PHP saying theres nothing in the boxes when I put stuff in.
Tried putting var_dump($_POST); die(); at the top of register.php and it showed what I put in the boxes
Not sure what's going on here.
Any help is appreciated. Thanks in advance.
I've spent a while trying to figure this out.
Will login work aswell?
Thanks,
Jon
functions.php
<?php
session_start();
// connect to database
$db = mysqli_connect(:-));
// variable declaration
$username = "";
$email = "";
$errors = array();
// call the register() function if register_btn is clicked
if (isset($_POST['register_btn'])) {
register();
}
// REGISTER USER
function register(){
// call these variables with the global keyword to make them available in function
global $db, $errors, $username, $email;
// receive all input values from the form. Call the e() function
// defined below to escape form values
$username = e($_POST['username']);
$email = e($_POST['email']);
$password_1 = e($_POST['password_1']);
$password_2 = e($_POST['password_2']);
// form validation: ensure that the form is correctly filled
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($email)) {
array_push($errors, "Email is required");
}
if (empty($password_1)) {
array_push($errors, "Password is required");
}
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
// register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
if (isset($_POST['user_type'])) {
$user_type = e($_POST['user_type']);
$query = "INSERT INTO users (username, email, user_type, password)
VALUES('$username', '$email', '$user_type', '$password')";
mysqli_query($db, $query);
$_SESSION['success'] = "New user successfully created!!";
header('location: home.php');
}else{
$query = "INSERT INTO users (username, email, user_type, password)
VALUES('$username', '$email', 'user', '$password')";
mysqli_query($db, $query);
// get id of the created user
$logged_in_user_id = mysqli_insert_id($db);
$_SESSION['user'] = getUserById($logged_in_user_id); // put logged in user in session
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}
}
}
// return user array from their id
function getUserById($id){
global $db;
$query = "SELECT * FROM users WHERE id=" . $id;
$result = mysqli_query($db, $query);
$user = mysqli_fetch_assoc($result);
return $user;
}
// escape string
function e($val){
global $db;
return mysqli_real_escape_string($db, trim($val));
}
function display_error() {
global $errors;
if (count($errors) > 0){
echo '<div class="error">';
foreach ($errors as $error){
echo $error .'<br>';
}
echo '</div>';
}
}
function isLoggedIn()
{
if (isset($_SESSION['user'])) {
return true;
}else{
return false;
}
}
if (isset($_GET['logout'])) {
session_destroy();
unset($_SESSION['user']);
header("location: login.php");
}
if (isset($_POST['login_btn'])) {
login();
}
// LOGIN USER
function login(){
global $db, $username, $errors;
// grap form values
$username = e($_POST['username']);
$password = e($_POST['password']);
// make sure form is filled properly
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
// attempt login if no errors on form
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) { // user found
// check if user is admin or user
$logged_in_user = mysqli_fetch_assoc($results);
if ($logged_in_user['user_type'] == 'admin') {
$_SESSION['user'] = $logged_in_user;
$_SESSION['success'] = "You are now logged in";
header('location: admin/home.php');
}else{
$_SESSION['user'] = $logged_in_user;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}
}else {
array_push($errors, "Wrong username/password combination");
}
}
}
// ...
function isAdmin()
{
if (isset($_SESSION['user']) && $_SESSION['user']['user_type'] == 'admin' ) {
return true;
}else{
return false;
}
}
register.php
<?php
include('functions.php');
?>
<!DOCTYPE html>
<html>
<head>
<title>Register | Vex Radio</title>
<link rel="stylesheet" href="style.css">
</head>
<body>
<div class="header">
<h2>Register</h2>
</div>
<form method="post" action="register.php">
<p><?php echo display_error(); ?></p>
<div class="input-group">
<label>Username</label>
<input type="text" name="username" value="<?php echo $username; ?>">
</div>
<div class="input-group">
<label>Email</label>
<input type="email" name="email" value="<?php echo $email; ?>">
</div>
<div class="input-group">
<label>Password</label>
<input type="password" name="password_1">
</div>
<div class="input-group">
<label>Confirm password</label>
<input type="password" name="password_2">
</div>
<div class="input-group">
<button type="submit" class="btn" name="register_btn">Register</button>
</div>
<p>
Already a member? Sign in
</p>
</form>
</body>
</html>
PHP to save the items in a DB and allow me to login
Related
So I have newspaper vendor system where there are two entities, the admin and vendor.
