2
 if($row['psw']===$passwordphp)
          {

             echo '<script language="javascript">';
             echo 'alert("LOGIN SUCCESSFULL")';
             echo '</script>';
             header("Location: registration.php");
          }
       else{

             echo '<script language="javascript">';
             echo 'alert("CHECK EMAIL OR PASSWORD")';
             echo '</script>';
             header("Location: login.php");
             }

Here is the code. If I don't add header then JavaScript runs but when I add header Javascript stop running only executes the header function. Why is so? How can make both of them work properly?

Vadim Kotov
  • 8,084
  • 8
  • 48
  • 62
Stack Queue
  • 97
  • 7
  • you'd be better off using ajax for this. At the moment you are already outputting something to the browser, then calling php `header()` – Rotimi Feb 02 '18 at 20:23
  • 1
    This `$row['psw']===$passwordphp` makes me think you're storing the passwords in plain text? That's a _massive_ security issue. You should use PHP's [`password_hash()`](http://php.net/manual/en/function.password-hash.php) to create a hash of the password, which is what you store. Then use [`password_verify()`](http://php.net/manual/en/function.password-verify.php) to verify the password the user enters against the stored hash. – M. Eriksson Feb 02 '18 at 20:23
  • Yes is there any better way? Please suggest it would be really helpful @MagnusEriksson – Stack Queue Feb 02 '18 at 20:25
  • 2
    My comment contains links to both password_hash() and password_verify() in the manual. Read those pages and check the examples. – M. Eriksson Feb 02 '18 at 20:26

2 Answers2

3

A Location header tells the browser to drop everything and do something else. You can't do a Location redirect and output HTML.

That said, this code should throw a "Headers already sent" error message, as you can't do a header call after echoing anything to the browser.

ceejayoz
  • 176,543
  • 40
  • 303
  • 368
  • 1
    Thanks for the typo fix, @ScottMarcus! – ceejayoz Feb 02 '18 at 20:23
  • so I cant use alert message and header simultaneously right? – Stack Queue Feb 02 '18 at 20:23
  • 1
    @StackQueue Correct. You have a number of options. The most popular tends to be saving the status/error in a session value and displaying that on the destination page you're redirecting to. Often called "flashing" to the session. – ceejayoz Feb 02 '18 at 20:25
  • 1
    Just to mention, if output buffering is on and the buffer hasn't been filled yet, you can output headers even after the text output starts. – cHao Feb 02 '18 at 20:25
  • @cHao Good point, that may explain why this isn't parse erroring. – ceejayoz Feb 02 '18 at 20:25
2

As mentioned in the other answer, you can't send a header redirect and also send HTML.

Instead of the header redirect, you can use a Javascript redirect after the alert.

if($row['psw']===$passwordphp) {
    echo '<script language="javascript">';
    echo 'alert("LOGIN SUCCESSFULL");';
    echo 'window.location = "registration.php";';
    echo '</script>';
} else {
    echo '<script language="javascript">';
    echo 'alert("CHECK EMAIL OR PASSWORD");';
    echo 'window.location = "login.php"';
    echo '</script>';
}
Barmar
  • 741,623
  • 53
  • 500
  • 612