Hi All Nightowls out there :),
I need to authenticate username and password provided on a login page against my database table, named regdata. Upon successful authentication, the user is taken to /countdown_clock/countdown.html. When I run the page, I'm not taken to the specified countdown.html, but the same page refreshes with /authlogin.php tacked onto the end of the URL. Can someone suggest how to remedy the following code?
<?php
error_reporting(E_ALL);
ini_set("display_errors", 1);
$Database = array(
"Host" => 'myhost',
"User" => 'myuser',
"Password" => 'mypass',
"Name" => 'mydb'
);
$mysqli = new mysqli($Database['Host'], $Database['User'], $Database['Password'], $Database['Name']);
if ($mysqli->connect_error)
{
?><span class="error">Connect Error (<?php echo $mysqli->connect_errno; ?>) <?php echo $mysqli->connect_error; ?></span><?php
exit();
}
$result = mysqli->prepare("SELECT username, password from regdata where username = $_POST['user_name'] and password = $_POST['password']");
if ($result && 0)
{
$result->execute();
$result->close();
header("Location: http://www.mydomain.com/countdown_clock/countdown.html");
}
else
{
$_SESSION['error'] = "Sorry, we cannot process your login at this time. Please try back later.";
header("Location: http://www.mydomain.com/");
}
?>
My login.php calls authlogin.php as follows:
<form id="form1" name="form1" method="post" action="authlogin.php">
<input type="submit" class="form_login" alt="Login" value="" /></p></form>
Thanks, Sid
EDIT: revised statement
$result = mysqli->prepare("SELECT username, password from regdata where username = '" . $_POST['email_address'] . "' and password = '" . $_POST['password']."'
");
Is this the proper way?