I am testing the login system for a study planner that I am building. As for now, the application seems to let me log in and logout okay but the current problem I have is that it won’t display an error messages ($error
variable) on the index.php (which were initialised in the login.php file) when it is supposed to. So, I am wondering if someone could please point me in the right direction, as I cannot seem to figure out what I am doing wrong.
I could post the whole files but apart from the fact that I don’t want to inundate a potential helper, I have included the files which I believe the most important, that is, the login.php and index.php but I can include the others too if need be.
Thanking you in advance.
Login.php:
<?php
// Start session
session_start();
// Variable to store error message
$error = '';
// If the login form (Note that the 'submit' refers to the 'name' attribute of the login form) has been submitted...
if (isset($_POST['submit'])) {
// If username or password is not provided...
if (empty($_POST['username']) || empty($_POST['password'])) {
// ...tell user that login details are invalid.
$error = "Please fill in both your username and your password";
// Else...
} else {
// ...put the provided username and password in variables $username and $password, respectively
$username = $_POST['username'];
$password = $_POST['password'];
// Establish connection to the server
$mysqli = mysqli_connect("localhost", "root", "");
// set up measures to counter potential MySQL injections
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($mysqli, $username);
$password = mysqli_real_escape_string($mysqli, $password);
// Select Database
$db = mysqli_select_db($mysqli, "p00702");
// SQL query to fetch information of registerd users and find user match.
$query = mysqli_query($mysqli, "SELECT * from logins WHERE password='$password' AND username='$username'");
// Return the number of rows of the query result and put it in $rows variable
$rows = mysqli_num_rows($query);
// If rows are equal to one...
if ($rows == 1) {
// Initialize session with the username of the user...
$_SESSION['login_user'] = $username;
// ...and redirect to the homepage.
header("Location: welcome.php");
// Make sure that codes below do not execut upon redirection.
exit;
// Else,
} else {
// redirect user to the home page (index.php)
header("Location: index.php");
// and tell user that the login credentials are invalid.
$error = "Username or Password is invalid";
}
// ...and close connection
mysqli_close($mysqli);
}
}
Index.php:
<?php
include ('login.php');
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<link rel="shortcut icon" type="image/png" href="/images/favicon.png"/>
<title>Just-Read</title>
<link rel="stylesheet" type="text/css" href="css/styles.css">
</head>
<body>
<!-- Link to external JavaScript file -->
<script src="javascript/validator.js"></script>
<div id="container">
<div id="header">
<!-- Web site Logo -->
<div class="logo">
<img src="images/logo.png" width="128" height="93.5" alt="Logo" class="logo"/>
</div>
<div id="logoText">
<h1>Just Read</h1>
</div>
<div id="registerLink">
<!-- Registration link -->
<h5>New around here? <a href="registration.php">Register</a></h5>
</div>
</div>
<div id="leftColumn">
<h4>Your study companion</h4>
</div>
<div id="rightColumn">
<!-- Authentication Form -->
<form name="authentication" action="login.php" autocomplete="on" method="POST">
<div class="login">
<label><b>Username*</b></label>
<input type="email" id="username" name="username" placeholder="Enter your email" autofocus value=""/>
<label><b>Password*</b></label>
<input type="password" id="password" name="password" placeholder="Enter your password" value=""/>
<button name="submit" type="submit">Log in</button>
<div id="mandatoryFields">
<h4>* Mandatory Fields</h4>
</div>
</div>
<span>
<?php
echo $error;
?>
</span>
</form>
</div>
<div id="footer">
<div id="footerText">
Copyright © 2017, Chizzy Meka.
</div>
</div>
</div>
</body>
</html>