Login authentication not working for my site

Question

The codes for site is given below. Login cannot be authenticated with what I've done. Firstly, it will redirect to the login page as expected if not logged in. Then, after I clearly give the login details correctly, it won't redirect me to the site I want. Instead, it will remain on login page. Please help me...

<!--This is the page that I want to redirect after successful login-->


<?php
session_start();

if($_SESSION['loggedIn'])
{
  header('Location: restaurant.php');
}
else
{
  header('Location: login.php');  
}
?>

<html lang="en">
<head>
  <title>Welcome to Foodline</title>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <meta name="description" content="">
  <meta name="author" content="">
  <link rel="stylesheet" href="bootstrap/dist/css/bootstrap.min.css">
  <link href="css/simple-sidebar.css" rel="stylesheet">

  <script src="bootstrap/js/jquery.min.js"></script>
  <script src="bootstrap/js/bootstrap.min.js"></script>
  <script type="text/javascript" src="js.js"></script>
  <script type="text/javascript" src="jquery.js"></script>

  <style>
    /* Remove the jumbotron's default bottom margin */ 
     .jumbotron {
      margin-bottom: 0;
    }
   
    /* Add a gray background color and some padding to the footer */
    footer {
   background-color: #f2f2f2;
      padding: 25px;
    }
  </style>
</head>
<body>

<div class="jumbotron">
  <div class="container text-center">
    <h1><font face="Analecta">FOODLINE</font></h1>
    <p>We provide the best service for our costumers</p>
  </div>
</div>

 <nav class="navbar navbar-inverse" data-spy="affix" data-offset-top="197">
  <div class="container-fluid">
    <div class="navbar-header">
     <a class="navbar-brand"><font face="Analecta" color="white">>Restaurants<</font></a>
    </div>

    <div class="collapse navbar-collapse" id="myNavbar">
      <ul class="nav navbar-nav">
                <li>
                    <a href="foodline.php">Hamro Didi (HD)</a>
                </li>
                <li>
                    <a href="#">HK</a>
                </li>
                <li>
                    <a href="#">Junu Hotel</a>
                </li>
                <li>
                    <a href="#">Junction Cafe</a>
                </li>
                <li>
                    <a href="#">Laxmi Hotel</a>
                </li>
            </ul>
        </div>
    </div>
    </nav>


<footer class="container-fluid text-center">
<p>Foodline Official Website &copy</p>  
<p align="center">Logged in as: <div id="username" align="center"> <span class="glyphicon glyphicon-log-in"></span><?php
if(isset($_GET['id'])){
echo ' '.$_GET['id'];
}
else {
echo '(write) a 404 page';
}
?>
</div>
</p>
</footer>

</div>

<!--This is login.php-->


<?php
//session_start();
include("connection.php");
$msg='';

if($_SERVER["REQUEST_METHOD"] == "POST")
{
    // username and password sent from form 
    $username = $_POST['username'];
    $password = $_POST['password']; 

    // To protect MySQL injection
    $username = stripslashes($username);
    $password = stripslashes($password);
    $username = mysql_real_escape_string($username);
    $password = mysql_real_escape_string($password);

  //Input Validations
  if($username == '') {

$_SESSION["login_user"] = $username;   $msg = "Username missing";
    header("location: login.php?msg=$msg");
  }
  if($password == '') {
    $msg = "Password missing";
    header("location: login.php?msg=$msg");
  }
  //Create query
  $qry="SELECT * FROM user WHERE user_name='$username' AND user_password='$password'";
  $result =mysql_query($qry)or die(mysql_error());
  $output=mysql_fetch_assoc($result);
  //Check whether the query was successful or not
      if(!empty($output)) {
      //Login Successful
      $_SESSION['name']= $username;
      $_SESSION['loggedIn'] = true;  
      header("location:restaurant.php?id=$username");
     
    }
    else {
      //Login failed
      $msg= "user name and password not found";
      header("location:login.php?msg=$msg");
     
