CODEWITHSUNDEEP
php
user3687053
user3687053

Reputation: 55

PHP Getting POST value error

I got this problem when user tried to login to the system:

  1. Wrong username / password
    • The system will prompt user wrong account.
  2. Correct username / password
    • The system refresh remain at the login page no given any error message.

After debugging I found that, when user enter correct username and password (tested with a few combination) the if($_POST['form'] and the value $_POST['form'] == "login") will return false caused the system refresh and remain at the login page. And it will echo "asd"

 case 'login':
    if ($LOGIN_SESSION) {
        header("Location:index.php?cmd=home");
    }
    include('inc/header_tpl.php');
    if (isset($_POST['form']) && $_POST['form'] == "login") {
        if (!isset($_POST['username']) || !isset($_POST['password']) || $_POST['password'] == "" || $_POST['username'] == "") {
           $error_warning = 1;
        } else {
            $username = $_POST['username'];
            $password = $_POST['password'];
            $isLegal = VAccess::IsLegalUser($username, $password);
            if ($isLegal) {
                $_SESSION['role'] = VAccess::getRole($username);
                $_SESSION['logged'] = true;
                $_SESSION['username'] = $username;
                if ($_SESSION['role'] == "Administrator") {
                    $_SESSION['admin_username'] = $username;  
                } else if ($_SESSION['role'] == "Guest") {
                    $_SESSION['guest_username'] = $username;
                }
                $error_warning = 0;
                header("Location:index.php?cmd=home");
            } else {
                $error_warning = 1;
            }
        }
    }else{
       echo "asd";
    }
    include('view/login.php');
    include('inc/footer_tpl.php');
    break;

Below is my login form:

<form action="" method="post" id="login_form">
        <input type="hidden" name="form" value="login"/>
        <table style="width: 100%;">
          <tbody><tr>
            <td style="text-align: center;" rowspan="4"><img src="img/login.png" alt="Please enter your login details."></td>
          </tr>
          <tr>
            <td>Username:<br>
              <input type="text" name="username" value="" style="margin-top: 4px;">
              <br>
              <br>
              Password:
              <br>
              <input type="password" name="password" value="" style="margin-top: 4px;">
              <br>
            <!--  <a href="index.php?cmd=forgotten">Forgotten Password</a> -->
            </td>
          </tr>
          <tr>
            <td>&nbsp;</td>
          </tr>
          <tr>
            <td style="text-align: right;"><a onclick="$('#login_form').submit();" class="button">Login</a></td>
          </tr>
        </tbody>
        </table>
    </form>

  public static function IsLegalUser($username, $password) {
    $sql = "SELECT * FROM user WHERE USERNAME = '$username' and PASSWORD = '$password'";
    $query = mysql_query($sql) or die(mysql_error());

    if (mysql_num_rows($query) > 0) {

        return true;
    } else {
        return false;
    }
}

My code basically working fine, but today my client told me that he can't login to the system. I tested the code on my localhost it working well. But the problem is why when enter the correct combination the system will go else and echo "asd", in fact I haven't yet check the login info from database.

Upvotes: 0

Views: 185

Answers (1)

arpan.r
arpan.r

Reputation: 1981

you are sending new header but not stopping PHP execution try

header("Location:index.php?cmd=home");
exit();

Upvotes: 1

Related Questions