Umleitung funktioniert nicht php

Question

In der crudindex.php wenn Benutzer Login mit Admin und Passwort admix, echo einige Informationen und Redirect zu crudview.php. Hier ist jeder Benutzer, der auf den Login-Button klickt, der zu crudview.php umleitet.

Voraussetzung: Für Benutzer admin wird es umleiten crudview und anderen crudeditusr.php

2) Muß ich Session-ID regenerieren und auch den Code für Login-Seite setzen?

3) Der Geheimschlüssel kann ich es in eine beliebige Zahl ändern?

<?php 
$con = mysqli_connect("127.0.0.1", "kkits996_ganesh", "", "kkits996_testmysql") or die("Error " . mysqli_error($con)); 

// Declare array for errors 
$error=array();  
//-----------------------------------------------------// 
//---------------------CSRF PROTECT--------------------// 
//-----------------------------------------------------// 

//generate a token/ 
function generateToken($formName) 
{ 
    //secret_key change it 
    $secretKey ='?@GEskki58668445744!Erpoejsj48'; 
    if (!session_id()) 
    { 
     session_start(); 
    } 
    $sessionId = session_id(); 
    return hash('sha512', $formName.$sessionId.$secretKey); 
} 

//check if the token is valid 
function checkToken($token, $formName) 
{ 
    return $token === generateToken($formName); 
} 

//Separate REGISTER AND LOGIN TO NOT BE CONFUSED// 

//-----------------------------------------------------// 
//---------------------REGISTRATION--------------------// 
//-----------------------------------------------------// 
if (isset($_POST['register']) && checkToken($_POST['csrf_token'], 'userFromRegistration') ) 
{ 
    //if the username required 
    if(!preg_match('/^[A-Za-z0-9]+$/',$_POST['uname'])) 
    { 
     $error['username'] = "Username must have alphanumeric characters "; 
    } 

    //if password has less than 6 characters 
    if(strlen($_POST['pwd']) < 6) 
    { 
     $error['password'] = "Password must be minimum of 6 characters"; 
    } 

    //if password does not match 
    if($_POST['pwd'] !== $_POST['cpwd'] OR empty($_POST['cpwd'])) 
    { 
     $error['passwordmatch'] = "Password and Confirm Password doesn't match"; 
    } 

    //if empty error array 
    if(!array_filter($error)) 
    { 
     //trim data 
     $username = trim($_POST['uname']); 

     // Hash you password, never save PASSWORD AS PLAIN TEXT!!!!!!! 
     // MYSQL! : Allow your storage to expand past 60 characters (VARCHAR 255 would be good) 
     $password = password_hash($_POST['pwd'], PASSWORD_DEFAULT); 

     //if the id is autoincremented leave id 
     //----------USE PREPARED STATEMENT FOR SQL INJECTION---// 

     $query = 'INSERT INTO cruduser (username, password) VALUES (?,?)'; 
     $stmt = $con->prepare($query); 
     $stmt->bind_param("ss", $username, $password); 
     $stmt->execute(); 
     $stmt->close(); 
     $con->close(); 

     //Redirect because we need to consider the post request from crudadd.php 
     header('Location: crudaddusr.php') ; 
    } 
} 

//-----------------------------------------------------// 



//------------------------LOGIN as admin---------------------// 

if (isset($_POST['login'])) 
{ 
    if ($_POST['uname']="admin" && $_POST['pwd']="adminx") 
    { 
     echo $_POST['uname']; 
     echo $_POST['pwd'];  
     $con->close(); 
     header ("Location: crudview.php"); 
    } 
} 

//------------------------LOGIN as Normal-----------------------// 

if (isset($_POST['login']) && checkToken($_POST['csrf_token'], 'userFromRegistration') ) 
{ 
    //if the username required 
    if(!preg_match('/^[A-Za-z0-9]+$/',$_POST['uname'])) 
    { 
     $error['username'] = "Username must have alphanumeric characters "; 
    } 

    //if password has less than 6 characters 
    if(strlen($_POST['pwd']) < 6) 
    { 
     $error['password'] = "Password must be minimum of 6 characters"; 
    } 

