PHP webpage has a direct loop error?

Question

I have been trying to create a login page in PHP to no avail though, i have been getting a "This webpage has a redirect loop" error when i try to run it, so i was wondering if anyone could possibly spot my mistakes? Here is my code:

<?php
require_once("nocache.php");
$id = $_POST["id"];
$pword = $_POST["pword"];
if (!empty($_POST){
if (!empty($id) || !empty($pword)){
require_once("dbconn.php");
 $sql = "select username, school_type from school_info where username = '$id' and password = '$pword'";
 $rs = mysql_query($sql, $dbConn);
 if (mysql_num_rows($rs)> 0 ) {
     session_start();
     $_SESSION["who"] = $id;
     $_SESSION["school_type"] = mysql_result($rs,0,"school_type");
     header("location: EOI_home.php");
    }
}
else {
header("location: login.php");}     
} else {
   header("location: login.php");}

?>

<form method="POST" action="<?php echo $_SERVER["PHP_SELF"];?>" id="login">

ID: <input type="text" name="id" /><br/>
pword: <input type="password" name="pword" /><br/>

<input type="submit" value="log in" />&nbsp;
<input type="reset" />

</form>

If id and pword aren't set in $_POST, the page will redirect to itself. And they still won't be set. You should check to see if the form has been submitted before running any other checks. — andrewsi, May 23 '13 at 16:43
is the code you posted from `login.php`? If so `if (empty($id) || empty($pword)){header("location: login.php");}` is your issue... it will always be `empty` until you POST to it — naththedeveloper, May 23 '13 at 16:43
Then @andrewsi is correct - check that the form is posted before anything else... this has been answered lots of times, so use search: http://stackoverflow.com/questions/7711466/checking-if-form-has-been-submitted-php — naththedeveloper, May 23 '13 at 16:46

naththedeveloper · Accepted Answer · 2013-05-23T17:07:53.633

All of the answers given are technically correct, the way you've set your logic is incorrect... take the following example and port it across into your own code.

<?php

$id = $_POST["id"];
$pword = $_POST["pword"];

if(!empty($_POST)) {
    // The form was submitted, perform validation here.

    if(!empty($id) || !empty($pword)) {
        // Form validation passed, insert into database
    } else {
        // Form validation failed, display an error or redirect back
    }
} else {
    // Form was not submitted, so display the form.
}

?>

Edit I was hoping not to have to do the work for you (since it's best you learn) but perhaps seeing the above code, and the below code you can learn from it that way?

<?php
require_once("nocache.php");

$id = $_POST["id"];
$pword = $_POST["pword"];

if(!empty($_POST)) {
    if(!empty($id) || !empty($pword)) {
        require_once("dbconn.php");
        $sql = "select username, school_type from school_info where username = '$id' and password = '$pword'";

        $rs = mysql_query($sql, $dbConn);

        if(mysql_num_rows($rs) > 0) {
            session_start();
            $_SESSION["who"] = $id;
            $_SESSION["school_type"] = mysql_result($rs, 0, "school_type");

            header("location: EOI_home.php");
        }
    } else {
        header("location: login.php");
    }
}
?>

<form method="POST" action="<?php echo $_SERVER["PHP_SELF"];?>" id="login">
    ID: <input type="text" name="id" /><br/>
    pword: <input type="password" name="pword" /><br/>

    <input type="submit" value="log in" />&nbsp;
    <input type="reset" />
</form>

i have edited my original code based on your information, would it now be correct? — AJJ, May 23 '13 at 17:04
by that i mean the logic, im quite new to PHP so excuse my obvious mistakes — AJJ, May 23 '13 at 17:04
@francis have a look at my edit, maybe looking at that example (which implements your code) will show what I mean — naththedeveloper, May 23 '13 at 17:08
@francis - yeh sorted it, was stack overflow formatting it funny because I missed an indent - should be fixed now — naththedeveloper, May 23 '13 at 17:11

score 0 · Answer 2 · answered May 23 '13 at 16:46

The loop is here:

$id = $_POST["id"];
$pword = $_POST["pword"];
if (empty($id) || empty($pword)){
    header("location: login.php"); }

If the $_POST values are not set, the redirect happens. Since you are not setting the values before the redirect, it happens again. And again. And again...

To correct this problem, display your form if the $_POST values are not set.

PHP webpage has a direct loop error?

2 Answers2