I'm currently working on a log-in page, but after I insert the correct username and password it went to the checkLogin.php and says You are not allowed to execute this file directly instead of redirect. I can't find where did I make the mistake.
<?php
// checkLogin.php
session_start(); // Start a new session
require('connect.php'); // Holds all of our database connection information
// Get the data passed from the form
$username = $_POST['user'];
$password = $_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$sql = "Select
supplier_id as id,
supplier_lastname as lastname,
supplier_firstname as firstname,
supplier_email as email ,
supplier_phone as phone,
'Supplier' as entity_name
FROM suppliers
WHERE suppliers.supplier_id = '$username' AND suppliers.supplier_pw = '$password'
union all
SELECT
customer_id as id,
customer_lastname as lastname,
customer_firstname as firstname,
customer_email as email,
customer_phone as phone,
'Customer' as entity_name
FROM customers
WHERE customers.customer_id = '$username' AND customers.customer_pw = '$password';
";
$result = mysqli_query($sql) or die ( mysqli_error() );
$count = 0;
$line= mysqli_fetch_assoc($result);
while ($line) {
$count++;
$info = $line[5];
}
if ($count == 1 && $info='Supplier') {
$_SESSION['loggedIn'] = "true";
$_SESSION['username'] = $line['id'];
header("Location: application/view_orders.php");
}
elseif ($count == 1 && $info='Customer') {
$_SESSION['loggedIn'] = "true";
$_SESSION['username'] = $line['id'];
header("Location: application/orderForm.php");
}
else {
$_SESSION['loggedIn'] = "false";
echo "<script type='text/javascript'>alert('Log-In failed! Please check your username or password again.'); window.location.href='http://oncommercetrend.com/'</script>";
}
?>
And here is my form:
<form class="login active" action="checkLogin.php">
<h3>Login</h3>
<div>
<label>Username:</label>
<input name="user"type="text" />
<span class="error">This is an error</span>
</div>
<div>
<label>Password: <!--<a href="forgot_password.html" rel="forgot_password" class="forgot linkform">Forgot your password?</a>--></label>
<input name="password" type="password" />
<span class="error">This is an error</span>
</div>
<div class="bottom">
<div class="remember"><input type="checkbox" /><span>Keep me logged in</span></div>
<input type="submit" value="Login"></input>
<a href="register.html" rel="register" class="linkform">You don't have an account yet? Register here</a>
<div class="clear"></div>
</div>
</form>
Here is DB connection:
$link = mysqli_connect($db_host,$db_user,$db_pass) or die('Unable to establish a DB connection');
mysqli_select_db($db_database,$link);