example:
header("Location: newpage.php");
exit();


5. Only attempt to fetch the row if you have results that have come back:
  $login_query=mysqli_query($link, "select * from members where mobile='$username' and password='$password'");
 // $row=mysqli_fetch_array($login_query); // <-- Commented out because this will throw an error if the query isn't successful.

  if (mysqli_num_rows($login_query) > 0)
  {
   $row=mysqli_fetch_array($login_query); // <-- Added the fetch here instead, after we KNOW that there are rows returned.



6. You should have session_start() at the TOP of every single page. Even though it sounds like it's only STARTING a session, it's actually used to CONTINUE the existing session, too. It's also important that NO OTHER CONTENT (including any whitespace or line breaks outside of the PHP section) is present before you run session_start() or else it won't work. Because of this, most people have a header.php file that is included at the top of every single page, and that header file will usually do a session_start() and also connect to the database. Then you use require() to bring that code into your other pages:

header.php
<?php
// Enable sessions
session_start();

// Connect to the database
$host="localhost";
$uname="root";
$pas="";
$db_name="cman";
$tbl_name="members";
$link = mysqli_connect($host, $uname, $pas, $db_name) or die ("cannot connect");
$select_db_result = mysqli_select_db($link, $db_name);

Open in new window


index.php
<?php
// Enable the session and connect to the database
require("header.php");
?>
...html here...

Open in new window


login.php
<?php
// Enable the session and connect to the database
require("header.php");

if (isset($_POST['login']))
{
  $username=$_POST['username'];
  $password=$_POST['password'];

  // IMPORTANT - REMEMBER TO READ MY ARTICLE ON SQL INJECTION AND HOW TO FIX IT HERE!!!

  $login_query=mysqli_query($link, "select * from members where mobile='$username' and password='$password'");

  if (mysqli_num_rows($login_query) > 0)
  {
    $row=mysqli_fetch_array($login_query);
    $_SESSION['id']=$row['id'];
    header('Location: members/dashboard.php');
    exit();
}else{
	header('Location: index.php');
        exit();
}
}

Open in new window


reg.php
<?php
// Enable the session and connect to the database
require("header.php");

...rest of the reg code here...

Open in new window

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.