I am currently working on a little website and I came across the problem that, whenever I go on the site the error message is there.
How can I make it that it only appears after the form is submitted and the values are wrong?
Thats the code:
<?php
session_start();
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
if($_POST['username'] and $_POST['userpasswd'])
{
require './classes/_connection.php';
require './classes/_account.php';
$account = new Account();
$username = $_POST['username'];
$password = $_POST['userpasswd'];
$username = trim($username);
$password = trim($password);
$_SESSION["username"] = $username;
try
{
$login = $account->loginWebsite($username, $password);
}
catch (Exception $e)
{
echo $e->getMessage();
die();
}
if ($login)
{
header ("LOCATION: ./dashboard.php");
}
else
{
// show the alert message here
}
}
}
else
{
}
?>
<html lang="en">
<head>
<title>my site</title>
<!--- META -->
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<!--- CSS --->
<link rel="stylesheet" href="./css/style.css">
<link rel="stylesheet" href="./css/bootstrap.css">
<link rel="stylesheet" href="./css/messagebox.css">
</head>
<body>
<div class="vertical-center">
<div class="container">
<div class="row">
<div class="col-xs-12 col-sm-12 col-md-12 d-flex align-items-center justify-content-center">
<div class="d-flex align-items-center justify-content-center text-center loginArea">
<div class="container">
<form action="" method="post">
<div class="alert">
<span class="closebtn" onclick="this.parentElement.style.display='none';">×</span>
Wrong username or password
</div>
<div class="col-xs-12 col-sm-12 col-md-12">
<input class="inputrow" required type="text" size="40" maxlength="250" name="username" placeholder="Username" autofocus>
</div>
<div class="col-xs-12 col-sm-12 col-md-12">
<input class="inputrow" required type="password" size="40" maxlength="250" name="userpasswd" placeholder="Password">
</div>
<div class="col-xs-12 col-sm-12 col-md-12">
<input class="inputbutton" type="submit" value="Login">
</div>
</form>
</div>
</div>
</div>
</div>
</div>
It is about the:
<div class="alert">
<span class="closebtn" onclick="this.parentElement.style.display='none';">×</span>
Wrong username or password
</div>
How can I make it that it only appears after the php if statement is false?
You must write this at the end of your code:
<?php } ?>
and modify your last else to:
else {
Full snippet: https://pastebin.com/raw/yCK6M2v8
You can modify your code like below
else
{
// show the alert message here
?>
<div class="alert">
<span class="closebtn" onclick="this.parentElement.style.display='none';">
×</span> Wrong username or password
</div>
<?php
}
Related
I'm currently trying to finetune a login script, only I have one small issue- the HTML isn't showing. I tried to put the HTML in front of the PHP, but the
session_start(); depends on the fact that it's at the top, so if I put the HTML before the PHP, the HTML renders, but the PHP is invalid. This is normal- however, the fact that the HTML doesn't show isn't.
Just to clarify, this is a .php document.
FULL CODE:
<?php
ob_start();
session_start();
require_once 'dbconnect.php';
// it will never let you open index(login) page if session is set
if ( isset($_SESSION['user'])!="" ) {
header("Location: home.php");
exit;
}
if( isset($_POST['btn-login']) ) {
$email = $_POST['email'];
$upass = $_POST['pass'];
$email = strip_tags(trim($email));
$upass = strip_tags(trim($upass));
$password = hash('sha256', $upass); // password hashing using SHA256
$res=mysql_query("SELECT userId, userName, userPass FROM users WHERE userEmail='$email'");
$row=mysql_fetch_array($res);
$count = mysql_num_rows($res); // if uname/pass correct it returns must be 1 row
if( $count == 1 && $row['userPass']==$password ) {
$_SESSION['user'] = $row['userId'];
header("Location: home.php");
} else {
$errMSG = "Wrong Credentials, Try again...";
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login & Registration System</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<link rel="stylesheet" href="http://demos.codingcage.com/signup-login/style.css" type="text/css" />
</head>
<body>
<div class="container">
<div id="login-form">
<form method="post" autocomplete="off">
<div class="col-md-12">
<div class="form-group">
<h2 class="">Sign In.</h2>
</div>
<div class="form-group">
<hr />
</div>
<?php
if ( isset($errMSG) ) {
?>
<div class="form-group">
<div class="alert alert-danger">
<span class="glyphicon glyphicon-info-sign"></span> <?php echo $errMSG;
?>
</div>
</div>
<?php
}
?>
<div class="form-group">
<div class="input-group">
<span class="input-group-addon"><span class="glyphicon glyphicon-envelope"></span></span>
<input type="email" name="email" class="form-control" placeholder="Your Email" required />
</div>
</div>
<div class="form-group">
<div class="input-group">
<span class="input-group-addon"><span class="glyphicon glyphicon-lock"></span></span>
<input type="password" name="pass" class="form-control" placeholder="Your Password" required />
</div>
</div>
<div class="form-group">
<hr />
</div>
<div class="form-group">
<button type="submit" class="btn btn-block btn-primary" name="btn-login">Sign In</button>
</div>
<div class="form-group">
<hr />
</div>
<div class="form-group">
Sign Up Here...