After both signing up into the system, they are redirected to the login form where they input their username and paasword. The problem I'm having is that i am not taken to the respective pages that both the admin and vendor are supposed to be taken after clicking the login button. Instead redirects me to the login form again.
Any leads would be appreciated.
Thank you.
This the login form
<form class="user" action="loginserver.php" method="POST" style="background-color:#f1f1f1">
<div class="form-group">
<label>Username</label>
<input type="text" name="login_username" class="form-control form-control-user" placeholder="Username">
</div>
<div class="form-group">
<label>Password</label>
<input type="password" name="login_password" class="form-control form-control-user" placeholder="Password">
</div>
<button type="submit" name="login_btn" class="btn btn-primary btn-user btn-block"> Login </button>
<hr>
</form>
logic code for the login form
<?php
session_start();
$_SESSION['vendor_id']= '$vendor_id';
$_SESSION['vendor_email']= '$vendor_email';
$_SESSION['login_username']= '$login_username';
$login_username="";
$login_password="";
$errors = array();
// connect to the database
$db = mysqli_connect('localhost', 'root', '', 'news');
if (isset($_POST['login_btn'])) {
login();
}
// LOGIN USER
function login(){
global $db, $login_username, $errors;
$login_password="";
$login_username= trim($_POST['login_username']);
$login_password=trim($_POST['login_password']);
function e($val){
global $db;
return mysqli_real_escape_string($db, trim($val));
}
// grab form values
$login_username = e($_POST['login_username']);
$login_password = e($_POST['login_password']);
// make sure form is filled properly
if (empty($login_username)) {
array_push($errors, "Username is required");
}
if (empty($login_password)) {
array_push($errors, "Password is required");
}
// attempt login if no errors on form
if (count($errors) == 0) {
$login_password = md5($login_password);
$query = "SELECT * FROM login WHERE login_username='$login_username' AND login_password='$login_password' LIMIT 1";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) { // user found
// check if user is admin or client
$logged_in_user = mysqli_fetch_assoc($results);
if ($logged_in_user['login_rank'] == 'admin') {
$_SESSION['admin'] = $logged_in_user;
$_SESSION['success'] = "You are now logged in";
header('location: paper.php');
}
elseif ($logged_in_user['login_rank'] == 'vendor')
{
$result = mysqli_query($db,"SELECT vendor.vendor_id from vendor inner join login on login.login_id= vendor.vendor_login_id where login_username='$login_username'");
$row = mysqli_fetch_array($result);
if(is_array($row)) {
$_SESSION["vendor_id"] = $row['vendor_id'];
header('location: home1.php');
}
}
//elseif ($logged_in_user['login_rank'] == 'schoolhead')
//{
// $result = mysqli_query($db,"SELECT schoolhead.schoolhead_id from schoolhead inner join login on login.login_id= schoolhead.schoolhead_login_id where login_username='$login_username'");
// $row = mysqli_fetch_array($result);
// if(is_array($row)) {
// $_SESSION["schoolhead_id"] = $row[schoolhead_id];
// header('location: requestschool.php');
//}
//}
//elseif ($logged_in_user['login_rank'] == 'manager')
//{
// $result = mysqli_query($db,"SELECT childrenhomemanagers.manager_id from childrenhomemanagers inner join login on login.login_id= childrenhomemanagers.manager_login_id where login_username='$login_username'");
// $row = mysqli_fetch_array($result);
// if(is_array($row)) {
// $_SESSION["manager_id"] = $row[manager_id];
// header('location: requestmanager.php');
//}
//}
}else {
array_push($errors, "Wrong username/password combination");
}
}
It is hard to answer anything to this question as it does not contain enough reference.
