phpmysqlsystemappointment

Login page doesn't work as leads to unkown page


Quick Note : This thread was closed for being a duplicate question however the links I found were to do with 'Preventing MySQL Injection Attacks', which was not the answer I was looking for. If reposting this question goes against any guidelines, I don't mind taking this post down.

I've been working on an online booking website and the projects works when I run it on WAMP. I decided to get 1 month hosting on ecowebhosting.com and I've uploaded my project/files as well as change my 'db.php' file to match the settings of phpMyAdmin ( host, username, password, etc. ) however I am not able to sign in.

This is the login page for my website : https://gyazo.com/07f6bb065971b20ba07628d2a68cf1b0 And you are able to register, and the user has been registered when I checked the database on phpMyAdmin however I am not able to login as this occurs when I login in any account : https://gyazo.com/312725f461d4790a99b1b47e97a97066

I thought it was something to do with the 'dashboard.php' file, so I removed the 'include("auth_session.php")' to see if anything was wrong with the file, but it worked as normal. Here is a copy of the code for 'login.php':

<!DOCTYPE html>
<html lang="en">

<head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">

    <title>Modern Haircut Designs</title>

    <!-- Bootstrap css style sheet -->
    <link href="bootstrap/css/bootstrap.min.css" rel="stylesheet">
    <!-- For the seperate stuff -->
    <link href="coursework_style.css" rel="stylesheet">
    <!-- Make sure to add this to the coursework style sheet so less files -->
    <link href="login_style.css" rel="stylesheet">
    <!-- To enable the javascript shenanigans -->
    <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
    <script src="bootstrap/js/bootstrap.min.js"></script>

</head>

<body>

    <?php
        require('db.php');
        session_start();
        if (isset($_POST['username'])) {
            $username = stripslashes($_REQUEST['username']);
            $username = mysqli_real_escape_string($con, $username);
            $password = stripslashes($_REQUEST['password']);
            $password = mysqli_real_escape_string($con, $password);
            $query    = "SELECT * FROM `users` WHERE username='$username'
                        AND password='$password'";
            $result = mysqli_query($con, $query) or die(mysql_error());
            $rows = mysqli_num_rows($result);
            if ($rows == 1) {
                $_SESSION['username'] = $username;
                header("Location: dashboard.php");
            } else {
                //Might be necessary to create an error page so the user knows?
                header("Location: login.php");
            }
        } else{
    ?>

    <nav class="navbar navbar-fixed-top navbar-inverse">
        <div class="container">
            <div class="navbar-header">
                <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar-collapse">
                    <span class="sr-only">Toggle navigation</span>
                    <span class="icon-bar"></span>
                    <span class="icon-bar"></span>
                    <span class="icon-bar"></span>
                </button>
                <a class="navbar-brand" href="/index.php">Modern Haircut Designs</a>
            </div>

            <div class="collapse navbar-collapse" id="navbar-collapse">
                <ul class="nav navbar-nav navbar-right">
                    <li class="actif"><a href="/index.php">Home</a></li>
                    <li><a href="/index.php#services">Services</a></li>
                    <li><a href="/index.php#team">Our Team</a></li>
                    <li><a href="/index.php#reviews">Reviews</a></li>
                    <li><a href="/index.php#contact-us">Contact</a></li>
                    <li><a href="/login.php">Login</a></li>
                </ul>
            </div>
        </div>
    </nav>

    <section class="login-cover">
        <div class="wrapper fadeInDown">
            <div id="formContent">
                <div class="fadeIn first">
                    <img src="img/login_icon.jpg" id="icon" alt="MHC Logo" />
                </div>
                <form method="post" name="login">
                    <input type="text" id="login" class="fadeIn second" name="username" placeholder="Username" required>
                    <input type="password" id="password" class="fadeIn third" name="password" placeholder="Password" style="background-color: #f6f6f6;border: none;color: #0d0d0d;padding: 15px 32px;text-align: center;text-decoration: none;display: inline-block;font-size: 16px;margin: 5px;width: 85%;border: 2px solid #f6f6f6;transition: all;0.5s ease-in-out;border-radius: 5px 5px 5px 5px;" required>
                    <input type="submit" class="fadeIn fourth" value="Login" name="submit">
                </form>
                <div class="formFooter">
                    <a class="underlineHover" href="register.php" id="register">Register Here</a>
                    <a class="underlineHover" href="#" id="forgot_password">Forgot Password?</a>
                </div>
            </div>
        </div>
    </section>

    <?php
    }
    ?>

    <footer style="bottom: 0; width: 100%;">
        crafted with &hearts; in Bangladesh by ###
    </footer>

    <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
    <script src="bootstrap/js/bootstrap.min.js"></script>
</body>

</html>

As requested, here's a markup for the 'dashboard.php' file:

<?php
    //Reminder to include this for the booking part
    include("auth_session.php");
?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">

    <title>Modern Haircut Designs</title>

    <!-- Bootstrap Stuff -->
    <link href="bootstrap/css/bootstrap.min.css" rel="stylesheet">
    <!-- Coursework Style that's seperate -->
    <link href="coursework_style.css" rel="stylesheet">

</head>
<body>

    <nav class="#">
        <div class="container">
            <div class="#">
                <button type="button" class="#">
                    <span class="sr-only">Toggle navigation</span>
                    <span class="icon-bar"></span>
                    <span class="icon-bar"></span>
                    <span class="icon-bar"></span>
                </button>
                <a class="#" href="#top">Modern Haircut Designs</a>
            </div>

            <div class="#" id="#">
                <ul class="#">
                    <li class="actif"><a href="#top">Home</a></li>
                    <li><a href="#services">Services</a></li>
                    <li><a href="#team">Our Team</a></li>
                    <?php 
                    if($_SESSION['username'] == 'admin'){
                        ?><li><a href="/bookings.php">Manage Appointments</a></li><?php
                    }else{
                        ?><li><a href="/user-bookings.php">View Appointments</a></li>
                        <li><a href="/calendar.php">Book Appointment</a></li>
                    <?php
                    }
                    ?>
                    <li><a href="/logout.php">Logout</a></li>
                </ul>
            </div>
        </div>
    </nav>

    <div class="cover" id="top">
        <div class="cover-text">
            <h1>Hey, <?php echo $_SESSION['username']; ?>!</h1>
            <p class="lead">Book an appointment now by clicking the button below</p>
            <a href="calendar.php" role="button" class="btn btn-danger btn-lg">Get started!</a>
        </div>
    </div>

    <section id="services">
        <h2>Here is a list of the services we provide</h2>
        <div class="container">
            <div class="row">
                #Text about the different types of haircuts
    </section>

    <section id="team">
        <div class="container">
           #Pictures and quotes of the different team members
        </div>
    </section>

    <section id="contact-us">
        <div class="container">
           #ContactInformation here
        </div>
    </section>

    <footer>
        crafted with &hearts; in Bangladesh by ###
    </footer>

    <!-- jQuery for javascript stuff-->
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
    <!-- Bootstrap javascript code / might remove tho -->
    <script src="bootstrap/js/bootstrap.min.js"></script>
</body>
</html>

Solution

  • The solution, as pointed out by @rickdenhaan, was to move the block of php code containing the 'header(###)' section to the start of the file. Another solution I found was to use javascript to open the file.