</div>
</div>
</form>
</div>
</div>
</body>
</html>
put this at the top..
error_reporting(E_ALL);
ini_set('display_errors', 1);
and it will tell you what the error is so people on stack overflow don't have to guess..
also, mysql_* functions are deprecated. if you want to get hacked, that's cool. if not, maybe look into PDO instead.
EDIT
I can't comment on the other answer yet so I'll just say here that isset returns a boolean. Comparing a boolean to an empty string with == has the exact same effect as comparing it with false ...this is unconventional, but it's not incorrect and it's certainly not causing any kind of error.
Proof: https://3v4l.org/vr8UU
The other answer is wrong.
if (isset($_SESSION['user'])!="" ) { this is not how isset() works.
Use: if (isset($_SESSION['user'])) { instead.
http://php.net/manual/en/function.isset.php
And remove the exit. It isn't necessary at this place.
Okay, So I have this log in page here all I want it to do is log me in and send me too "index.php". I know my email is correct and the password and everything is good. it all works it just stays on the same page though instead of actually sending me to "index.php". Im new to php and it is probably something stupid but any help would be greatly appreciated. Please and Thank you! :)
<link rel="stylesheet" href="styles.css" />
<?php
session_start();
if(isset($_SESSION['usr_id'])!="") {
header("Location: index.php");
}
include_once 'dbconnect.php';
//check if form is submitted
if (isset($_POST['login'])) {
$email = mysqli_real_escape_string($conn, $_POST['email']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
$result = mysqli_query($conn, "SELECT * FROM users WHERE email = '" . $email. "' and password = '" . md5($password) . "'");
if ($row = mysqli_fetch_array($result)) {
$_SESSION['usr_id'] = $row['id'];
$_SESSION['usr_name'] = $row['name'];
header("Location: index.php");
$successmsg = "SWEET YOU'RE IN!";
//echo "success";
} else {
$errormsg = "Incorrect Email or Password!!!";
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>PHP Login Script</title>
<meta content="width=device-width, initial-scale=1.0" name="viewport" >
<link rel="stylesheet" href="css/bootstrap.min.css" type="text/css" />
</head>
<body>
<div class="container-fluid">
<!-- add header -->
<div class="navbar-header">
</div>
<!-- menu items -->
<div class="collapse navbar-collapse" id="navbar1">
<ul class="navbar">
<li class="active">Login</li>
<li>Sign Up</li>
</ul>
</div>
</div>
<div class="container">
<div class="row">
<div class="col-md-4 col-md-offset-4 well">
<form role="form" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="loginform">
<fieldset>
<legend>Login</legend>
<div class="form-group">
<label for="name">Email</label>
<input type="text" name="email" placeholder="Your Email" required class="form-control" />
</div>
<div class="form-group">
<label for="name">Password</label>
<input type="password" name="password" placeholder="Your Password" required class="form-control" />
</div>
<div class="form-group">
<input type="submit" name="login" value="Login" class="btn btn-primary" />
</div>
</fieldset>
</form>
<span class="text-danger"><?php if (isset($errormsg)) { echo $errormsg; } ?></span>
<span class="text-success"><?php if (isset($successmsg)) { echo $successmsg; } ?></span>
</div>
</div>
</div>
</body>
</html>
Where you have this:
if(isset($_SESSION['usr_id'])!="") {
You want this:
if(isset($_SESSION['usr_id']) && $_SESSION['usr_id'] != "") {
Note that what's in $_SESSION['usr_id'] will be the id column from your database. It's not clear from context if such a column exists, so perhaps double check that there really is a value there before the initial redirect (i.e., just after checking the credentials).