If you want to redirect in PHP you can use this function
header('Location: /desiredpage');
i have a website for users to login and register, the website was working fine when login and register was in 2 different pages, now i have made them both in the same page, the html code is like below:
<h2>Login</h2>
</div>
<form method="post" class="form-detail" action="index.php">
<?php include('errors.php'); ?>
<div style="padding-right: 20px; margin-left: -40px;" class="input-group">
<label>Username</label>
<input type="text" name="username" >
</div>
<div style="padding-right: 20px; margin-left: -40px;" class="input-group">
<label>Password</label>
<input type="password" name="password">
</div>
<div class="input-group">
<button type="submit" class="btn" name="login_user">Login</button>
</div>
</form>
</div>
<form class="form-detail" method="post" action="index.php">
<div class="header">
<h2>Register Now</h2>
</div>
<?php include('errors.php'); ?>
<div class="input-group">
<label>Username</label>
<input type="text" name="username" value="<?php echo $username; ?>">
</div>
<div class="input-group">
<label>Email</label>
<input type="email" name="email" value="<?php echo $email; ?>">
</div>
<div class="input-group">
<label>Password</label>
<input type="password" name="password_1">
</div>
<div class="input-group">
<label>Confirm password</label>
<input type="password" name="password_2">
</div>
<div class="input-group">
<button type="submit" class="btn" name="reg_user">Register</button>
</div>
the server.php file which does the functionality is like:
<?php
session_start();
// initializing variables
$username = "";
$email = "";
$errors = array();
// connect to the database
$db = mysqli_connect('localhost', 'root', '', 'teia');
// REGISTER USER
if (isset($_POST['reg_user'])) {
// receive all input values from the form
$username = mysqli_real_escape_string($db, $_POST['username']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
// form validation: ensure that the form is correctly filled ...
// by adding (array_push()) corresponding error unto $errors array
if (empty($username)) { array_push($errors, "Username is required"); }
if (empty($email)) { array_push($errors, "Email is required"); }
if (empty($password_1)) { array_push($errors, "Password is required"); }
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
// first check the database to make sure
// a user does not already exist with the same username and/or email
$user_check_query = "SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) { // if user exists
if ($user['username'] === $username) {
array_push($errors, "Username already exists");
}
if ($user['email'] === $email) {
array_push($errors, "email already exists");
}
}
// Finally, register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO users (username, email, password)
VALUES('$username', '$email', '$password')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}
}
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: profile.php');
}else {
array_push($errors, "Wrong username/password combination");
}
}
}
?>
and finally the error.php is below
<?php if (count($errors) > 0) : ?>
<div class="error">
<?php foreach ($errors as $error) : ?>
<p><?php echo $error ?></p>
<?php endforeach ?>
</div>
<?php endif ?>
earlier it was working completely fine, now when i added both login and register in same pages, both login and register not working, instead simply loading the page, as i am new to php, can anyone please tell me whats wrong with my code
You can use switch statement for your solutions with different submit button value like below
<button type="submit" class="btn" value="login">Login</button>
<button type="submit" class="btn" value="register">Register</button>
<?php
switch($_POST['submit']) {
case 'login':
//...
break;
case 'register':
//...
break;
}
?>
The problem is that both your form actions point to index.php which isn't where the functionality is.
<form method="post" class="form-detail" action="server.php">
Change both forms to this. That should solve your problem.
Edit:
To display the errors, you'll need access to the $errors variable you defined. One way to do this is to move the code in error.php like so:
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO users (username, email, password)
VALUES('$username', '$email', '$password')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
} else {
include('errors.php');
}
Are you sure; you are adding this <?php include('server.php'); ?> at the top of the index.php page?
Well, on my small site, which I use for practice I created pages where I saved my data from tables from the database, also, I have normal users and admin. I created admin through my sql and I can create a normal user through a registration form on the page. What I want to do is, As I said I have a page where I saved my data from tables, I want to make so user cant see that page while admin can see that page. I just want to make those restrictions. However, I don't know how to start with that in code, I will post here the code that I think you will need for helping me, so, If you need something more, I'm here!
