Why do I get a blank page instead of redirecting like this in the command (header: Location)?

Asked

Viewed 65 times

-1

Good evening guys, I recently took a PHP course and decided to venture a little creating a login system with $_COOKIE. When I manually set the variable, I can validate the login, but when I pass the information using action="POST" in the form, I get a blank page. The html form is this:

<form action="/system.php" method="POST">

      <div class="imgcontainer">
        <img src="images/img_avatar2.png" alt="Avatar" class="avatar">
      </div>


      <label for="usuario"><b>Usuário</b></label>
      <input type="text" name="account_user" required>
      <label for="senha"><b>Senha</b></label>
      <input type="password" name="account_passwd" required>
      <button id="logar" type="submit" class="opcao" style="margin-right: 5px;"><i class="fas fa-user-circle" style="margin-right: 5px;" aria-hidden="true"></i>LOGIN</button>

  </form>

The page that receives the form system.php that’s the one:

$_POST["account_user"];
$_POST["account_passwd"];

//funções que podem ser utilizadas em qualquer parte
include "biblioteca.php";
header('Access-Control-Allow-Origin: *');
header('Content-Type: application/json');

//EXIBIR ERROS
ini_set('display_errors', 0);
ini_set('display_startup_errors', 0);
error_reporting(E_ALL);

function login_admin(){

    //Verificar dados antes da Query

        $Usuario = $GLOBALS["con"]->query("SELECT * FROM accounts WHERE account_user='".$_POST['account_user']."' AND account_passwd='".$_POST['account_passwd']."'");
        if(mysqli_num_rows($Usuario)>0){

            //Armazenar
            setcookie("account_user", $_POST['account_user']);
            setcookie("account_passwd", $_POST['account_passwd']);
            header('Location: admnistrativo.php');
        }

}

My.php library file:

    function db_connect(){

    $errocon = "Configura?¡ì??o de Banco de Dados Errada!";
    $errodb = "Banco de Dados Inexistente!";

    $GLOBALS["con"] =  mysqli_connect('localhost', 'root', '', 'empreendedor');
}

//Transforma Query em objeto.
function convert_query_to_json($query){
    $rows = array();
    if($query!=null){
        while($r = mysqli_fetch_assoc($query)) {
            $rows[] = $r;
        }
    }
    return $rows;
}

If all went well, the user would be redirected to localhost/admnistrativo.php

To validate login, run

if(isset($_COOKIE['account_passwd']) && isset($_COOKIE['account_user'])){
                db_connect();
                $Usuario = $GLOBALS["con"]->query("SELECT * FROM accounts WHERE account_user='".$_COOKIE['account_user']."' AND account_passwd='".$_COOKIE['account_passwd']."'");

if(mysqli_num_rows($Usuario)>0){
                    $Usuario = convert_query_to_json($Usuario)[0];

Remembering that when I manually set the $_COOKIE, I can access the system, the problem, I believe, is on the page system.php

php mysql post cookies

2 answers

0

This system file, are you passing it all here? Because if it is integer you are setting the login_admin function but you are not calling it in your code, so setting the cookie manually works. You are also not calling db_connect() before the query in login_admin.

I would also recommend you not to concatenate the cookie or post in your database query string as this opens security loopholes. The user will be able to insert data not foreseen in its string. Here has a good example, but it would be basically like this:

$Usuario = $GLOBALS["con"]->prepare("SELECT * FROM accounts WHERE account_user=? AND account_passwd=?");
$stmt->bind_param("i", $_COOKIE['account_user'])
$stmt->bind_param("i", $_COOKIE['account_passwd'])
$stmt->execute

0


Andre analyzing the posted content can see that missed you invoke the function login_admin. It exists but at no time is called to authenticate and create cookies if successful. See the settings below, I hope it helps:

<%
// Funções que podem ser utilizadas em qualquer parte
include "biblioteca.php";
header('Access-Control-Allow-Origin: *');
header('Content-Type: application/json');

// EXIBIR ERROS
/* ... */

// Verificar dados antes da Query
// >>> Atenção com injeção SQL!!! <<<
$Usuario = $GLOBALS["con"]->query("SELECT * FROM accounts WHERE account_user='".$_POST['account_user']."' AND account_passwd='".$_POST['account_passwd']."'");
if(mysqli_num_rows($Usuario) > 0) {
    // Armazenar
    setcookie("account_user", $_POST['account_user']);
    setcookie("account_passwd", $_POST['account_passwd']);
    header('Location: admnistrativo.php');
} else {
    // TODO Enviar o usuário para uma outra página visto
    // que a autenticação falhou
    header('Location: admnistrativo.php'); // >>> Faça seu ajuste aqui <<<
}
%>

Browser other questions tagged php mysql post cookies

You are not signed in. Login or sign up in order to post.