Side note: don't use MD5() to hash passwords. MD5 isn't as secure as you'd want a password hash to be.
I have 2 projects 1 is just for checking username and password if they exist in the database,which has the function password_verify() working , and the other u can sign up and then log in, but in this 1 the function password_verify is always returning false even thought i have the same code written in both but changed the table name i will post the project, so if anyone can help me please.
I did check that it is connecting to the database normally and returning the email result correct but when it comes to comparing hashed pass with the one entered it's always false.
Index.php is the main page and contains only two php lines:
include("signup.php");
include("login.php");
Connection.php
<?php
$server="localhost";
$db_username="myusername";
$db_password="mypassword";
$db="test_db";
$conn=mysqli_connect($server,$db_username,$db_password,$db);
if(!$conn)
die ("Connection Failed: ".mysqli_connect_error());
?>
signup.php
<?php
session_start();
if(isset($_POST['signup']))
{
function validateFormData($formData)
{
$formData=trim(stripcslashes(htmlspecialchars($formData)));
return $formData;
}
$email=validateFormData($_POST['email']);
$password=validateFormData($_POST['password']);
if(!$_POST['email'])
$error.="Please enter an email<br>";
else if(!filter_var($_POST['email'],FILTER_VALIDATE_EMAIL))
{
$error.="Please enter a valid email<br>";
}
if(!$_POST['password'])
$error.="Please enter a password<br>";
else
{
if(strlen($_POST['password'])<8)
$error.="Password must contain at least 8 characters<br>";
if(!preg_match('`[A-Z]`',$_POST['password']))
$error.="Password must contain at least one capital letter<br>";
}
if($error)
{
echo "<div class='alert alert-danger text-center lead'><a class='close red' data-dismiss='alert'>×</a>".$error."</div>";
}
else
{
include('connection.php');
$query="SELECT * FROM `diary` WHERE email='".mysqli_real_escape_string($conn,$email)."'";
$result=mysqli_query($conn,$query);
$results=mysqli_num_rows($result);
if($results)
echo "<div class='alert alert-danger text-center lead'>This email already exists, do you want to log in?<a class='close red' data-dismiss='alert'>×</a></div>";
else
{
$selectUser=mysqli_real_escape_string($conn,$email);
$hashedPass=password_hash($password,PASSWORD_DEFAULT);
$query="INSERT INTO `diary`(`email`, `password`) VALUES ('$selectUser','$hashedPass')";
mysqli_query($conn,$query);
echo "<div class='alert alert-success text-center lead'>You've been signed up!<a class='close green' data-dismiss='alert'>×</a></div>";
$_SESSION['id']=mysqli_insert_id($conn);
}
}
}
?>
login.php
<?php
if(isset($_POST['login']))
{
function validateFormData($formData)
{
$formData=trim(stripcslashes(htmlspecialchars($formData)));
return $formData;
}
$formEmail=validateFormData($_POST['loginEmail']);
$formPass=validateFormData($_POST['loginPassword']);
$newPass=password_hash($formPass,PASSWORD_DEFAULT);
echo $newPass;
include("connection.php");
$query="Select * from diary where email='$formEmail' ";
$result=mysqli_query($conn,$query);
if(mysqli_num_rows($result)>0)
{
while($row=mysqli_fetch_assoc($result))
{
$LogEmail= $row['email'];
$LogPass= $row['password'];
echo "<br>".$LogPass;
}
if(password_verify($newPass,$LogPass))
{
echo "<br>Correct Password";
}
else
echo "<br>Not Correct";
}
}
?>
output of $newPass is :"$2y$10$dw0AtEExMc41p4nUB3W9kOOWTcNZmQev9jM4emNn7oQNODfu6Ld.q"
output of $LogPass is : "$2y$10$biz6Z5nxsMZXNf7p3ebqw.pksPb1VhWEmoan776rMqOC7VcFRQbrK"
Index
<?php
include("signup.php");
include("login.php");
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<title>Secret Diary</title>
<link rel="stylesheet" href="css/Normalize.css">
