0

I have a simple form calling a PHP script upon submit but it does not work as expected. It just takes me back to 'localhost:8080' without any error messages which is not even there in the PHP script. Please have a look at the code below and tell me how do I correct this. Also I had the below form as POST initially but it was not working at all, i.e., the php file was not getting the post data. I switched to GET, it worked for some time and now even this is not working. It may very well be some settings problem. I am using WAMP x64 on Windows 7 x64 and have not modified any setting.

This is my form -

<form role="form" action="/login.php" method="GET">
                    <div class="form-group">
                      <label for="email">Email:</label>
                      <input type="text" class="form-control" placeholder="[email protected]" name="email">
                    </div>
                    <div class="form-group">
                      <label for="password">Password:</label>
                      <input type="password" class="form-control" placeholder="password" name="password">
                    </div>
                    <div class="form-group">
                      <label><a href="/forgot-password">Forgot Password?</a></label>
                      <label><a href="/new-user"> New User?</a></label>
                    </div>
                    <button type="submit" class="btn btn-lg btn-primary center-block">Submit</button>
                </form>

This is the PHP file -

<?php
if (isset($_SESSION)) {
    header("location: http://localhost:8080/home");
} else {
    if (isset($_GET['email']) and isset($_GET['password'])) {

        $email = $_GET['email'];
        $pass = $_GET['password'];

        $con = mysqli_connect('localhost','read','*****','sheet_db');

        if(mysqli_connect_errno()) {
            header("location: http://localhost:8080/?message=internal%20error");
        } else {
            $check = mysqli_query($con, "SELECT COUNT(emp_id) as cnt FROM d_emp WHERE emp_email = '".$email."' AND password = '".$pass."'");
            if(mysqli_fetch_array($check)['cnt'] == 1) {
                session_start();
                $_SESSION['email']=$email;
                header("location: http://localhost:8080/home");
            } else {
                header("location: http://localhost:8080/?message=wrong%20username%20or%20password");
            }
        }
    } else {
        header("location: http://localhost:8080/?message=invalid%20parameters");
    }
}

?>
Improve this question
6
  • did you check the process gets as far as the else part of the if-loop? Did you check the values? Commented Aug 18, 2014 at 17:27
  • Yes if I add echo statements and remove location headers, it does run as expected. Just the headers are not doing their job. Commented Aug 18, 2014 at 17:31
  • @user3162834 does it redirects to http://localhost:8080/?message=internal%20error??? Commented Aug 18, 2014 at 17:33
  • It redirects to 'localhost:8000' Commented Aug 18, 2014 at 17:39
  • Related; You will want to check out this question about SQL Injection It's an extremely dangerous problem, and your code is vulnerable to it. Commented Aug 18, 2014 at 18:06

1 Answer 1

Reset to default
1

Change action="/login.php" to action="./login.php" then let me know if it solves your problem.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

and if this script is being run in a subdir and the login script really is in the document root?
@MarcB Lets see what OP says!
Both the files are in document root. If I remove all php location headers, it does go to login.php.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.