We Keep Coding

Session code not working in php

i am trying to develop a login form so i got online and picked a code. i made a database called "company" with a table "login" having fields; Id, username and password. I have saved some entries in the table.
when i try to login i get a response; The page isn't redirecting properly;
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.This problem can sometimes be caused by disabling or refusing to accept cookies.
and i dont know whats wrong.
Below is my code:
index.php
<?php
include('login.php'); // Includes Login Script
if(isset($_SESSION['login_user'])){
header("location: profile.php");
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Login Form in PHP with Session</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="main">
<h1>PHP Login Session Example</h1>
<div id="login">
<h2>Login Form</h2>
<form action="" method="post">
<label>UserName :</label>
<input id="name" name="username" placeholder="username" type="text">
<label>Password :</label>
<input id="password" name="password" placeholder="**********" type="password">
<input name="submit" type="submit" value=" Login ">
<span><?php echo $error; ?></span>
</form>
</div>
</div>
</body>
</html>
login.php
<?php
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
}
else
{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysqli_connect("localhost", "root", "", "company");
// To protect MySQL injection for Security purpose
// SQL query to fetch information of registerd users and finds user match.
$query = mysqli_query($connection, "select * from login where password='$password' AND username='$username'");
$rows = mysqli_num_rows($query);
if ($rows == 1) {
$_SESSION['login_user']=$username; // Initializing Session
} else {
$error = "Username or Password is incorrect";
}
mysqli_close($connection); // Closing Connection
}
}
?>
logout.php
<?php
session_start();
if(session_destroy()) // Destroying All Sessions
{
header("Location: index.php"); // Redirecting To Home Page
}
?>
profile.php
<?php
include('session.php');
?>
<!DOCTYPE html>
<html>
<head>
<title>Your Home Page</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="profile">
<b id="welcome">Welcome : <i><?php echo $login_session; ?></i></b>
<b id="logout">Log Out</b>
</div>
</body>
</html>
session.php
<?php
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysqli_connect("localhost", "root", "","company");
session_start();// Starting Session
// Storing Session
$user_check=$_SESSION['login_user'];
// SQL Query To Fetch Complete Information Of User
$ses_sql=mysqli_query("select username from login where username='$user_check'", $connection);
$row = mysqli_fetch_assoc($ses_sql);
$login_session =$row['username'];
if(!isset($login_session)){
mysqli_close($connection); // Closing Connection
header('Location: index.php'); // Redirecting To Home Page
}
?>
thank you.

Problem solved.
I have connected to another table with more fields thats is; id, firstname, username and password.
I edited the session.php and changed the mysqli_query using Firstname where Username is $user_check. Im now printing the name of the logged in user.
Thank you guys.

My login page keeps returning "incorrect login" even when I enter correct login

I wrote a simple login page that is connected to a mySQL database. But even when I try to put in the correct login information, it still returns the "Incorrect username or password" error. I can't figure out if there is something wrong with my code itself, or my database. Any help would be greatly appreciated!
My database looks like this: https://gyazo.com/da06e276d981a35a3e2f01f5ec17f27b
I currently have 2 entries in that database for testing: https://gyazo.com/04a52dde61e77e0cbc2f90b78b3f40a9
My index.php code is as follows
<?php
include('login.php'); // Include Login Script
if ((isset($_SESSION['username']) != ''))
{
header('Location: home.php');
}
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>PHP Login Form with Session</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>
<h1>PHP Login Form with Session</h1>
<div class="loginBox">
<h3>Login Form</h3>
<br><br>
<form method="post" action="">
<label>Username:</label><br>
<input type="text" name="username" placeholder="username" /><br><br>
<label>Password:</label><br>
<input type="password" name="password" placeholder="password" /> <br><br>
<input type="submit" name="submit" value="Login" />
</form>
<div class="error"><?php echo $error;?></div>
</div>
</body>
</html>
My login.php code is as follows:
<?php
session_start();
include("connection.php"); //Establishing connection with our database
$error = ""; //Variable for storing our errors.
if(isset($_POST["submit"]))
{
if(empty($_POST["username"]) || empty($_POST["password"]))
{
$error = "Both fields are required.";
}else
{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
//Check username and password from database
$sql="SELECT uid FROM users WHERE username='$username' and password='$password'";
$result=mysqli_query($db,$sql);
$row=mysqli_fetch_array($result,MYSQLI_ASSOC);
//If username and password exist in our database then create a session.
//Otherwise echo error.
if(mysqli_num_rows($result) == 1)
{
$_SESSION['username'] = $login_user; // Initializing Session
header("location: home.php"); // Redirecting To Other Page
}else
{
$error = "Incorrect username or password.";
}
}
}
?>