      }
}
?>


<html>
<head>
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <link rel="stylesheet" href="bootstrap/dist/css/bootstrap.min.css">
  <script src="bootstrap/js/jquery.min.js"></script>
  <script src="bootstrap/js/bootstrap.min.js"></script>
  
  <style>
  .jumbotron {
      margin-bottom: 0;
    }
  </style>
</head>
<body>

<div class="jumbotron">
  <div class="container text-center">
    <h1><font face="Analecta">FOODLINE</font></h1>      
    <p>We provide the best service for our costumers</p>
  </div>
</div>

<nav class="navbar navbar-inverse" data-spy="affix" data-offset-top="197">
  <div class="container-fluid">
    <div class="navbar-header">
     <a class="navbar-brand" href="index.php">Logo</a>
    </div>
    <div class="collapse navbar-collapse" id="myNavbar">
      <ul class="nav navbar-nav">
        <li class="active"><a href="index.php">Home</a></li>
        <li><a href="restaurant.php">Restaurants</a></li>
        
        <li><a href="contact-form/index.html">Contact</a></li>
      </ul>
     <ul class="nav navbar-nav navbar-right">
      <li><a href="register.php"><span class="glyphicon glyphicon-user"></span> Sign Up</a></li>
      <li><a href="login.php"><span class="glyphicon glyphicon-log-in"></span> Login</a></li>
    </ul>
    </div>
  </div>
</nav>

<div class="container">
  <h2><font face="Analecta">>Login from here<</font></h2>
  <form role="form" name="login" action="login.php" method="post" accept-charset="utf-8">
    <div class="form-group">
      <label for="username">Username:</label>
      <input type="text" class="form-control" name="username" placeholder="Enter username" required>
    </div>
    <div class="form-group">
      <label for="password">Password:</label>
      <input type="password" class="form-control" name="password" placeholder="Enter password" required>
    </div>
    <div class="checkbox">
      <label><input type="checkbox"> Remember me</label>
    </div>
    <button type="submit" class="btn btn-default" value="login">Submit</button>
    <br>
    <br>
    
    <?php
      $msg = (isset($_GET['msg']) ? $_GET['msg'] : null);  //GET the message
      if($msg!='') echo '<p>'.$msg.'</p>'; //If message is set echo it
    ?>
    
  </form>
  <p>Not a user yet? Sign up <a href="register.php">here</a></p>
</div>

<footer class="container-fluid text-center">
  <p>Foodline Official Website &copy</p>  
  <p>Get deals:
    <a href="register.php"><span class="glyphicon glyphicon-menu-right"></span>SignUp</a>
  </p>
</footer>

</body> 
</html>

`mysql_*` functions are deprecated since PHP 5.5 (and **removed entirely** in PHP 7) and you should [stop using them](http://stackoverflow.com/q/12859942) if you can. You should choose another API that allows you to use prepared statements (which you *really should*), like `mysqli_*` or PDO - see [choosing an API](http://php.net/manual/en/mysqlinfo.api.choosing.php). You also should **really, really** hash your password, and avoid using old methods like `sha1` or `md5`, use something like [`password_hash()`](http://php.net/manual/en/function.password-hash.php) instead. — Qirel, Jun 27 '16 at 14:08

Adam Lewis · Answer 1 · 2016-06-27T14:36:29.957

2

Uncomment:

//session_start();

From line 5 in login.php and change to this:

if(! $_SESSION['loggedIn']) {
  header('Location: login.php');  
}

in restaurant.php.

edited Jun 27 '16 at 14:36

answered Jun 27 '16 at 14:19

Adam Lewis

31
6

Thanks for the answer but it showed up something like "The localhost page isn’t working localhost redirected you too many times. ERR_TOO_MANY_REDIRECTS" in my browser... – Manish Raj Silwal Jun 27 '16 at 14:20
@ManishRajSilwal that's a pretty explicit error. Just sit down and check each "header location". For example, do you need to have a `header('Location: resturaunt.php'` in file `restaurant.php` ? What would that do? – apokryfos Jun 27 '16 at 14:26
Change the top of restaurant.php to: `` – Adam Lewis Jun 27 '16 at 14:32

Login authentication not working for my site

1 Answers1