PHP and MySQL Improved Login Help

software development

#1

Could someone tell me what’s wrong with the login script I’m using?

<?php // include the connection settings define('DB_HOST', 'HOST'); define('DB_USER', 'USER'); define('DB_PWD', 'PASSWORD'); define('DB_NAME', 'DATABASE'); // connect to the database $conn = new mysqli(DB_HOST, DB_USER, DB_PWD, DB_NAME); // process the form if (array_key_exists('login', $_POST) && !empty($_POST['login'])) { // create an empty array for missing fields $missing = array(); /* here, I'm going to create an array to hold the form fields. if the form fields are empty, I'll add them to the $missing array. */ $fields = array("F_Username" => $_POST['username'], "F_Pwd" => $_POST['pwd']); foreach($fields as $field => $value) { if (empty($field)) { array_push($missing, $field); } } // if $missing is empty, continue the processing if (empty($missing)) { // assign the form fields to variables $username = $fields["F_Username"]; $pwd = $fields["F_Pwd"]; // clean up the input $username = htmlentities($username, ENT_QUOTES, 'UTF-8'); $pwd = htmlentities($pwd, ENT_QUOTES, 'UTF-8'); $query = "SELECT user_id, username, FROM users WHERE username='$username' AND pwd ='$pwd'"; // prepare the statement if ($stmt = $conn->prepare($query)) { // execute $test1 = $stmt->execute(); if ($stmt->num_rows == 1) { session_set_cookie_params(900); session_start(); // bind the result $test3 = $stmt->bind_result($_SESSION['id'], $_SESSION['username']); // fetch the values $stmt->fetch(); header("Location: http://www.uhrebirth.com/staff/admin_center.php"); } else { die("Invalid Login!"); } $stmt->close(); $conn->close(); } } } ?>

Every time I submit the form, it just submits without redirecting me to the Admin page.