For a school project I need to make a website that uses a database to perform queries aka a login system.
The login system fully works, but when a user for example tries to sign in with a username that doesn’t exist in the database an alert message will pop up telling the user it’s not possible. However, after that (so after the first submission) whenever I click the refresh page button, the alert will appear again without the user actually submitting any form information. So I know what the problem is, but I just don’t see where I need to unset() my variables (or something else), but at least I need to website to not show the alert if the user hasn’t submitted anything.
Here is the code and I hope someone sees where the problem is:
PHP code:
<?php session_start(); if (!isset($_SESSION["username"])) { $_SESSION["username"]= "No User"; } if(isset($_POST["reg"])) { $ingevoerdgebruikersnaam = $_POST ["leerlingid"]; $ingevoerdwachtwoord = $_POST ["wachtwoord"]; if (!$db = mysql_connect ('localhost', 'havo5groep2', 'TpWsj7WG')) { $boodschap = "not ok"; } else { $boodschap = "<script language='javascript'> alert('Gebruiker succesvol geregistreerd.')</script>"; $database = mysql_select_db("havo5groep2"); if (!$resultaat = mysql_query (" SELECT leerlingid, wachtwoord FROM po WHERE leerlingid = '$ingevoerdgebruikersnaam'", $db)) { echo " Het lukte niet om de query uit te voeren"; } else { if (mysql_num_rows($resultaat) == 0) { $resultaat = mysql_query ("INSERT INTO po (`leerlingid`, `wachtwoord`) VALUES ('$ingevoerdgebruikersnaam', '$ingevoerdwachtwoord')", $db); } else { $boodschap = "Deze gebruikersnaam is al in gebruik."; } } } echo $boodschap; } else { if(isset($_POST["login"])) { $ingevoerdgebruikersnaam = $_POST ["leerling"]; $ingevoerdwachtwoord = $_POST ["ww"]; if (!$db = mysql_connect ('localhost', 'havo5groep2', 'TpWsj7WG')) { $boodschap = "not ok"; } else { $boodschap = "ok"; $database = mysql_select_db("havo5groep2"); if (!$resultaat = mysql_query (" SELECT leerlingid, wachtwoord FROM po WHERE leerlingid = '$ingevoerdgebruikersnaam'", $db)) { echo " Het lukte niet om de query uit te voeren"; } else { if (mysql_num_rows($resultaat) == 0) { //echo "De gebruikersnaam $ingevoerdgebruiker is niet bekend !"; echo "<script> alert('De ingevoerde gebruikersnaam is niet bekend!')</script>"; } else { while (list($opgehaaldgebruikersnaam, $opgehaaldwachtwoord) = mysql_fetch_row($resultaat)) { if ($ingevoerdwachtwoord == $opgehaaldwachtwoord) { $_SESSION["username"]= $ingevoerdgebruikersnaam; header("Location: userpage.php"); //echo "Inloggen voor gebruiker $ingevoerdgebruiker is gelukt!"; } else { //echo "Wachtwoord $ingevoerdWachtwoord bij gebruiker $ingevoerdgebruiker niet correct"; echo "<script> alert('Wachtwoord is incorrect!')</script>"; } } } } } } }
My form HTML code:
<form action="index.php" method="post"> <input type= "text" name="leerlingid" placeholder="Username" required> <input type= "password" name="wachtwoord" placeholder="Password" required> <input type="submit" name="reg" value="Register"> </form> <form action="index.php" method="post"> <input type= "text" name="leerling" placeholder="Username" required> <input type= "password" name="ww" placeholder="Password" required> <input type="submit" name="login" value="Login">
So basically the information that was pushed into the PHP variables needs to be emptied so that when the PHP code runs during a page refresh it doesn’t reuse the information that is no longer inside the form.
EDIT:
To get it working you need to use header
So after you perform the POST, I send the user to another page like this:
header("Location: whatsuppage.php");
That page will tell the user if the form was correct or not and based on that sends the user to the correct page. doing this will remove the post data as the user switches to another page fixing the refresh
The working code looks something like this:
if (!$resultaat = mysql_query (" SELECT gebruikersid, wachtwoord, werknemer FROM gebruikersdatabase WHERE gebruikersid = '$ingevoerdgebruikersnaam'", $db)) { echo " Het lukte niet om de query uit te voeren"; } else { if (mysql_num_rows($resultaat) == 0) { $_SESSION["whatsup"] = 2; header("Location: whatsuppage.php"); // Empty result table } else { while (list($opgehaaldgebruikersnaam, $opgehaaldwachtwoord, $werknemer) = mysql_fetch_row($resultaat)) { if ($ingevoerdwachtwoord == $opgehaaldwachtwoord) { $_SESSION["username"]= $ingevoerdgebruikersnaam; $_SESSION["werknemer"] = $werknemer; header("Location: userpage.php"); // Send to header location after the post is done } else { //echo "Wachtwoord $ingevoerdWachtwoord bij gebruiker $ingevoerdgebruiker niet correct"; $_SESSION["whatsup"] = 3; header("Location: whatsuppage.php"); //echo "Wachtwoord is incorrect!"; } } } }
Advertisement
Answer
You need to remove POST header from your request. In your index.php, after your code, make a redirect to an other page. A thank you page for example.
<?php header('Location: contact-thank-you.html'); die(); ?>
Remember, header redirect must be excuted before any output.