Login system - header(Location:) won't redirect to restricted page

So I'm trying to build a login and registration system but when the login form is submitted all the PHP seems to run fine except for the "header(Location: restricted.php)". Nothing happens, no errors show up, and when I click submit the page just refreshes.

Here's the code for the login page:

<?php 
        include("connection.php");

        if (isset ($_POST["submit"]) ) {

            $email = $_POST["email"];
            $password = $_POST["password"];

            $result = mysqli_query($conn, "
                SELECT * FROM users WHERE email = '$email' AND password = '$password'
            ");

            $row = $result->fetch_array(MYSQLI_BOTH);

            session_start();
            $_SESSION["UserID"] = $row["UserID"];
            $_SESSION["first_name"] = $row["first_name"];
            $_SESSION["last_name"] = $row["last_name"];
            $_SESSION["email"] = $row["email"];
            $_SESSION["username"] = $row["username"];
            $_SESSION["password"] = $row["password"];

            header('Location: restricted.php');

        }

    ?>

<!DOCTYPE html>
<html>

<?php 

$title = "Sign In";
$css = "";

include('../include/head.php');
?>


<body>

<h2>Log In</h2>

<!--LOGIN FORM-->   
<form action="signin.php" method="POST">
    Email <input type="text" name="email" /> <br />
    Password <input type="password" name="password" />
    <br /> <br />

    <input type="submit" name="submit">
</form>

<a href="signup.php">Sign Up</a>

</body>
</html>

And here's the code for the restricted page:

<?php 
    session_start();
    if ( isset($_SESSION["UserID"] ) ) {

    } else {
        header('Location: signin.php')
    } 
?><!DOCTYPE html>

<html>    
<head>
    <title>Restricted Page</title>
</head>

<body>
    <p><?php echo 'Welcome ' . $_SESSION["first_name"]; ?></p>
</body>
</html>

Any help would be greatly appreciated.

Answers


The error:

You forgot to terminate the script after sending the header, you should also use an absolute path in your header as outlined by HTTP/1.1

header("Location: http://example.com/restricted.php");
exit();

or

exit(header("Location: http://example.com/restricted.php"));

Restricted.php also needs the same thing on line 6.

Notes:

As mentioned use the php functions to hash.

This is very unsecure, you need to hash the password before storing them in the database, this prevents them from both being seen by hackers with access to your database, admins with access to plain text passwords are bad also.


Need Your Help

sqlite3 close statement is not working

c sqlite

I'm using a C program with sqlite3.