<link rel="stylesheet" href="bootstrap/css/bootstrap.min.css">
<link rel="stylesheet" href="css/style.css">
<!--[if IE]>
<script src="https://cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/respond.js/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body>
<div class="container">
<form class="form-horizontal emailForm" role="form" method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']);?>">
<legend><h1 class="text-center">Sign Up</h1></legend>
<div class="form-group">
<label class="control-label col-sm-2" for="email" >Email:</label>
<div class="col-sm-10">
<input type="email" class="form-control" style="width:90%" id="email" placeholder="Enter Email" name="email" value="<?php echo addslashes($_POST['email']);?>">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="pwd">Password:</label>
<div class="col-sm-10">
<input type="password" class="form-control" style="width:90%" id="pwd" placeholder="Password" name="password">
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" class="btn btn-success " id="btnClick" name="signup">Sign Up</button>
</div>
</div>
</form><!--SIGN UP-->
<form class="form-horizontal emailForm" role="form" method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']);?>">
<legend><h1 class="text-center">Log In</h1></legend>
<div class="form-group">
<label class="control-label col-sm-2" for="LogInEmail" >Email:</label>
<div class="col-sm-10">
<input type="email" class="form-control" style="width:90%" id="LogInEmail" placeholder="Enter Email" name="loginEmail" value="<?php echo addslashes($_POST['loginEmail']);?>">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="LogInPassword">Password:</label>
<div class="col-sm-10">
<input type="password" class="form-control" style="width:90%" id="LogInPassword" placeholder="Password" name="loginPassword">
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" class="btn btn-success " id="btnClick" name="login">Log In</button>
</div>
</div>
</form><!--LOG IN-->
</div>
<script src="js/JQuery.min.js"></script>
<script src="bootstrap/js/bootstrap.min.js" type="text/javascript"></script>
<script src="js/script.js" type="text/javascript"></script>
</body>
</html>
You overwrite your $password when you include your dbconnection.
include('connection.php');
has:
$password="mypassword";
Previously you set:
$password=validateFormData($_POST['password']);
so your hashed password is not the user's password, but your DB password.
I would prefix all DB credentials variables with db_. So your database password variable would then be $db_password. This will allow you to have distinct variables throughout your project (I'd think).
Additionally you should be using $formPass, not $newpass. The $newpass is going to be double hashed at the verify function.
$formEmail=validateFormData($_POST['loginEmail']);
$formPass=validateFormData($_POST['loginPassword']);
$newPass=password_hash($formPass,PASSWORD_DEFAULT);
so change:
if(password_verify($newPass,$LogPass))
to:
if(password_verify($formPass, $LogPass))
password_verify expects the cleartext password as its first argument. To fix your code, remove this line:
$newPass=password_hash($formPass,PASSWORD_DEFAULT);
And change this line:
if(password_verify($newPass,$LogPass))
To the following:
if(password_verify($formPass,$LogPass))
I'm having problem to get my different div from my php function
This is the code
error_reporting(E_ALL | E_NOTICE);
ini_set('display_errors', '1');
require_once("./include/membersite_config.php");
if (!$fgmembersite->CheckLogin()) {
$fgmembersite->RedirectToURL("index.php");
exit;
}
if (isset($_POST['submitted'])) {
if($fgmembersite->ChangePassword()){
echo '<div id="ajaxDivOk">';
sleep(3);
$fgmembersite->RedirectToURL("index.php");
}
else{
