Multiple login in PHP form not working

Question

The else part of my code is working when the password is wrong. However, when password is correct it does not go to the admin.php page. It just stays on the same page.

Does anyone know why this is happening?

<?php

session_start();
error_reporting(E_ALL); // to see if there is error in code

include "connect_to_mysql.php";
if(isset($_POST['log'])){
    $user = $_POST['user'];
    $pass = md5($_POST['pass']);
    $sql  = mysql_query("select * from login where user= '$user' AND pass='$pass' LIMIT 3 ") or die( mysql_error());
    $data = mysql_fetch_array($sql);
    $UserName = $data['user'];
    $Password = $data['pass'];
    $type = $data['type'];
    $name = $data['name'];
    if($user==$UserName && $pass==$Password){
        session_start();
        $_SESSION['name']=$name;
        if($type=='admin'){
            header("location: admin.php");
        }else if($type=='vender1'){
            header("location: vender1.php");
        }

    }
}
?>

The database contains: id, name, user, pass, type

So my problem is; after the right password is entered, the same page remains open, but it should open admin.php.

   <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml">
  <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title> Log In </title>
  <link rel="stylesheet" href="style.css" type="text/css" media="screen" />
  </head>

  <body>
  <br /><br /><br /><br /><br /><br /><br /><br />
    <br /><br /><br /><br />
  <div id="mainWrapper">
   <?php include_once("header.php") ?>
  <div id="pageContent"><br /><br /><br />
   <div align="right" style="margin-right:24px; color:#FF0000">
   <h2>Please Log In To Manage the Inventary</h2>
   <br /><br />
   <form id="form" name="form" method="post" action="login.php">
    <h2 style="padding-right:200px;">User Name:</h2>
      <input name="user" type="text" id="user" size="40" style="height:20px;" />
     <br /><br />
     <h2 style="padding-right:210px;">Password:</h2>
    <input name="pass" type="password" id="pass" size="40" style="height:20px;" />
   <br />
   <br />
   <br />

     <input type="submit" name="log" id="log" value="Log In" />

  </form>
   <p>&nbsp; </p>
  </div>
 <br />
  <br />
 <br />
</div>

 </div>
 </body>
 </html>

I am stuck here.. Please get me out from here.

Any error? Like: "Headers are already sent on line ....". If not check what value `$type`has. — Nytrix, Jul 31 '15 at 09:54
You're code is not save at all btw, don't use `md5` for password hashing, it is easily decrypted. Don't use `mysql` either, it is not supported anymore. Use `pdo` or `mysqli` instead. This way you're code is protected from [sql injection](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — Nytrix, Jul 31 '15 at 09:56
it seems like you missed to post one closing bracket in your php code — jameshwart lopez, Jul 31 '15 at 09:57
if this statement `if($user==$UserName && $pass==$Password)` is false, your code does not do anything, just put an `else` statement there — Luthando Ntsekwa, Jul 31 '15 at 10:00
try this: $sql=mysql_query("select* from login where user= '$user' AND pass='$pass' LIMIT 3 "); $data=mysql_fetch_array($sql); $UserName= $data['user']; $Password= $data['pass']; $type= $data['type']; $name= $data['name']; if($user==$username && $pass==$password){ session_start(); $_SESSION['name']=$name; if($type=='admin') { header("location: index.php"); } else if($type=='vender1') { header("location: vender1.php"); } } else { echo 'That information is incorrect, try again Click Here'; exit(); } ?> — Insane Skull, Jul 31 '15 at 10:01
i have allready put else statement there.. which is this one — deep singh, Jul 31 '15 at 10:02
else { echo 'That information is incorrect, try again Click Here'; exit(); } — deep singh, Jul 31 '15 at 10:02
@deepsingh please look at my first comment, and answer the question. As this is pretty good to know. Second of all, you already had the same question and it was answerd? — Nytrix, Jul 31 '15 at 10:14
@deepsingh ok i found where it is going wrong. So the check `$user == $Username ....` is returning false then. As you started the session twice after that check, that should already throw an error. — Nytrix, Jul 31 '15 at 10:34
Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/84794/discussion-between-nytrix-and-deep-singh). — Nytrix, Jul 31 '15 at 11:43

score 2 · Accepted Answer · answered Jul 31 '15 at 10:32

2

I can't test your code. But, I am giving you a sample using mysqli. Hope it helps some.

if(isset($_POST["btnLogin"]))
    {
        if(trim($_POST["txtEmail"])!=null && trim($_POST["txtPassword"])!=null)
        {
            $sql=$mysqli->prepare("select * from usermaster where email=?");
            $sql->bind_param("s",$_POST["txtEmail"]);
            $sql->execute();
            $sql->bind_result($id,$email,$password,$usertype,$registerdate,$status);
            if($sql->fetch()>0 &&  $_POST["txtPassword"]==$password)
            {
                $_SESSION["userId"]=$id;
                $_SESSION["userName"]=$email;
                $_SESSION["userType"]=$usertype;
                if(strToLower($usertype)=="admin")
                {
                    header("location:admin/manage_users.php");
                }
                else
                {
                    header("location:client/edit_user.php");
                }
            }
            else
            {
                $msg="Invalid Username and Password";
            }
        }
        else
        {
            $msg="Enter email and password";
        }
    }

answered Jul 31 '15 at 10:32

Amanjot Kaur

2,028
4
18
33

send me the code at dt.amanjotkaur@gmail.com if your problem is not solving. I will check it out. @deepsingh – Amanjot Kaur Jul 31 '15 at 11:51
@Amarjot check ur email yarr – deep singh Jul 31 '15 at 11:59
can u give me ur database script – Amanjot Kaur Jul 31 '15 at 12:24
come on email.. i will send details of database there – deep singh Jul 31 '15 at 12:30
send me the screenshot of structure – Amanjot Kaur Jul 31 '15 at 12:31
check ur email with screenshots – deep singh Jul 31 '15 at 12:48
plz come to discussion – Amanjot Kaur Jul 31 '15 at 12:56
Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/84802/discussion-between-amanjot-and-deep-singh). – Amanjot Kaur Jul 31 '15 at 12:59
thankew for your help ji.. waheguru bhala kre tuhada – deep singh Jul 31 '15 at 13:29
need ur help.. plz check ur email.... got stucked somewhere..... i have send u email – deep singh Aug 01 '15 at 06:12
Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/84863/discussion-between-deep-singh-and-amanjot). – deep singh Aug 01 '15 at 06:16

score 1 · Answer 2 · edited Jul 31 '15 at 11:36

Hello Deep singh,

Try this one,

For hashing function use SHA1 or such encryption methods.

$sql=mysql_query("select * from login where user= '".$user."' AND pass='".$pass."'") or die(mysql_error());

Do not require to give limit in query we always get only one record because username and password must be unique.

Not required to check again username and passwords because we write condition in query right just check number of rows or other options

if(mysql_num_rows($sql) > 0 )
{  
    // store data in session 
    // some actions
}
else
{
    // some actions
}

Hope, will help you. Good Luck.. ['}

Multiple login in PHP form not working

2 Answers2