Page redirect query

Question

When my user enters their email and password into a form on login.php, the form action uses the below code to make sure they are a valid user, and that neither of the fields are blank. My problem is that even when valid email and password is used the user is directed back to the login.php page instead of the logged_in.php lage, can anyone suggest why?

<?php
        session_start();

        include("connection.inc.php");
        $connection = connect();

        $txtEmail = $_POST['email'];
        $txtPassword = $_POST['password'];

        if ((empty($txtEmail)) || (empty($txtPassword)))
        {
            header("Location: login.php");
            exit;
        }

        $sql = "SELECT * FROM subscriber WHERE email = '$txtEmail' AND password = '$txtPassword'";

        $result = @mysql_query($sql) or die ("Unable to run query");
        $count = mysql_num_rows($result);

        if($count != 0)
        {
            $_SESSION['email'] = $txtEmail;
            $_SESSION['attempt_info'] = "authenticated";
            header("Location: logged_in.php");
        }
        ?>

Answer 1

It looks as though $txtEmail is your variable and email its its name in the sql database, so it should look like this

$txtEmail = $_POST['txtEmail'];
$txtPassword = $_POST['txtPassword'];

This will allow the contents of your text field to be passed to the sql query.

Answer 2

if (empty($txtEmail) or empty($txtPassword))
     {
                 // ...
     }

 if($count ==1) //something can go wrong set the 0 to 1
        {
            $_SESSION['email'] = $txtEmail;
            $_SESSION['attempt_info'] = "authenticated";
            header("Location: logged_in.php");
        }

Answer 3

You are actually redirecting to login.php in the last if-statement. I think it should be redirecting to logged_in.php, if the SQL query succeeds.