    //if password does not match 
    if($_POST['pwd'] !== $_POST['cpwd'] OR empty($_POST['cpwd'])) 
    { 
     $error['passwordmatch'] = "Password and Confirm Password doesn't match"; 
    } 

    //if empty error array 
    if(!array_filter($error)) 
    { 
     //trim data 
     $uname = trim($_POST['uname']); 

     // Hash you password, never save PASSWORD AS PLAIN TEXT!!!!!!! 
     // MYSQL! : Allow your storage to expand past 60 characters (VARCHAR 255 would be good) 
     //$pwd = password_hash($_POST['pwd'], PASSWORD_DEFAULT); 
     $pwd = $_POST['pwd']; 

     $con->close(); 

     //Redirect because we need to consider the post request from crudadd.php 
      header("Location: crudeditusr.php?suname=".$uname."&spwd=".$pwd); 


//   header("Location: crudeditusr.php?suname=$uname&spwd=$pwd"); 
    } 
} 
//-----------------------------------------------------// 
//if (isset($_POST['login'])) 
//{ 
    //what ever you want 
    //Use password_verify() and session_regenerate_id() 
    //to compare passwords and to generate a session id to prevent session fixation. 

//} 
//?> 

<!--HTMl PART--> 
<!DOCTYPE html> 
<html> 
    <head> 
     <title>"Login Registration"</title> 
     <!-- bootstrap link is downloaded from bootstrapcdn.com for css and js --> 
     <!-- col-mod-6 col-mod-offset are bootstrap related--> 
     <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"> 
     <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script> 
    </head> 
    <body> 
    <div class="container"> 
     <div class="row"> 
      <form method="post" action="" class="form-horizontal col-mod-6 col-mod-offset-3"> 
      <input type="hidden" name="csrf_token" value="<?php echo generateToken('userFromRegistration'); ?>" required/> 
      <h2>Login Registration</h2> 
      <div class="form-group"> 
       <label for="input" class="col-sm-2 control-label">Username : </label> 
       <div class="col-sm-10 <?php if(!empty($error['username'])){ echo 'has-error';} ?> "> 
        <input type="text" name="uname" class="form-control" id="input1" placeholder="Username"/> 
        <span class="help-block"><?php if (!empty($error['username'])) echo $error['username'];?></span> 
       </div> 
      </div> 
      <div class="form-group"> 
       <label for="input" class="col-sm-2 control-label">Password: </label> 
       <div class="col-sm-10 <?php if(!empty($error['password'])){ echo 'has-error';} ?>"> 
        <input type="password" name="pwd" class="form-control" id="input1" placeholder="Password"/> 
        <span class="help-block"><?php if (!empty($error['password'])) echo $error['password'];?></span> 
       </div> 
      </div> 
      <div class="form-group"> 
       <label for="input" class="col-sm-2 control-label">Confirm Password : </label> 
       <div class="col-sm-10 <?php if(!empty($error['passwordmatch'])){ echo 'has-error';} ?>"> 
        <input type="password" name="cpwd" class="form-control" id="input1" placeholder="Confirm Password"/> 
        <span class="help-block"><?php if (!empty($error['passwordmatch'])) echo $error['passwordmatch'];?></span> 
       </div> 
      </div> 
      <div class="row"> 

       <div class="col-mod-6 col-mod-offset-3"> 
        <button id="submit1" name="register" class="btn btn-primary pull-right">Register</button> 
        <button id="submit2" name="login" class="btn btn-secondary pull-right">Login</button> 
       </div> 
      </div> 
     </form> 
    </body> 
</html> 

Answer 1

Dieses Formular nicht einmal weil die Knöpfe type="Submit" nicht einreichen bekommen geschrieben sind.

Darüber hinaus müssen Sie eine Prüfung durchführen, um Aktionen zu unterscheiden, wenn auf login geklickt wird oder auf register geklickt wird.

Ihr Formular scheint eine Form der Registrierung zu sein. Fügen Sie die Aktion als $_SERVER["PHP_SELF"] in das Formular-Tag ein. Vorerst ändern

<button id="submit1" type='submit' name="register" class="btn btn-primary pull-right"> 
Register </button> 

Dies würde die Formulardaten auf der gleichen Seite posten und Ihr Scheck register Check funktionieren sollen.