i'm trying to develop an interface for a db but I am not very practical in php. What I would like to do is showing the homepage after loggin in. However, the redirection does not work.
Desired behavior: 1) index.php -> login form / login credential
2) the credential login is sent to authenticate.php and if everything is correct, the homepage is viewed
Current behavior: Once the credentials are sent, authenticate.php does not change the page in homepage.php but remains a blank page.
authenticate.php
<?php require_once ('connect.php');
ob_start();
session_start();
// Now we check if the data was submitted, isset will check if the data exists.
if ( !isset($_POST['username'], $_POST['password']) ) {
// Could not get the data that should have been sent.
die ('Username and/or password does not exist!');
}
if ($stmt = $connect->prepare('SELECT username, password FROM user WHERE username = ?')) {
// Bind parameters (s = string, i = int, b = blob, etc), hash the password using the PHP password_hash function
$stmt->bind_param('s', $_POST['username']);
$stmt->execute();
$stmt->store_result();
// Store the result so we can check if the account exists in the database.
if ($stmt->num_rows > 0) {
$stmt->bind_result($username, $password);
$stmt->fetch();
$hash = hash('sha256', $_POST['password']);
// Account exists, now we verify the password.
if (hash_equals($password, $hash)) {
$_SESSION['loggedin'] = TRUE;
$_SESSION['username'] = $_POST['username'];
header('Location: homepage.php');
$output = ob_get_clean();
} else {
echo 'Incorrect username and/or password!';
}
} else {
echo 'Incorrect username and/or password!';
}
$stmt->close();
} else {
echo 'Could not prepare statement!';
}
?>
connect.php
<?php
$config = parse_ini_file('pathToFile...\credential.ini');
$connect = @mysqli_connect('localhost',$config['username'],$config['password'],$config['dbname']);
unset($config);
?>
Aucun commentaire:
Enregistrer un commentaire