A very nice person from inhere helped me making a login form with cookies, and it works perfectly fine. So when I login I get redirected to home.php, where I also can logout. But I am not quite sure of something. If I have a succesfull login, I would like to get redirected to profile.php, and not home.php?
Best Regards Julie
index.php:
<?php
$error='';
if( !isset( $_SESSION ) ) session_start();
if( !isset( $_SESSION['username'])) include('login.php');
else exit( header('Location: home.php') );
?>
<!doctype html>
<html>
<head>
<meta charset='utf-8'>
<title>PHP Login Form with Session</title>
<link rel='stylesheet' href='style.css' type='text/css' />
</head>
<body>
<h1>PHP Login Form with Session</h1>
<div class='loginBox'>
<h3>Login Form</h3>
<br><br>
<form method='post' action=''>
<label>Username:</label><br>
<input type='text' name='username' placeholder='username' /><br><br>
<label>Password:</label><br>
<input type='password' name='password' placeholder='password' /><br><br>
<input type='submit' name='submit' value='Login' />
</form>
<div class='error'><?php echo $error;?></div>
</div>
</body>
</html>
login.php:
<?php
/* login.php */
if( !isset( $_SESSION ) ) session_start();
include('dbconfic.inc.php' );
$error = '';
if( $_SERVER['REQUEST_METHOD']=='POST' && isset( $_POST['submit'] ) ) {
if( empty( $_POST['username'] ) || empty( $_POST['password'] ) ){
$error = 'Both fields are required.';
} else {
/*
Use prepared statements - mitigates agsint sql injection.
Use placeholders in the sql which are used by the `bind_param` statement
*/
$sql='SELECT `uid` FROM `users` WHERE `username`=? AND md5( `password` )=? limit 1 ';
$stmt=$db->prepare( $sql );
if( !$stmt ) exit('Failed to prepare sql statement');
/*
md5 is not recommended for password hashing as it is generally considered to be broken
bind the variables to the placeholders & execute the sql
*/
$username=$_POST['username'];
$password=md5( $_POST['password'] );
$stmt->bind_param('ss', $username, $password );
$res=$stmt->execute();
/* bind the result of the query to a variable */
$stmt->bind_result( $login_user );
while( $stmt->fetch() ){
/* go through recordset ( 1 record ) */
$_SESSION['username'] = $login_user;
}
$stmt->close();
$db->close();
if( isset( $_SESSION['username'] ) ) exit( header( 'location: home.php' ) );
else $error='Incorrect username or password.';
}
}
?>
home.php:
<?php
/* home.php */
if( !isset( $_SESSION ) ) session_start();
if( !isset( $_SESSION['username'] ) ) exit( header('Location: index.php') );
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Home</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>
<h1 class="hello">Hello, <em><?php echo $_SESSION['username'];?>!</em></h1>
<br><br><br>
<a href="logout.php" style="font-size:18px">Logout?</a>
<a href="test.php">test</a>
</body>
</html>
