I am trying to create a basic login form which would check the user input against the database and respond accordingly.
Here is the main if statement:
if (isset($_POST['email'])) { //sets $email and $pw to what the user types
$email = $_POST['email'];
$pw = $_POST['pw'];
$user_ID = login($db, $email, $pw);
if ($user_ID) {
$id = $user_ID->user_ID;
echo "<p>$id Login success!</p>";
header("Location: index.php?page=profile&id=$id");
die();
}else {
echo "<p>Login Failed</p>";
echo $email;
echo $pw;
echo $user_ID;
}
}
and the function:
function login($db,$email, $pw) {
$inc_pw = md5($pw);
$sql = "SELECT user_ID FROM profile WHERE email = '$email' AND pw = '$inc_pw'";
$result = $db->query($sql);
return $result->fetchObject();
}
At present it always returns false and therefor Login failed. As far as i can tell it is not properly comparing the email and pw with what’s in the database but i am not sure how to fix it.
Thanks in advance for your help :)