login.php: `
<?php include('functions.php') ?>
<!DOCTYPE html>
<html>
<head>
<title>Prijavi se</title>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<div class="header">
<h2>Prijavi se</h2>
</div>
<form method="post" action="login.php">
<?php echo display_error(); ?>
<div class="input-group">
<label>Korisnicko ime</label>
<input type="text" name="username" >
</div>
<div class="input-group">
<label>Lozinka</label>
<input type="password" name="password">
</div>
<div class="input-group">
<button type="submit" class="btn" name="login_btn">Prijavi se</button>
</div>
<p>
Jos uvek nemate nalog? Registruj se
</p>
</form>
`
functions.php: `
$db = mysqli_connect('localhost', 'root', '', 'it210projekat');
$username = "";
$email = "";
$errors = array();
if (isset($_POST['register_btn'])) {
register();
}
if (isset($_POST['login_btn'])) {
login();
}
if (isset($_GET['logout'])) {
session_destroy();
unset($_SESSION['user']);
header("location: ../login.php");
}
function register(){
global $db, $errors;
$username = e($_POST['username']);
$email = e($_POST['email']);
$password_1 = e($_POST['password_1']);
$password_2 = e($_POST['password_2']);
if (empty($username)) {
array_push($errors, "Unesite ime");
}
if (empty($email)) {
array_push($errors, "Unesite email");
}
if (empty($password_1)) {
array_push($errors, "Unesite lozinku");
}
if ($password_1 != $password_2) {
array_push($errors, "Lozinke se ne poklapaju");
}
if (count($errors) == 0) {
$password = md5($password_1);
if (isset($_POST['user_type'])) {
$user_type = e($_POST['user_type']);
$query = "INSERT INTO users (username, email, user_type, password)
VALUES('$username', '$email', '$user_type', '$password')";
mysqli_query($db, $query);
$_SESSION['success'] = "Uspesno ste napravili nalog!!";
header('location: login.php');
}else{
$query = "INSERT INTO users (username, email, user_type, password)
VALUES('$username', '$email', 'user', '$password')";
mysqli_query($db, $query);
$logged_in_user_id = mysqli_insert_id($db);
$_SESSION['user'] = getUserById($logged_in_user_id);
$_SESSION['success'] = "Uspesno ste se prijavili";
header('location: login.php');
}
}
}
function getUserById($id){
global $db;
$query = "SELECT * FROM users WHERE id=" . $id;
$result = mysqli_query($db, $query);
$user = mysqli_fetch_assoc($result);
return $user;
}
function login(){
global $db, $username, $errors;
$username = e($_POST['username']);
$password = e($_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$logged_in_user = mysqli_fetch_assoc($results);
if ($logged_in_user['user_type'] == 'admin') {
$_SESSION['user'] = $logged_in_user;
$_SESSION['success'] = "Uspesno ste se prijavili";
header('location: pocetna.php');
}else{
$_SESSION['user'] = $logged_in_user;
$_SESSION['success'] = "Uspesno ste se prijavili";
header('location: pocetna.php');
}
}else {
array_push($errors, "Pogresno korisnicko ime ili lozinka");
}
}
}
function isLoggedIn()
{
if (isset($_SESSION['user'])) {
return true;
}else{
return false;
}
}
function isAdmin()
{
if (isset($_SESSION['user']) && $_SESSION['user']['user_type'] == 'admin' ) {
return true;
}else{
return false;
}
}
function e($val){
global $db;
return mysqli_real_escape_string($db, trim($val));
}
function display_error() {
global $errors;
if (count($errors) > 0){
echo '<div class="error">';
foreach ($errors as $error){
echo $error .'<br>';
}
echo '</div>';
}
}
?>`
I have this on top of page where I want to make restrict for normal users:
<?php if (isset($_SESSION['success'])) : ?>
<div class="error success" >
<h3>
<?php
echo $_SESSION['success'];
unset($_SESSION['success']);
?>
</h3>
</div>
<?php endif ?>
<div class="profile_info">
<div>
<?php if (isset($_SESSION['user'])) : ?>
<strong><?php echo $_SESSION['user']['username']; ?></strong>
<?php endif ?>
</div>
</div>
</div>
In your functions file, you are setting $_SESSION['user'] to the data from the database row for the user; this means you just have to check if $_SESSION['user']['user_type'] is admin or not.
So, it's simple, on the page you only want admins to see (at the top, below your functions.php call), do this:
if($_SESSION['user']['user_type'] != 'Admin') {
//could redirect page here
die('This page is not available to non-administrators.');
}
I noticed a couple of other issues in your login/register code.
1) NEVER use md5() for passwords, it's considered just as bad as plaintext. Instead, use password_hash() and password_verify() PHP functions.
2) Your mysql queries are at risk of SQL Injection attacks, you should convert these to parameterized queries.