1- Saving in plain text is a NO.
2- As far as i can see you are comparing a plain text password with its md5.
You have also defined the same variable more than once, with different values, sth ive never seen before.

Well, I don't see where $login_user is assigned a value in your code in login.php page.
Try
$_SESSION['username'] = $username;
Also replace this with what you have at the top of your index.php page.
<?php
include('login.php'); // Include Login Script
if (isset($_SESSION['username'])){
header('Location: home.php');
}
else{}
?>

First of since you have your login script on another file in your project directory, shouldn't you specify the location to the script on your login form? Just like this
<form method="post" action="login.php">
<label>Username:</label><br>
<input type="text" name="username" placeholder="username" /><br><br>
<label>Password:</label><br>
<input type="password" name="password" placeholder="password" /> <br><br>
<input type="submit" name="submit" value="Login" />
</form>

Why i cannot display the error message in the login page?

i want to display my error message in the login form by getting the result from the login.php ,here is the sample code that i have use.The first part is the index.php
<?
include("login.php");?>
<!DOCTYPE html>
<html>
<head>
<title>Login Form in PHP with Session</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="main">
<h1>Hup Seng</h1>
<div id="login">
<h2>Login Form</h2>
<form action="login.php" method="post">
<label>UserName :</label>
<input id="name" name="username" placeholder="username" type="text" required>
<br>
<br>
<label>Password :</label>
<input id="password" name="password" placeholder="**********" type="password" required>
<br>
<input name="submit" type="submit" value=" Login ">
<span><?php echo $error; ?></span>
</form>
</div>
</div>
</body>
</html>
Here is the login.php i have put the error message under the else statement in order to pass the information to the login form
<?php
include("dbconfig.php");
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
//if (isset($_POST['submit'])) {
if (isset($_POST['username']) || isset($_POST['password'])) {
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
$pw = encode($password);
$sql = "SELECT count(ID) as cid FROM tblUser WHERE UserId = '$username' and Password1 = '$pw'";
$rs = odbc_exec($link_mssql,$sql);
while (odbc_fetch_row($rs)) {
$count=odbc_result($rs,"cid");
}
if ($count == 1) {
$_SESSION['username']=$username; // Initializing Session
header("location: homepage.php"); // Redirecting To Other Page
} else {
$error="username/passwod combination incorrect";
header("location: index.php");
}
odbc_close($link_mssql); // Closing Connection
}
//}
?>

No need to add header you already including login.php file in index.php
$error="username/passwod combination incorrect";
//header("location: index.php");//remove this line

session_start();
$_SESSION['error']="username/passwod combination incorrect";
and in login form check
session_start();
if(isset($_SESSION['error'])){
echo $_SESSION['error'];
}

