1
<?php
if(array_key_exists("logIn",$_POST))
{
     $link = mysqli_connect("dbaddress", "dbname", "dbpassword", "dbuser");

    if(!$_POST['regno'])
    {
        $error .= "Please enter your registration number";
    }
    if(!$_POST['password'])
    {
        $error .= "Password is required!";
    }
    if($error!="")
    {
        echo "<p>There were errors in your forms!</p>".$error;
    }
    else
    {
                           $query = "SELECT * FROM `users` WHERE RegistrationNo = '".mysqli_real_escape_string($link, $_POST['regno'])."'";

                $result = mysqli_query($link, $query);

                $row = mysqli_fetch_array($result);

                if (isset($row)) {

                    $hashedPassword = md5(md5($row['id']).$_POST['password']);

                    if ($hashedPassword == $row['password']) {

                        $_SESSION['id'] = $row['id'];
                        header("Location: after_login.php");
                        } 
                    else {
           $error = "That email/password combination could not be found.";
                          }                   
                          } 
                    else {
            $error = "That email/password combination could not be found.";
                 }   
                }}
?>

    <form method="post">
<center><input type="text" placeholder="Enter Username" name="regno"      id="log_username" class="sidelog"/>
<input type="password"   placeholder="Enter Password" name="password"    id="real_pass" class="sidelog"/>
</br><button id="button_log" type="submit" name="logIn" > GO </button>    </center>
</form>

The page reloads whenever I fill the form and submit it. The header isn't working. I can't seem to figure out why.If i leave the form empty, the error string is showing up properly. I used md5 encryption for the password. I concatenated the md5 of id in the database with the password and md5 encrypted the resulting string.

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
Siddhartha rao
  • 487
  • 1
  • 4
  • 9
  • No `session_start()` at the beginning so you get redirected from `after_login.php`? And you should not use md5 to hash passwords, see http://stackoverflow.com/questions/401656/secure-hash-and-salt-for-php-passwords – jeroen Sep 22 '16 at 13:52
  • @jeroen That's there in the actual code. Didn't include that in the question. My bad – Siddhartha rao Sep 22 '16 at 13:57
  • By the way, you are not doing anything with your `$error` variable when the login fails. Add error handling and display php's errors. – jeroen Sep 22 '16 at 13:57
  • just FYI: md5 is not a secure hashing method. use `password_hash` and `password_verify` instead. – Franz Gleichmann Sep 22 '16 at 13:58

1 Answers1

0

Try this will may help you,

     if ($hashedPassword == $row['password']) {
           $_SESSION['id'] = $row['id'];
           header("Location: after_login.php");
           die();
     }
Keyur Chavda-kc1994
  • 1,045
  • 1
  • 13
  • 28