I've tried creating a login page, but the what ever I put into the text fields and hit the login
button, it automatically redirects itself to the index page when it should notify the user wrong username/passowrd
; Why is that?
<html>
<body>
<div>
<form method="post" action="customer_login.php">
<table width='500' align='center' bgcolor='skyblue'>
<tr align='center'>
<td colspan ='4'><h2>Login/Register to Proceed</h2></td>
</tr>
<tr>
<td align='right'><b>Email:</b></td>
<td><input type='text' placeholder='Enter Email' name='c_email'/></td>
</tr>
<tr>
<td align='right'><b>Password:</b></td>
<td><input type='password' name='pass' placeholder="Enter Password"/></td>
</tr>
<tr align='center'>
<td colspan='4'><input type='submit' value="Login" name="login"/></td>
</tr>
</table>
<h2 style=' float:center;padding:10px;'><a href='customer_register.php' style='text-decoration:none;'> Don't have an account?</a></h2>
</form>
</div>
</body>
</html>
<?php
if(isset($_POST['login'])){
include("includes/db.php");
$username = strip_tags($_POST['c_email']);
$password = strip_tags($_POST['pass']);
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($username);
$password = mysqli_real_escape_string($password);
$sql = "select * from customer where customer_email ='$username' LIMIT 1";
$query_login = mysqli_query($con, $sql);
$row = mysqli_fetch_array($query_login);
$email = $row['customer_email'];
$db_pass = $row['customer_pass'];
if($password==$db_pass){
$_SESSION['customer_email'] = $email;
header("Location:index.php");
}else{
echo "<h2 style='color:red;'>Wrong Email/Password!</h2>";
}
}
?>
I've already start the session somewhere in index.php. This is an e-commerce website where the user can add items to the cart even without logging in but should log in during checkout.