How to display the welcome page after successful log in?

Question

I am using following code in two different folder like Model and View. In View Folder contain two php file like Login.php and Login_success.php. Controller folder contain the mysql database table field fetch code. When I run below code It can't display the Login_success page. Only the else field Check Name and password displayed. These all file combined to out of folder index.php .

Here my code :

Login.php

<html>
<head>
<title>Login</title>
<link rel ='stylesheet' type = 'text/css' href = 'View/Design.css'> 
<script>
function Validate(){
var x=document.forms["login"]["username"].value;
if (x==null || x=="")
  {
  alert("First name must be filled out");
  return false;
  }
 var x=document.forms["login"]["password"].value;
 if (x==null || x=="")
  {
   alert("Password must be filled out");
   return false;
  }
 }
 </script>
 </head>
 <body>
 <form name = 'login' method = 'post' action = 'Controller/Controll.php' >
 <fieldset>
 <legend>Login</legend>
 User Name :<input type = 'text' name = 'username'>
 Password  :<input type = 'password' name = 'password'><br><br>
 <input type = 'submit' name = 'submit' value = 'submit' onsubmit = "return Validate()" >
 </fieldset>
 </form>
  </body>
 </html>

Controll.php

 class Access{
 function connection(){
  require_once('View/Login.php');
 $con = mysql_connect('localhost','root','root');
 $db = mysql_select_db('Times_sheet');
 $query = mysql_query('select * from Login');
 $row = mysql_fetch_array($query);
 if(isset($_POST['submit']))
 {
  if(($row['UserName']==$_POST['username']) && ($row['Password']==$_POST['password'])){
  require_once("View/Login_Success.php");
 }
  }
  else{
  echo "Check User name and Password";
 }
 }
 }

Index.php

require_once('Controller/Controll.php');
class login extends Access{
function getValu(){
require_once('View/Login.php');
}
 }
$Obj = new login();
$Obj ->getValu();
$Obj ->connection();

When I enter the correct user name and password it shoes the empty page. I don't know what mistake I did.

Answer 1

you are just including Login_success.php in this line not redirecting to Login_success.php

 if(($row['UserName']==$_POST['username']) && ($row['Password']==$_POST['password'])){
    require_once("View/Login_Success.php");
 }

so use header for this redirection

 if(($row['UserName']==$_POST['username']) && ($row['Password']==$_POST['password'])){
    header("Location: View/Login_Success.php");
    exit();
 }

Answer 2

using header php function for redirect purpose instead of require_once. Like this format header(url);

Answer 3

In your query you are fetching all(*) result from the table 'Login'.

Instead of this query table with a 'WHERE' : eg. select * from Login WHERE user= $_POST['username'] AND password = $_POST['password']

If the result found then redirect the user to your required page :

    header("Location : View/Login_Success.php");

Answer 4

First, you code is not save at all; Peace a cake for hacking

 class Access{
 function connection(){
 require_once('View/Login.php');
 $con = mysql_connect('localhost','root','root');
 $db = mysql_select_db('Times_sheet');
 $query = mysql_query('select * from Login');
 $row = mysql_fetch_array($query);
 if(isset($_POST['submit']))
 {

Second, you are only including

 View/Login_Success.php'

You have to do it this way:

 if(($row['UserName']==$_POST['username']) && ($row['Password']==$_POST['password'])){
 header('location: View/Login_Success.php');
 }
 }
 else{
  echo "Check User name and Password";
 }
 }
 }

Answer 5

You must change you code ,

 $query = mysql_query('select * from Login');
 $row = mysql_fetch_array($query);

1. You SELECT all users from MySQL and after check on PHP it is not good way you can change it to : ( & MD5 your password because it is very important.)

$user = $_POST['username'];
$pass = MD5($_POST['password']);
$query = mysql_query("select * from Login WHERE `UserName` = '$user' AND `Password` = '$pass' ");

if (mysql_num_rows($query)==1) { // logined }

and for save username and user in all page use session values :

session_start();
$_SESSION['user'] = $row['UserName'] ;

and for use it in Login_Success.php you can use it this code :

<?php 

session_start();

echo "wellcome user : ".$_SESSION['user'] ;

?>

I have 2 offer for you: 1. use Anti SQL Injection in your code. 2. use header header('location: View/Login_Success.php'); for redirect to other page not include