echo '<div id="ajaxDivErro">';
sleep(3);
}
}
?>
<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>EBSPMA PAAD</title>
<link href="css/styles.css" rel="stylesheet">
<link href="css/bootstrap.min.css" rel="stylesheet">
<script src="js/modernizr.js?cb=2.2.3.2085"></script>
<script type="text/javascript">
</script>
</head>
<body>
<header role="banner" class="main-header">
<!-- MAIN HEADER -->
<div class="main-header-body">
<div class="container-wrapper">
<div class="container-fluid">
<div class="row">
<div class="col-xs-3">
<h2>
PAAD-GesDocente</h2>
</div>
<div class="col-xs-4 col-xs-offset-1 main-header-title">
<p class="sizeToggle" >Mudar Password</p>
</div>
</div>
</div>
</div>
</div>
</header><section class="content">
<div class="grid">
<div class="box">
<form name="changepwd" id="loginForm" action='<?php echo $fgmembersite->GetSelfScript(); ?>' method="POST">
<input type="hidden" name='submitted' id='submitted'/>
<input type="hidden" name="path" value="painelAdquirente.action"/>
<div>
<p><b><font color="red">A sua password deve ser alterada!</font></b></p></div>
<div class="icon-input">
<label for="password"></label>
<div class="input password">
<i class="fa fa-lock"></i>
<input type="password" name="oldpwd" id="oldpwd" placeholder="Senha antiga">
</div>
</div>
<br>
<div class="icon-input">
<label for="password"></label>
<div class="input password">
<i class="fa fa-lock"></i>
<input type="password" name="newpwd" id="newpwd" placeholder="Senha nova">
</div>
<input type="hidden" name="email" id="email" value="<?php echo $fgmembersite->UserEmail(); ?>">
</div>
<br>
<input type="submit" id="sbmtLogin" class="sa-btn1" value="Mudar">
</form>
</div>
<div class="form-group">
<div id="ajaxDivOk" name="ajaxDivOk" style="display:none" class="alert alert-success">Modificado com sucesso...Faça login novamente</div>
</div>
<div class="form-group">
<div id="ajaxDivErro" name="ajaxDivErro" style="display:none" class="alert alert-danger">Opss....Erro, tente mais tarde</div>
</div>
</div>
</section>
<script src="js/jquery-1.11.1.min.js"></script>
<script src="js/jquery.validate.min.js"></script>
<script src="js/plugins.js?cb=2.2.3.2085"></script>
</body>
</html>
The div is not show but in fiddler i get
<div id="ajaxDivOk">
So the php function is working properly since the password is changed and i should have the div
Any help please?
Thanks
You can set which notification you want to show up when you do your checks at the beginning, and then display the appropriate one in the following HTML. You can handle the redirect the same way.
if (isset($_POST['submitted'])) {
if ($fgmembersite->ChangePassword()) {
$redirect = '<meta http-equiv="refresh" content="3; url=index.php" />';
$notice = '<div id="ajaxDivOk" name="ajaxDivOk" class="alert alert-success">
Modificado com sucesso...Faça login novamente</div>';
} else {
$redirect = '';
$notice = '<div id="ajaxDivErro" name="ajaxDivErro" class="alert alert-danger">
Opss....Erro, tente mais tarde</div>';
}
}
Then in the <head> of your document...
<head>
<?php if isset($redirect) echo $redirect; ?>
...
And later where you are displaying the notifications:
<div class="form-group">
<?php if isset($notice) echo $notice; ?>
</div>
I apologise if the title is confusing, but when I run the page with the code below and enter an email not found in the database, on the webpage I get Notice: Trying to get property of non-object in C:\xampp\htdocs\Testing\login.php on line 72. Instead of it saying this, I want it to give an error that the email is not registered.
<?php
session_start();//session starts here
if(isset($_SESSION['adminName'])||isset($_SESSION['email'])){
header("Location: welcome.php");//redirect to login page to secure the welcome page without login access.
