-4

I have the following login form which is connected to a database:

    <form action="login.php;" method="post">
        <input type="text" name="username" placeholder="Username">
        <input type="password" name="password" placeholder="********">
        <input type="submit" name="login" value="Log In">
    </form>

When I submit the form by entering a valid login, the page reloads and a pop up I made says "Logged In" - I am now logged in. However, I'd like for the page to navigate to the user's profile after the successful validation. At the moment, I have to write in the url manually.

Changing the form 'action' from 'login.php' to 'myaccount.php' does not log the user in. Is there a way to do it so that the user is logged in and redirected?

Using PHP/Html/CSS, Javascript. Any advice would be appreciated!

P.S. Here is the PHP for the login page:

<?php 
if (isset($_POST['login'])) {
      $username = $_POST['username'];
      $password = $_POST['password'];
      if (DB::query('SELECT username FROM users WHERE username=:username', array(':username'=>$username))) {
            if (password_verify($password, DB::query('SELECT password FROM users WHERE username=:username', array(':username'=>$username))[0]['password'])) {
            echo "<div class=\"right\">Logged in!</div>";
                    $cstrong = True;
                    $token = bin2hex(openssl_random_pseudo_bytes(64, $cstrong));
                    $user_id = DB::query('SELECT id FROM users WHERE username=:username', array(':username'=>$username))[0]['id'];
                    DB::query('INSERT INTO login_tokens VALUES (\'\', :token, :user_id)', array(':token'=>sha1($token), ':user_id'=>$user_id));
                    setcookie("SNID", $token, time() + 60 * 60 * 24 * 7, '/', NULL, NULL, TRUE);
                    setcookie("SNID_", '1', time() + 60 * 60 * 24 * 3, '/', NULL, NULL, TRUE);
} else {
                    echo "<div class=\"wrong\">Incorrect Password!</div>";;
            }
    } else {
            echo "<div class=\"wrong\">User not registered!</div>";
    }
} 
?>

Here is the PHP for the myaccount.php:

<?php include('./classes/DB.php');
include('./classes/Login.php');
if (!Login::isLoggedIn()) {
    die("Not logged in.");
}
if (isset($_POST['confirm'])) {
        if (isset($_POST['alldevices'])) {
                DB::query('DELETE FROM login_tokens WHERE user_id=:userid', array(':userid'=>Login::isLoggedIn()));
} else {
            if (isset($_COOKIE['SNID'])) {
                    DB::query('DELETE FROM login_tokens WHERE token=:token', array(':token'=>sha1($_COOKIE['SNID'])));
                }
            setcookie('SNID', '1', time()-3600);
            setcookie('SNID_', '1', time()-3600);
    }
}
?>
user9121872
  • 1
  • 1
  • 2

4 Answers4

0

I guess you are setting session after authentication, you need to redirect just after authentication like, Inside authentication method after setting session put below code and try.

<?php
/* This will give an error. Note the output
 * above, which is before the header() call */
header('Location: /login.php');
exit;
?>
freelancer
  • 1,174
  • 5
  • 12
0

share you full code and remove ; from form action "login.php".

Two method for redirect: window.location.href = "example.com"; using javascript

header('Location: your success url'); using PHP

Ravi Shrimali
  • 111
  • 1
  • 9
0

Along with the code where you make a pop-up to say that the login was successful, include code to redirect to the profile page of the user.

You can use <?php header('Location: profile.php') ?> for the same

Prejith P
  • 195
  • 3
  • 12
-1

So the answer seems to replacing the echo line in the login PHP (echo 'Logged in';) with this line 'header('Location: logout.php');'. I also changed it to the opposite for the myaccount.php. Thanks for the suggestions guys! <3

user9121872
  • 1
  • 1
  • 2