Reputation: 33
How to redirect (header location) to an html file?
So I'm running a registration/login system, MySQL included, in php.
For testing purposes, after a successful login, I redirect the user to an index.php, that states that the user is logged in, and gives him the option to log out.
Meanwhile, I made an actual html page I plan on using, so instead of the header('location: index.php') in my login.php file, I simply added index.html.
Except, this happens.
Not Found
The requested URL /registration/index.html was not found on this server.
Any idea as for why this happens? I made sure all of the files I need are in the folder itself, index.php shares the same location as index.html.
Am I missing something obvious?
// LOGIN USER
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: index.html');
}else {
array_push($errors, "Wrong username/password combination");
}
}
}
Upvotes: 2
Views: 858
Answers (1)
Reputation: 12505
Overall you have more important issues than a redirect problem. You will help yourself out if you create a config file that you include at the top of each base page. Also, employing some functions will keep your script human-readable, I have added a few examples. Don't use md5() for passwords, it's already been "figured out", so-to-speak, therefore easily crackable. You want to use password_hash() and password_verify() and if those are not in your PHP version (you should be upgrading to a version that has it if possible) then use a bcrypt compatible library. Also, use parameterized values in your sql, the mysqli_real_escape_string() is not good enough. Finally, I would switch to the OOP version of mysqli, it is easier to use, in my opinion.
/config.php
<?php
# Create a constant for your domain, this makes redirect super easy!
define('BASE_URL', 'http://www.example.com');
# Create a constant for your root folder (this config should be in the root)
define('ROOT_DIR', __DIR__);
# Create a function dir
define('FUNCTIONS', ROOT_DIR.'/functions');
# Add session to this page
session_start();
# Add our session var creator
include_once(FUNCTIONS.'/setSession.php');
# Add our get session function (use to retrieve session values)
include_once(FUNCTIONS.'/getSession.php');
# Add our message creator (set all messages via this)
include_once(FUNCTIONS.'/setMessage.php');
# Include our redirect function
include_once(FUNCTIONS.'/redirect.php');
/functions/validate.php
<?php
function validate($username, $password, $con, &$errors)
{
# Prepare the statement
$query = $con->prepare("SELECT * FROM users WHERE username = ?");
# Bind the parameter
$query->bind_param('s', $username);
# Execute the query
$query->execute();
# Fetch the row
$result = $query->fetch_assoc();
# Stop if there is no username matching
if(empty($result['password'])) {
$errors[] = "Invalid Username or Password.";
return false;
}
# See if the password matches
return (password_verify($password, $result['password']))? $result : false;
}
/functions/redirect.php
<?php
function redirect($path)
{
header("Location: {$path}");
exit;
}
/functions/setSession.php
<?php
function setSession($key, $value, $multi = false)
{
if($multi)
$_SESSION[$key][] = $value;
else
$_SESSION[$key] = $value;
}
/functions/getSession.php
<?php
function getSession($key = false, $clear = false)
{
if(!empty($key)) {
$value = (isset($_SESSION[$key]))? $_SESSION[$key] : false;
if(isset($_SESSION[$key]) && $clear) {
unset($_SESSION[$key]);
}
return value;
}
return $_SESSION;
}
/functions/setMessage.php
<?php
# It's easier to store in the same key all the time, then you can save multiple
# and retrieve them all at one time with implode()
function setMessage($msg, $key = 'general')
{
setSession($key, $msg, true);
}
/functions/getMessage.php
<?php
function getMessage($key = 'general', $clear = true)
{
return getSession($key, $clear);
}
/login.php
<?php
# add the config
include_once(__DIR__.'/config.php');
# Preset the errors array
$errors = [];
# Check for login
if (isset($_POST['login_user'])) {
# Set all variables to match keys
$username = (isset($_POST['username']))? trim($_POST['username']) : false;
$password = (isset($_POST['password']))? trim($_POST['password']) : false;
# See if empty
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
# Add the validate function
include_once(FUNCTIONS.'/validate.php');
# Remember, we want to use the OOP version of $db
$results = validate($username, $password, $db, $errors);
# If the user array is set
if (!empty($results)) {
# May as well store all the user data
setSession('user', $results);
# Store username (or use the one in the user array instead)
setSession('username', $username);
# Save the success message
setMessage('You are now logged in', 'success');
# Put in full domain using our constant
redirect(BASE_URL.'/index.html');
}else {
array_push($errors, "Wrong username/password combination");
}
}
}
Upvotes: 3
Related Questions
- redirect using header in php
- how to redirect with php?
- how i use of header tag to redirect page in php
- Redirect without HEADER() in PHP
- Redirect header
- Redirecting pages with the header thing
- PHP Header Redirect
- php redirection - HTML headers
- How to redirect page in PHP instead of using the header() command?
- PHP: Redirect ( header)