I have a login form that when submitted; redirects back to the login page.

Question

0

Asked: May 30, 20262026-05-30T10:25:27+00:00 2026-05-30T10:25:27+00:00

I have a login form that when submitted; redirects back to the login page.

0

I have a login form that when submitted; redirects back to the login page. I can’t seem to find any syntax errors so I think I must be truly missing out on something vital to a login form. Here is the code.

login.php:

<?
require ('../includes/config.inc.php');
if ($_POST['act'] == "Insert") {
    #// Additional security check
    $RR = mysql_query("SELECT id from BPLA_adminusers");
    if (mysql_num_rows($RR) > 0) {
        print "Fatal error: user cannot be inserted - one or more administrators are already present in the database.<a href=login.php>login page</a>";
        exit ;
    }
    $md5_pass = md5($MD5_PREFIX . $_POST['password']);
    echo $query = "insert into BPLA_adminusers values (10,'$_POST[username]', '$md5_pass', '20011224', '20020110093458', 1)";
    $result = @mysql_query($query);
    #// Redirect
    Header("Location: login.php");
    exit ;
}
$query = "select MAX(id) from BPLA_adminusers";
$result = @mysql_query($query);
while ($row = mysql_fetch_row($result)) {
    $id = $row[0] + 1;
}
?>
<?
if($id==1) {
$id=0;
?>
<form name="login" data-ajax="false" action="login.php" method="post">
    <span><? print $ERR;?></span>
    <label for="<? print "Username";?>"><? print "Username";?></label>
    <input type="text" name="username" />
    <label for="<? print "Password";?>"><? print "Password";?></label>
    <input type="password" name="password" />
    <input type="submit" name="action" value="<? echo $MSG_5204;?>">
</form>
<?
} else {
$id=1;
#//
if($_POST[action] == "login") {
if(strlen($_POST[username]) == 0 || strlen($_POST[password]) == 0) {
$ERR = $ERR_047;
} else {
$query = "select * from BPLA_adminusers where username='$_POST[username]' and password='".md5($MD5_PREFIX.$_POST[password])."'";
$res = @mysql_query($query);
if(!$res) {
print "Error: $query<BR>".mysql_error();
exit;
}
if(mysql_num_rows($res) == 0) {
$ERR = $ERR_048;
} else {
$admin = mysql_fetch_array($res);
#// Set sessions vars
$BPLowbidAuction_ADMIN_LOGIN = $admin[id];
$BPLowbidAuction_ADMIN_USER = $admin[username];
$_SESSION["BPLowbidAuction_ADMIN_LOGIN"]=$BPLowbidAuction_ADMIN_LOGIN;
$_SESSION["BPLowbidAuction_ADMIN_USER"]=$BPLowbidAuction_ADMIN_USER;
#// Update last login information for this user
$query = "update BPLA_adminusers set lastlogin='".date("YmdHis")."' where username='$admin[username]'";
$rr = mysql_query($query);
if(!$rr) {
print "Error: $query<BR>".mysql_error();
exit;
}
#// Redirect
print "<SCRIPT Language=Javascript>
parent.location.href='index.php';
</SCRIPT>";
//Header("Location: home.php");
exit;
}
}
}
?>
<? if(!$act || ($act && $ERR)) {
?>
<form name="login" data-ajax="false" action="login.php" method="post">
    <span><? print $ERR;?></span>
    <label for="<? print "Username";?>"><? print "Username";?></label>
    <input type="text" name=username />
    <label for="<? print "Password";?>"><? print "Password";?></label>
    <INPUT TYPE=password name=password />
    <input type="submit" NAME="action" VALUE="login">
</form>
<?  }?>
<?  }
    require("./footer.php");
?>

This code is being placed within index.php and is being used in an if/else statement to redirect to index.php again when it’s submitted.

index.php:

<?
require ('../includes/config.inc.php');
include ('bar.php');
if (!empty($_SESSION['BPLowbidAuction_ADMIN_LOGIN'])) {
    include ('home.installation.php');
} else {
    include ('login.php');
}
?>

The problem is that the login form first redirects to “login.php” and then back to “index.php” where the login form code is shown as if I never logged in. “bar.php” is just the header and the menu of the page and “home.installation.php” is just the home page that actually supposed to be shown.