How to redirect to another page after login success in php?

Question

login.php

<?php
    session_start();
    error_reporting(0);
    include("config.php");
    if(isset($_POST['submit']))
    {
        $pass= $_POST['password'];
        $email= $_POST['email'];
        if($email=='' && $pass=='')
        {
            echo '<p id="red">Wrong Email or Password.</p>';
        }
        else
        {
            $query=mysqli_query($con, "select * from `user` where `password`='".$pass."' and `email`='".$email."' and status='1'");
            $countRow=mysqli_num_rows($query);
            $fetch=mysqli_fetch_array($query);
            if($countRow > 0)
            {
                $_SESSION['user_idd']= $fetch['user_id'];
                //$_SESSION['user_idd'];
                header('location:index.php');
            }
            else
            {
                echo '<p id="red">Wrong Email or Password.</p>';
            }
        }
    }
?>
<form method="POST" id="myforms" autocomplete="off" action="<?php echo $_SERVER['PHP_SELF'];?>">
    <input type="text" name="email" value="" placeholder="Enter Your Email" class="form-control">
    <input type="password" name="password" value="" placeholder="Enter Your Password" class="form-control">
    <input type="submit" name="submit" value="Login" class="btn btn-success">   
</form>

index.php

<?php
    session_start();
    error_reporting(0);
    include("config.php");
    if(!isset($_SESSION['user_idd']))
    {
        header("location:login.php");
    }

    echo "hiii";
?>

I have created simple login as you can see in my login.php file. Now, I want to redirect from login.php to index.php page after success but the problem is when I click on submit button it doesn't redirect me on index.php page it show me same page and when I call index.php in url directly then again it show login.php. I don't know where I am doing wrong? Please help me.

Thank You

Your script is wide open to [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) in either the `MYSQLI_` or `PDO` API's — RiggsFolly, Sep 01 '18 at 12:12
**Plain Text Passwords = Bad** PHP provides [`password_hash()`](http://php.net/manual/en/function.password-hash.php) and [`password_verify()`](http://php.net/manual/en/function.password-verify.php) please use them. And here are some [good ideas about passwords](https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet) If you are using a PHP version prior to 5.5 [there is a compatibility pack available here](https://github.com/ircmaxell/password_compat) — RiggsFolly, Sep 01 '18 at 12:13
Try adding an `exit;` after the `header('location:index.php');` as `header()` does not stop the script execution — RiggsFolly, Sep 01 '18 at 12:15
Are you see "Wrong Email or Password." and use `var_dump($_POST)` to see what you get from submit. — Zane, Sep 01 '18 at 12:16
@RiggsFolly I have used `exit;` after the `header` it hide input fields — omkara, Sep 01 '18 at 12:18
it means when I used `exit;` nothing happen it showing same page but hide only `form` — omkara, Sep 01 '18 at 12:23
Possible duplicate of [How to make a redirect in PHP?](https://stackoverflow.com/questions/768431/how-to-make-a-redirect-in-php) — coderroggie, Sep 01 '18 at 12:27
Of course one solution would be to turn error reporting ON instead of OFF and see what is reported. Add `ini_set('display_errors', 1); ini_set('log_errors',1); error_reporting(E_ALL); mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);` to the top of your script. This will force any mysqli_ errors to generate an Exception that you can see on the browser as well as normal PHP errors. — RiggsFolly, Sep 01 '18 at 12:57

How to redirect to another page after login success in php?

0 Answers0