}
?>
<html>
<head lang="en">
<meta charset="UTF-8">
<link type="text/css" rel="stylesheet" href="bootstrap-3.2.0-dist\css\bootstrap.css">
<title>Login</title>
</head>
<style>
.login-panel {
margin-top: 150px;
</style>
<body>
<div class="container">
<div class="row">
<div class="col-md-4 col-md-offset-4">
<div class="login-panel panel panel-success">
<div class="panel-heading">
<h3 class="panel-title">Sign In</h3>
</div>
<div class="panel-body">
<form role="form" method="post" action="login.php">
<fieldset>
<div class="form-group" >
<input class="form-control" placeholder="E-Mail" name="email" type="email" autofocus>
</div>
<div class="form-group">
<input class="form-control" placeholder="Password" name="pass" type="password" value="">
</div>
<input class="btn btn-lg btn-success btn-block" type="submit" value="login" name="login" >
<!-- Change this to a button or input when using this as a form -->
<!-- Login -->
</fieldset>
</form>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
<?php
include("database/db_conection.php");
if(isset($_POST['login'])){
$user_email=mysqli_real_escape_string($dbcon, $_POST['email']);
$user_pass=mysqli_real_escape_string($dbcon, $_POST['pass']);
$encrypted_password = password_hash($user_pass, PASSWORD_BCRYPT);
$query = $dbcon->query("SELECT user_pass FROM users WHERE user_email='$user_email'");
$passwordValue=$query->fetch_object()->user_pass;
if (password_verify($user_pass,$passwordValue)){
echo "Success!";
}else{
echo $encrypted_password;
echo "<div class='alert alert-danger'><a href='#' class='close' data-dismiss='alert' aria-label='close'>×</a><strong>Error!</strong> Email or password entered was incorrect!</div>";
}
/*$check_user="select * from users WHERE user_email='$encrypted_email' AND user_pass='$user_pass'";
$run=mysqli_query($dbcon,$check_user);
if(mysqli_num_rows($run))
{
echo "<script>window.open('welcome.php','_self')</script>";
$_SESSION['email']=$user_email;//here session is used and value of $user_email store in $_SESSION.
}
else
{
echo "<script>alert('Email or password is incorrect!')</script>";
}*/
}
?>
This is the code found in my login.php file. The php code within the comment isn't part of the web page, I will be removing it later.
<html>
<head lang="en">
<meta charset="UTF-8">
<link type="text/css" rel="stylesheet" href="bootstrap-3.2.0-dist\css\bootstrap.css">
<title>Login</title>
</head>
<style>
.login-panel {
margin-top: 150px;
</style>
<body>
<div class="container">
<div class="row">
<div class="col-md-4 col-md-offset-4">
<div class="login-panel panel panel-success">
<div class="panel-heading">
<h3 class="panel-title">Sign In</h3>
</div>
<div class="panel-body">
<form role="form" method="post" action="login.php">
<fieldset>
<div class="form-group" >
<input class="form-control" placeholder="E-Mail" name="email" type="email" autofocus>
</div>
<div class="form-group">
<input class="form-control" placeholder="Password" name="pass" type="password" value="">
</div>
<input class="btn btn-lg btn-success btn-block" type="submit" value="login" name="login" >
<!-- Change this to a button or input when using this as a form -->
<!-- Login -->
</fieldset>
</form>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
<?php
include("database/db_conection.php");
if(isset($_POST['login'])){
$user_email=mysqli_real_escape_string($dbcon, $_POST['email']);
$user_pass=mysqli_real_escape_string($dbcon, $_POST['pass']);
$encrypted_password = password_hash($user_pass, PASSWORD_BCRYPT);
if ($query = $dbcon->query("SELECT user_pass FROM users WHERE user_email='$user_email'") == false) {
echo "The email doesn't exist in the DB";
} else {
$passwordValue=$query->fetch_object()->user_pass;
if (password_verify($user_pass,$passwordValue)){
echo "Success!";
}else{
echo $encrypted_password;
echo "<div class='alert alert-danger'><a href='#' class='close' data-dismiss='alert' aria-label='close'>×</a><strong>Error!</strong> Email or password entered was incorrect!</div>";
}
/*$check_user="select * from users WHERE user_email='$encrypted_email' AND user_pass='$user_pass'";
$run=mysqli_query($dbcon,$check_user);
if(mysqli_num_rows($run))
{
echo "<script>window.open('welcome.php','_self')</script>";
$_SESSION['email']=$user_email;//here session is used and value of $user_email store in $_SESSION.
}
else
{
echo "<script>alert('Email or password is incorrect!')</script>";
}*/
}
}
?>
I've added an if statement that checks if the query is false, if it's false it will echo that the email doesn't exist in the database, as you wanted, but if it exist, then you're fetched the password exactly as you want.
I used an if statement for the code: $query->num_rows() (credit to #MasterOdin for that) and if the number of rows equaled 0, then I echoed that you typed in an invalid email.
Ex.
if ($query->num_rows==0){
echo "You typed an invalid email!";
}else{
I further verified information here...
}