This question already has an answer here:
I am writing a login/register system for my first php project and I am facing problems in login.php. Here is my login.php:
<?php
include("db.php");
session_start();
if(isset($_SESSION['login_user'])){
header("Location: welcome.php");
}
$error = '';
if (isset($_POST['submit'])) {
if (empty($_POST['username']) or empty($_POST['password'])) {
$error = "Please enter your login details";
} else {
$username = mysqli_real_escape_string($conn, $_POST['username']);
$password = md5($_POST['password']);
$query = mysqli_prepare($conn, "SELECT password FROM workers WHERE user_name=?");
mysqli_stmt_bind_param($query,"s",$username);
mysqli_stmt_execute($query);
mysqli_stmt_bind_result($query,$pass);
if(mysqli_stmt_fetch($query)){
if ($password == $pass){
header('Location:welcome.php');
$_SESSION['login_user'] = $username;
}else {
$error = "You typed the wrong password";
unset($username, $password);
}
}else{
$error = "User Login doesn't exists";
unset($username,$password);
}
}
}
?>
The problem is that after entering existing username/password it just refreshes the page instead of heading to the welcome.php. I checked with an incorrect username/password and it displayed an error as expected, so I don't think the problem is in the MySQL queries. How can I find the problem with a code and explain why it happened?
</div>