-1

I'm fairly new with PHP programming and still getting myself familiar with the methods and syntax. Right now, I have no knowledge of session yet.

I want the user to get a message that the "user doesn't exist or incorrect login details" if he/she types incorrect login details on the form. Otherwise, redirect user to the next page.

I tried using the header() method of PHP but when I put it after the alert() message line, my alert() message doesn't even show.

nextpage.php 

<?php
  if(isset($_POST['btnLogin'])){
    $con = mysqli_connect("localhost","root","","myDb")or die("cannot connect");
    if(!$con){
      die("Connection failed: " . mysqli_connect_errno() );
    }

    $studentNo = $_POST['studentNo'];
    $username = $_POST['userName'];
    $password = $_POST['password'];

    $selectQuery = "SELECT * FROM registered WHERE student_no = '$studentNo' AND username = '$username' AND password = '$password' ";
    $result = mysqli_query($con,$selectQuery);

    if(mysqli_num_rows($result) == 0){
      echo '<script language="javascript">';
      echo 'alert("User doesn\'t exist or incorrect login details")';
      echo '</script>';
      header("Location: login.php"); //take user back to login.php if user doesn't exist
    }else{
      //do this if user exists
      //get Parameters for studentNo, userName, password
    }
  }
 ?>

login.php

<form action="nextpage.php" method="POST">

    <label>Student No</label>
    <input type="text" name="studentNo" placeholder="Student No" required />
    <br />
    <label>Username</label>
    <input type="text" name="userName"  placeholder="Username" required />
    <br />
    <label>Password</label>
    <input type="password" name="password"  placeholder="Password" required />
    <br />
    <button type="submit" name="btnLogin">Login</button>
</form>

header() takes user back to login.php but it doesn't display the message.

Is there any other better way to do what I'm trying to do? Validate the login details first before redirecting to page two. Otherwise, don't redirect.

I researched and found that I can post data through <form> or other javascript syntax. I would prefer to learn how to do it with plain php and html

I hope you can help me.

Thank you.

heisenberg
  • 1,784
  • 4
  • 33
  • 62
  • 3
    Answering this would require an essay on SQL injection, binding parameters, password hashing, possibly server-client architecture and TLS encryption aaaaaand how to use HTTP redirects... – CD001 Nov 04 '16 at 14:13
  • I couldn't agree more with CD001. I can only recommend you research more on PHP and using SQL databases. Also make not of the difference for server-side languages and client-side languages, the order they run ect... that will help you understand why using server-side `header()` is stopping your client-side `alert()` from running. – NewToJS Nov 04 '16 at 14:16

4 Answers4

0

You can display a message on the login page itself by adding a value onto the header itself and having an if statement on your login.php.

For example, change your header to header("Location: login.php?error=1");

And on your login.php file, add this.

if(isset($_GET['error']) && $_GET['error'] == "1") { echo '<div class="alert alert-danger">Login failed</div> }

EDIT: Having seen CD001's comment, i'd recommend reading up on php & mysql on how to better protect yourself from sql injections etc. Here is a good place to start.

Captain Squirrel
  • 237
  • 5
  • 15
0

First of all, you cannot send a header() when you have already echo'ed output.

Secondly, the alert will never show up, even if redirecting would work, because the <script> is not on login.php. It is not magically stored somewhere to showup later.

Koen
  • 422
  • 3
  • 16
0

Using session you can do like this

In your login.php before html code put this 

<?php
session_start();
?>

This will start the session. When user submits the form, in nextpage.php, first you need to put again session_start(); on top of the script, after doing users authentication, you can set session like this

if(mysqli_num_rows($result) == 0){
    header("Location: login.php?error=User doesnot exists"); //take user back to login.php if user doesn't exist
}else{
    //do this if user exists
    //get Parameters for studentNo, userName, password
    $_SESSION['user_id'] = '<userId>';
    //..
    header("Location: <secure_page>");
}

In the secure_page where you've redirected the user, in that php script again on top of the script put session_start(); and after that you can check session 

if (!isset($_SESSION['user_id']) || $_SESSION['user_id'] != "") {
    header("Location: login.php?error=access denied");
}

This will make sure that un-authenticated users can't access this page.

About the issue of not showing alert

In you're script, where you're using javascript code, there you'll need to add the type.

echo '<script type="text/javascript" language="javascript">';

Another problem with the code is javascript will execute only after you're page is loaded but after echoing all those you're using header("location:login.php"); which will redirect the user without showing javascript alert

Haridarshan
  • 1,898
  • 1
  • 23
  • 38
  • 1
    ... I'm pretty sure this is answering a different question entirely?! – CD001 Nov 04 '16 at 14:17
  • This is like a 10 second tutorial on using sessions, this doesn't answer the issue with the `alert()` and redirecting which is the question... Not how to use sessions. – NewToJS Nov 04 '16 at 14:20
0

Well like others said there are better ways of doing this but if you still want to go with your solution then this will work for you:

echo '<script language="javascript">';
echo 'alert("User doesnt exist or incorrect login details");';
echo 'location.href="http://www.yoursite.com/login.php";';
echo '</script>';

remove the php header redirection.

Just_Do_It
  • 821
  • 7
  • 20