//header("location: index.php");
Remove this or you can redirect the page after some time if you want like this.
header( "refresh:5;url=index.php" ); // page redirect after 5sec

how do i use mysqli to make a single user login system

Alright so i have been looking around for a simple login system and i have looked at many videos and noticed they are all using MYSQL and according to my webhost i need to use MYSQLi so my code is posted below, can someone help me, everytime i press login it just refreshes the page and does nothing
<?php
$error=''; //Variable to Store error message;
if(isset($_POST['submit'])){
if(empty($_POST['user']) || empty($_POST['pass'])){
$error = "Username or Password is Invalid";
}
else
{
//Establishing Connection with server by passing server_name, user_id and pass as a patameter
$host = "198.91.81.8";
$user = "iishnoii_admin";
$pass = "password";
$db = "iishnoii_seclog";
$con = mysqli_connect($host, $user, $pass, $db);
//sql query to fetch information of registerd user and finds user match.
$query = mysqli_query($conn, "SELECT * FROM users WHERE password='$pass' AND username='$user'");
$rows = mysqli_num_rows($query);
if($rows == 1){
header("Location: welcome.php"); // Redirecting to other page
}
else
{
$error = "Username of Password is Invalid";
}
mysqli_close($conn); // Closing connection
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>IIShNoII</title>
</head>
<body>
<div id="login-form">
<form method="post" action="index.php">
Username: <input type="test" name="username" /> <br /> <br />
Password: <input type="password" name="password" /> <br /> <br />
<input type="submit" name="submit" value="Log In" />
</div>
</body>
</html>

In your form, the names of the fields are username and password, but when you try to retrieve them in PHP with $_POST, you call them userand pass.

Get Always Validation Error in Login Page Even Correct Data is Given

Following is the Code for LOGIN page used with html & php.
The problem I am facing is that , even after submitting correct information Login is failed .
Is there any problem with the query I used?
<html>
<head>
<title>login</title>
<link rel="stylesheet" href="css/insert.css" />
</head>
<body>
<div class="maindiv">
<!--HTML form -->
<div class="form_div">
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <!-- method can be set POST for hiding values in URL-->
<h2>Login Form</h2>
<label>Email:</label><br />
<input class="input" type="email" name="mail" />
<br />
<label>Password:</label><br />
<input class="input" type="text" name="pass" />
<br />
<input class="submit" type="submit" name="submit" value="Login" />
PHP
//Selecting Database from Server
$db = mysql_select_db("tanni", $connection);
if(isset($_POST['submit'])){
//Fetching variables of the form which travels in URL
$mail = $_POST['mail'];
$pass = $_POST['pass'];
if($mail!=''&&$pass!=''){
$query=mysql_query("SELECT* FROM user WHERE mail='".$mail."' and pass='".$pass."'") or die(mysql_error());
$res=mysql_fetch_row($query);
if($res){
$_SESSION['mail']=$mail;
}else {
echo'You entered username or password is incorrect';
}
}else{
echo'Enter both username and password';
}
}
//Closing Connection with Server
mysql_close($connection);
?>
</form>
</div>
<div class="formget"><a href=http://www.formget.com/app><img src="formget.jpg" alt="Online Form Builder"/></a>
</div>
</div>
</body>
</html>
What is the problem in the code?

Need space between select and * at SELECT* FROM
Your query would be
SELECT * FROM user WHERE...
Use mysql_num_rows() to check number of rows return from your query instead mysql_fetch_row
mysql is deprecated instead use mysqli or PDO
You need to start session at the top of your page
session_start();
Don't store plain password into database use password hashing technique
http://php.net/manual/en/function.password-hash.php
http://php.net/manual/en/faq.passwords.php
Your code is open for sql injection read
How can I prevent SQL injection in PHP?
Your whole code would be
<?php
session_start();
//Establishing Connection with Server
$connection = mysql_connect("localhost", "root", "");
//Selecting Database from Server
$db = mysql_select_db("tanni", $connection);
if (isset($_POST['submit'])) {
//Fetching variables of the form which travels in URL
$mail = $_POST['mail'];
$pass = $_POST['pass'];
if ($mail != '' && $pass != '') {
$query = mysql_query("SELECT * FROM user WHERE mail='" . $mail . "' and pass='" . $pass . "'") or die(mysql_error());
$res = mysql_num_rows_row($query);
if ($res == 1) {
$_SESSION['mail'] = $mail;
} else {
echo'You entered username or password is incorrect';
}
} else {
echo'Enter both username and password';
}
}
//Closing Connection with Server
mysql_close($connection);
?>