I have a login page with a form with POST method and no action defined (or action to self). I use some functions to do the login, and when some field of the form is left empty or the login credentials are not valid, I´m being redirected to XAMPP dashboard. Its like as if my else statement is not kicking in. Any idea why?
if(ifItIsMethod('post')){
if(isset($_POST['username']) && isset($_POST['password'])){
login_user($_POST['username'], $_POST['password']);
}else{
echo "bla bla";
}
}
I tried else{ header(..)} and nothing happens, it just redirects to dashboard.
I have a test version online where the same happens, its here: http://hotfol.com/cms/login_page.php
Thank you!!
Edit: functions
function ifItIsMethod($method=null){
if($_SERVER['REQUEST_METHOD'] == strtoupper($method)){
return true;
}else{
return false;
}
}
function login_user($typed_username, $typed_password){
global $connection;
$typed_username = escape($typed_username);
$typed_password = escape($typed_password);
$query = "SELECT * FROM users WHERE username = '$typed_username'";
$select_user_query = mysqli_query($connection, $query);
if(!$select_user_query) {
die ("query failed" . mysqli_error($connection));
}
$row = mysqli_fetch_assoc($select_user_query);
$user_id = escape($row['user_id']);
$username = escape($row['username']);
$password = escape($row['user_password']);
$firstname = escape($row['user_firstname']);
$lastname = escape($row['user_lastname']);
$user_role = escape($row['user_role']);
if (password_verify($typed_password, $password)) {
$_SESSION['username'] = $username;
$_SESSION['firstname'] = $firstname;
$_SESSION['lastname'] = $lastname;
$_SESSION['user_role'] = $user_role;
$_SESSION['user_id'] = $user_id;
header('Location: admin/index.php');
}else{
header('Location: ../index.php');
}
}