Not redirecting to the next page after logging in

Question

After logging in, my code isn't redirecting me to the next page.

<?php
$con = mysqli_connect("localhost","myusername","mypassword","mydatabase");  

include ("connection.php");
session_start();

if(isset($_POST['login']))
{
    $username = $_POST['username'];
    $password = $_POST['password'];

    $check = "SELECT * FROM admin WHERE username='$username' and password='$password'";
    $queryString = mysqli_query($db, $check) or die('ERROR:' . mysqli_error($db)); 
    if (mysqli_num_rows($queryString) > 0)
    {
        $admin = mysqli_fetch_assoc($queryString);

        $_SESSION['username'] = $admin['username'];
        session_write_close();
        header("location: http://mywebsite.com/home.php");
        die();
    } 
    else   
    {
        echo '<div class="popup-position">
                <div id="popup-wrapper">
                    <h3>Invalid user name or password.</h3><br/><a href="login.php">OK</a>
                </div>
               </div>';
    }
}

mysqli_close($con);  

This is the authentication of the next page after login:

<?php
session_start();
if (!isset($_SESSION['username']))
{
    header("location: login.php");
    exit();
}

Answer 1

try this

/send user to index. if he is login/ 

<?php 

require_once("inc/ header.inc.php");

if(isset($_SESSION['id']))

{ header("Location: index.php"); 
exit(); } 

<div class="container">
    <div class="form-container">
        <p class="heading text-center">Login</p>
<form action=" <?php echo $_SERVER['PHP_SELF'] ?>" method="post">
<div class="form-group">
                <input type="text" name="username" placeholder="Enter your Username" class="form-control">
            </div>
            <div class="form-group">
                <input type="password" name="password" placeholder="Enter your Password" class="form-control">
            </div>
            <input type="submit" value="Login" class="btn btn-primary" name="login">
        </form>
        <?php
            //login script
            if(isset($_POST['login'])){
                $username = trim( htmlspecialchars ($_POST['username']));
                $password = trim( htmlspecialchars ($_POST['password']));

                //if username or password is empty
                if(empty($username) || empty($password)){
                    echo "<div class='alert alert-danger'>Fill in all the fields</div>";
                    exit();
                }

                //check username and password match the db record
                $q = mysqli_query($con,"SELECT id FROM `user` WHERE username='$username' AND password='$password'");
                if(mysqli_num_rows($q) != 1){
                    echo "<div class='alert alert-danger'>Invalid username or password</div>";
                    exit(); 
                }

                //fetch the if of the logged in user start the session
                $row = mysqli_fetch_assoc($q);
                //set the session with logged in user id
                $_SESSION['id'] = $row['id'];
                $_SESSION['username'] = $username;
                header("Location: index.php");
                exit();
            }
        ?>
    </div>
</div>

Answer 2

Let me help you with logging in.

login.php

<html>
<head>
    <title>Hospital Login</title>
    <link href="login.css" rel="stylesheet" type="text/css">
</head>

<body>
    <form name="form1" method="post" action="process_login.php">    
        <fieldset class="formDisplay">          
            <legend><strong>Member Login </strong></legend>
            <strong>Username</strong></br></br> <input name="myusername" type="text" id="myusername">
            </br></br>
            <strong>Password</strong></br></br><input name="mypassword" type="password" id="mypassword">
            </br></br>
            <input type="submit" name="Submit" value="Login">
            </br></br>
            <?php
            echo $message;
            ?>
        </fieldset>
    </form>
</body>
</html>

The code above is literally what should be in your login script, forget about the fieldset thing, I'm just using it for something else :)

Now we want a pure PHP file to handle the input for logging into our system as so.

process_login.php

<?php
 include('database_connection.php');
 $myusername = mysqli_real_escape_string($DBConn, $_POST['myusername']);
 $mypassword = mysqli_real_escape_string($DBConn, $_POST['mypassword']);
$query="SELECT * FROM $doctor_table WHERE username='$myusername' AND passwd='$mypassword'";
 $result=mysqli_query($DBConn, $query);
 if(!$result){
echo "<p>
                        There was an error with the query.<br />\n" .
                        "The error was " .
                        htmlspecialchars(mysqli_error($DBConn), ENT_QUOTES) . 
                        ".<br />\nThe query was '" .
                        htmlspecialchars($query, ENT_QUOTES ) . 
                        "'</P>\n";
}
else if (!mysqli_num_rows($result)){
$message = "<p>Failed to Log In. Please check your username/password</p>\n";
include 'login.php';
}
else{
   $count=mysqli_num_rows($result);

                // If result matched $myusername and $mypassword, table row    must be 1 row
                if($count==1){

                // Register $myusername, $mypassword and redirect to file "login_success.php"
                session_start();
                $_SESSION['myusername'] = $myusername;
                $_SESSION['mypassword'] = $mypassword;
                header("Location: login_success.php");
                }
}
?>

Now when your authentication has been successful, you should then display your main page.

Note that you must 'clean' every entry by a user in order to avoid SQL injection (helps stop ppl from stealing data from your database)

These full codes work perfectly, I'd encourage you to use the code i've supplied, and feel free to tweak it for your own use :)