Session in php. It's not redirecting to the login page when a user wrongly inputs his information in the form

Question

When the user correctly inserts his information in the login form it redirects to the home page which is what i want but i'm having a problem when the user inputs wrong info. It just shows connected successfully and database successfully selected. It stops on the page checklogin.php. As if it doesn't even read the session part. Please go through my code. Here's my code for the register form:

<?php
$con=mysql_connect("localhost","root","");
if(!$con){
die('Could not connect:' .mysql_error());
}
echo "Connected successfully.";
$database=mysql_select_db('90210store');
if(!$database){
die('<br>Could not select database:' .mysql_error());
}
echo "<br>Database successfully selected";

$FirstName=$_POST['FirstName']; //to get the information written in the form
$LastName=$_POST['LastName'];
$EmailAdd=$_POST['EmailAdd'];
$check_list=$_POST['check_list'];
$dob=$_POST['dob'];
$Gender=$_POST['gender'];
$Password=$_POST['Password'];

$first= "INSERT INTO login
    (FirstName,LastName,EmailAdd,Newsletter,DOB,Gender,Password)
    VALUES
    ('$FirstName','$LastName','$EmailAdd','$check_list','$dob','$Gender','$Password')";

$result=mysql_query($first);

if($result){
echo('<br>Data enterred successfully');
}
else{
echo('<br>Fail');
}


if($result)
{
header('Location: phpredirectlogin.php');
}

mysql_close($con);

?>

Then this is the page it redirects to(phpredirectlogin.php):

<?php
echo "<script>alert('Redirecting you to the login page');</script>";
echo "<script>window.location = 'account.html';</script>";
?>

This is the php page which checks the login(checklogin.php):

<?php

$Email=$_POST['email'];
$Pwd=$_POST['pwd'];

$con=mysql_connect("localhost","root","");
if(!$con){
die('Could not connect:' .mysql_error());
}
echo "Connected successfully.";
$database=mysql_select_db('90210store');
if(!$database){
die('<br>Could not select database:' .mysql_error());
}
echo "<br>Database successfully selected";

$result = mysql_query("SELECT * FROM login
     WHERE EmailAdd='$Email' AND Password='$Pwd'") or  die('QueryFailed:'.mysql_error());

while($row=mysql_fetch_array($result))
{
session_start();
$_SESSION['ID']=1234;
header('Location:checklogin1.php');
}
mysql_close($con);
?>

Then this page redirects the user to checklogin1.php.The code is:

<?php

session_start();

if(!isset($_SESSION['ID']))
{
header('Location:account.html');
}
else
{
header('Location:90210.html');
}

?>

There has to be some error somewhere but i can't seem to figure it out. Any help will be appreciated. Thank you.

Answer 1

Change this

$result = mysql_query("SELECT * FROM login
     WHERE EmailAdd='$Email' AND Password='$Pwd'") or  die('QueryFailed:'.mysql_error());

while($row=mysql_fetch_array($result))
{
session_start();
$_SESSION['ID']=1234;
header('Location:checklogin1.php');
}

to this

$result = mysql_query("SELECT * FROM login
     WHERE EmailAdd='$Email' AND Password='$Pwd' LIMIT 1") or  die('QueryFailed:'.mysql_error());

if (mysql_num_rows($result) == 1 ) {
    $_SESSION['ID']=1234;
    header('Location:checklogin1.php');
}

And get the session_start() right to the beginning of the code.

Moreover, you could redirect to the respective pages from here itself so that you have only one redirect instead of two and get rid of checklogin1.php. Thus you may edit the above condition to the following:

if(mysql_num_rows($result) == 1) {
        $_SESSION['ID']=1234;
        header('Location:90210.html');
} else {
       header('Location:account.html');
}

Answer 2

At first remove all statuses: ex. echo "<br>Database successfully selected";

session_start();

should be at in each page on first line. In checklogin.php add checking mysql result count:

$res_count = mysql_num_rows($result);
if($res_count != 0) {
    $_SESSION['ID']=1234;
    header('Location:checklogin1.php');
}