How do i make an success message when form is submitted
here is the code:
server.php
<?php
session_start();
$username = "";
$errors = array();
$db = mysqli_connect('localhost', 'root', '', 'reg_user');
// REGISTER USER
if (isset($_POST['reg_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
if (empty($username)) { array_push($errors, "Username is required"); }
if (empty($password_1)) { array_push($errors, "Password is required"); }
$user_check_query = "SELECT * FROM users WHERE username='$username' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) { // if user exists
if ($user['username'] === $username) {
array_push($errors, "Username already exists");
}
}
if (count($errors) == 0) {
$password = md5($password_1);
$query = "INSERT INTO users (username, password)
VALUES('$username', '$password')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: register.php');
}
}
index.php
<div class="card-body">
<p><?php include('errors.php'); ?></p>
<form method="POST" action="register.php" class="needs-validation" novalidate="">
<div class="form-group">
<label for="username">Username</label>
<input id="username" type="username" class="form-control" name="username" tabindex="1" required autofocus>
</div>
here is the code of error.php which it pops up a error message when username is taken
error.php
<?php if (count($errors) > 0) : ?>
<div class="alert alert-danger alert-dismissible show fade">
<div class="alert-body">
<button class="close" data-dismiss="alert">
<span>×</span>
</button>
<?php foreach ($errors as $error) : ?>
<p><center><b><?php echo $error ?></center></b></p>
<?php endforeach ?>
</div>
</div>
<?php endif ?>
I want to add success message just like the error.php but what is the code to perform an success message?
You can do it like:
if (!$errors)
{
header("Location: success.php");
exit;
}
or modify this part from your code:
if (count($errors) == 0) {
$password = md5($password_1);
$query = "INSERT INTO users (username, password)
VALUES('$username', '$password')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = TRUE;
header('location: success.php'); exit;
}
Are you looking for something like this?
<?php if($_SESSION['success'] != '' ) : ?>
<label> <?php include('success.php'); ?></label>
<?php endif; ?>
This question already has answers here:
PHP parse/syntax errors; and how to solve them
(20 answers)
Closed 4 years ago.
I'am trying to create register/login system. However, I've faced some problems. I can't understand where's the mistake in my code.
Here's my server.php & register.php. Browser shows that mistake is in line 65. "Parse error: syntax error, unexpected ';'". In my opinion ; must be there.
<?php
session_start();
$username = "";
$email = "";
$errors = array();
// Connect to the database
$db = mysqli_connect('localhost', 'root', '', 'lead2pro');
// If the register button is clicked
if(isset($_POST['register'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$password_1 = mysqli_real_escape_string($db ,$_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
// Ensure that form fields are filled properly
if(empty($username)) {
array_push($errors, "Username is required!");
}
if(empty($email)) {
array_push($errors, "Email is required!");
}
if(empty($password_1)) {
array_push($errors, "Password is required!");
}
if($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
// If there are no errors, save user to database
if(count($errors) == 0) {
$password = md5($password_1); // Hashin the password before storing in database
$sql = "INSERT INTO users (username, email, password) VALUES('$username', '$email', '$password')";
mysqli_query($db, $sql);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: ../system.php'); // Redirect to game location
}
}
// log user in from login page
if(isset($_POST['login'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
// Ensure that form fields are filled properly
if(empty($username)) {
array_push($errors, "Username is required!");
}
if(empty(password)) {
array_push($errors, "Password is required!");
}
if(count($errors) == 0){
$password = md5($password); // Encrypt password before comparing this one with the one in database
$query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
$result = mysqli_query($db, $query);
$if (mysqli_num_rows($result) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: ../system.php'); // Redirect to main page location
} else {
array_push($errors, "Wrong username/password combination");
header('location: ../php/login.php');
}
}
}
//logout
if(isset($_GET['logout'])) {
session_destroy();
unset($_SESSION['username']);
header('location: ../php/login.php');
}
?>
Here's my register.php
<?php include('../includes/server.php');?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Manager | Register</title>
<link rel="stylesheet" href="../css/reg.css">
</head>
<body>
<div class="header">
<h2>Register</h2>
</div>
<!-- Display validation errors here! -->
<?php include('../includes/errors.php'); ?>
<form action="register.php" method="post">
<div class="input-group">
<label>Username</label>
<input type="text" name="username" value="<?php echo $username; ?>">
</div>
<div class="input-group">
<label>Email</label>
<input type="text" name="email" value="<?php echo $email; ?>">
</div>
<div class="input-group">
<label>Password</label>
<input type="password" name="password_1">
</div>
<div class="input-group">
<label>Confirm Password</label>
<input type="password" name="password_2">
</div>
<div class="input-group">
<button type="submit" name="register" class="btn">Register</button>
</div>
<p>
Already a member? Sign in
</p>
</form>
</body>
</html>
The problem is on a different line:
$if (mysqli_num_rows($result) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: ../system.php'); // Redirect to main page location
}
That $ should not be there in front of the if.