I’m trying to get a login on a website where it connects to the database, checks against it, but the redirect isn’t working (login.php to loggedin.php). I am appalling at proof reading my own code and have been going round in circles for a while. If someone could assist I would be very grateful! Thank you in advance.
Login_page.inc.php
<?php # Script 11.1 - login_page.inc.php
// this page prints any errors associated with logging in
//and creates te entire login page, including the fom
//include the header:
$page_title = 'Login';
include ('includes/header.html');
//print any error messages if they exist:
if (!empty($errors))
{
echo '<h1>Error!</h1>
<p class="error">The following error(s) occurred:</br>';
foreach ($errors as $msg)
{
echo "- $msg</br>\n";
}
echo '</p><p>Please try again.</p>';
}
//display form
?>
<h1>Login</h1>
<form action=login.php" method="post">
<p>Email Address: <input type="text" name="email" size="20" maxlength="80"/></p>
<p>Password: <input type="password" name="pass" size="20" maxlength="20"/></p>
<p><input type="submit" name="submit" value="Login"/></p>
<input type="hidden" name="submitted" value="TRUE"/>
</form>
<?php //include the footer:
include ('includes/footer.html');
?>
Loggedin.php
<?php # loggedin.php
//this is where the user is directed from login.php
session_start();
//if no cookie is present redirect the user:
//if (!isset($_COOKIE['user_id']))
if (!isset($_SESSION['user_id']))
{
//the functions need to create an absolute url
require_once ('includes/login_functions.inc.php');
$url = absolute_url();
header("Location: $url");
exit(); //exit script
}
//set the page title and include the header
$page_title = 'Logged in.';
include ('includes/header.html');
//welcome message
echo "<h1>Logged in!</h1>
<p>You have successfully logged in, {$_SESSION['first_name']}!</p>
<p><a href=\"logout.php\">Logout</a></p>";
include ('includes/footer.html');
?>
Login.php
<?php # login.php
//this page processes the login form submission
//upon successful login the user's redirected
//two include files are needed for this
//send nothing to the web browser prior to the setcookie() lines
//check if the form has been submitted:
if (isset($_POST['submitted']))
{
//for processing the login:
require_once ('includes/login_functions.inc.php');
//need the database connection:
require_once ('includes/mysqli_connect.php');
//check the login
list ($check, $data) = check_login($dbc, $_POST['email'], $_POST['pass']);
if($check)
{
/*ok, set cookies to last one hour after it is set
setcookie ('user_id', $data ['user_id'], time()+3600, '/', '', 0, 0);
setcookie ('first_name', $data ['first_name'], time()+3600, '/', '', 0, 0);*/
session_start();
$_SESSION['user_id'] = $data['user_id'];
$_SESSION['first_name'] = $data['first_name'];
//redirect
$url = absolute_url ('loggedin.php');
header("Location: $url");
exit(); //quit the script
}
else
{
//assign errors to $data for error reporting in the login_page.inc.php
$errors = $data;
}
mysqli_close($dbc); //close the database connection
} //end of main submit condition
include ('includes/login_page.inc.php');
?>
Login_functions.php
<?php #- login_functions.inc.php
//this page defines two functions used by the login/logout process.
/*this function determines and returns an absolte URL
*takes one argument: the page that concludes the URL
*the arguement defaults to index.php
*/
function absolute_url ($page = 'index.php')
{
//start defining the URL. . .
//URL is http:// plus the host name plus current directory:
$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
//remove any trailing slashes:
$url = rtrim($url, '/\\');
//adding the page. . .
$url.= '/' . $page;
//return to the url
return $url;
} //end of the absolute_url function
/* this function validates the form data (the email address and password)
*if both are present the database is queried
*this function requires a database connection
* the function returns an array of information. including:
* - a TRUE or FALSE variable indicating a success or failure
* - an array of either errors or the database return result
*/
function check_login($dbc, $email = '', $pass = '')
{
$errors = array(); //starting error array
//validate email address
if (empty($email))
{
$errors[] = 'You forgot to enter your email address.';
}
else
{
$e = mysqli_real_escape_string($dbc, trim($email));
}
//validate the password
if (empty($pass))
{
$errors[] = 'You forgot to enter your password.';
}
else
{
$p = mysqli_real_escape_string($dbc, trim($pass));
}
if (empty($errors))
{
/*if everything's okay
*retrieve the user_id and the first_name for that
*email+password combination:
*/
$q = "SELECT user_id, first_name FROM site_users WHERE email='$e' AND pass=SHA1('$p')";
$r = @mysqli_query ($dbc, $q); //run the query
//check the result and making sure that both fields are in the same row
if(mysqli_num_rows($r) ==1)
{
//fetch the record
$row = mysqli_fetch_array ($r, MYSQLI_ASSOC);
//return true and the record:
return array(true, $row);
}
else
{
//not a match
$errors[] = 'The email address and password entered do not match those on file.';
}
}//end of empty($errors) IF.
//return false and the errors:
return array(false, $errors);
} //end of check_login() function
?>
The issue was within the SHA1 talking to the database, where by SHA1 is a (40) strong and the database was set to (20). An annoying issue but it has not been resolved. Var_dump was used to talk to the database to prove that the information being entered was correct, it did however show that the password held in the database was (20) and the password entered for login was (40).