This is my form of cus_login.php:
<form method="post" action="cus_login.php">
<h2>LOG-IN</h2> <hr>
<div id="message" > <?php if ($msg != "") echo $msg ?></div>
<div class="form-group">
<input class="form-control" name="email_add" type="email" placeholder="Email...">
</div>
<div class="form-group">
<input class="form-control" name="password" type="password" placeholder="Password...">
</div>
<input class="btn btn-success" type="submit" name="submit" value="LOG IN">
</form>
The action is just above this file, which is the following:
<?php include 'includes/config.php';
session_start();
if (isset($_POST['submit'])) {
$email_add = $con->real_escape_string($_POST['email_add']);
$password = $con->real_escape_string($_POST['password']);
if ($email_add == "" || $password == "")
$msg = "Empty Fields! Type in your Email address and Password";
else {
$sql = $con->query("SELECT * FROM tbl_customers WHERE email_add='$email_add'");
if ($sql->num_rows > 0) {
$data = $sql->fetch_array();
if (password_verify($password, $data['password'])) {
if ($data['confirm'] == 0)
$msg = "Please verify your email! Before logging in";
else {
session_start();
$_SESSION['id'] = $row['id'];
header("location: cus_prof.php");
}
} else
$msg = "Wrong Password! Please enter again.";
} else {
$msg = "Wrong Email Address! Please enter again";
}
} }?>
How do I display the info of the customers based on the email or id to another page or file ... like a profile information page?
<?php
session_start();
include 'includes/config.php';
/*note in your config.php must have the session_start(); function as the first line just after
opening php tag else session will not start and Your session variable will not be available */
$msg="";
if (isset($_POST['submit'])) {
$email_add = $con->real_escape_string($_POST['email_add']);
$password = $con->real_escape_string($_POST['password']);
if ($email_add == "" || $password == "")
$msg = "Empty Fields! Type in your Email address and Password";
else {
$sql = $con->query("SELECT * FROM tbl_customers WHERE email_add='$email_add'");
if ($sql->num_rows > 0) {
$data = $sql->fetch_array();
if (password_verify($password, $data['password'])) {
if ($data['confirm'] == 0)
$msg = "Please verify your email! Before logging in";
else {
// session_start(); this must be call in the first line of code before any other code
$_SESSION['id'] = $row['id'];
//here you can just add the data variable to the session`enter code here`
//$_SESSION['data'] = $data;
header("location: cus_prof.php");
}
} else
$msg = "Wrong Password! Please enter again.";
} else {
$msg = "Wrong Email Address! Please enter again";
}
}
}?>
// then in your cus_prof.php file
<?php
include 'includes/config.php';
$id =$_SESSION['id'];
$sql = $con->query("SELECT * FROM tbl_customers WHERE id='$id'");
if ($sql->num_rows > 0) {
$data = $sql->fetch_array();
//do whatever you want with the data in the $data array
}
?>
I have just added the data variable to session that way you can access whatever is in the data variable through the session variable at any location.
Related
I am practicing PHP and database creation and would like to change my message based on errors from the input. I can't figure out how to pass the changed messaged back and would appreciate any help given.
This is my sign up page
<main>
<h1>Signup<h1>
<h3>
<?php
echo $errorMsg;
?>
<h3>
<form action="includes/signup.inc.php" method="post">
<input type="text" name="uid" placeholder="Username">
<input type="text" name="mail" placeholder="E-mail">
<input type="password" name="pwd" placeholder="Password">
<input type="password" name="pwd_repeat" placeholder="Repeat Password">
<button type="submit" name="signup-submit">Submit</button>
<form>
</main>
This is my processing page
if(isset($_POST['signup-submit'])){
require 'dbh.inc.php';
$Name = $_POST['uid'];
$Email= $_POST['mail'];
$Password = $_POST['pwd'];
$PasswordRepeat = $_POST['pwd_repeat'];
if(empty($Name) || empty($Email) || empty($Password) || empty($PasswordRepeat)){
header("Location: ../signup.php?error=emptyfields=1"); //Check if any field is empty
exit();
}
else if(!filter_var($Email, FILTER_VALIDATE_EMAIL) && !preg_match("/^[a-zA-Z0-9]*$/", $Name)){
header("Location: ../signup.php?error=invalidamil&uid"); //Check if username and email is valid input
exit();
}
else if(!filter_var($Email, FILTER_VALIDATE_EMAIL)){
header("Location: ../signup.php?error=invalidamil&uid=".$Name); //Check if email is valid input
exit();
}
else if($Password !== $PasswordRepeat){
header("Location: ../signup.php?error=passwordCheck&uid=".$Name."&mail=".$Email); // Check if passwords don't match
exit();
}
$sql2 = "SELECT UserName FROM dbo.MainTable WHERE UserName = ?";
$params2 = array($Name, SQLSRV_PARAM_IN);
$stmt2 = sqlsrv_query($conn, $sql2, $params2);
if($stmt2 === false)
{
die(print_r(sqlsrv_errors(), true));
exit();
}
$row_count = sqlsrv_num_rows($stmt2);
if($row_count != 0)
{
$_SESSION['errMsg'] = "Error retrieving username";
header("location: ../register.php");
exit();
}
else if($row_count > 0)
{
$_SESSION['errMsg'] = "Username is already used";
header("Location: ../signup.php?error=UserNameTaken&uid");
exit();
}
else{
$sql = "INSERT INTO dbo.MainTable(UserName,Email,UserPassword)
VALUES (?,?,?)";
$Password = PASSWORD_HASH($_POST['pwd'], PASSWORD_DEFAULT); //Password hashing
$stmt = sqlsrv_query($conn, $sql,array(#$Name,#$Email,#$Password));
if($stmt === false){
die( print_r( sqlsrv_errors(), true));
}else{
$_SESSION['errMsg'] = "Registration completed!";
header("Location: ../signup.php?signup=COMPLETE");
exit();
}
}
I am not sure where to put a change message variable here because I couldn't get it work in the if statements.
You are providing the error message as an url paramenter, so you can access it with php $_GET
<h3>
<?php
echo $_GET['error'];
?>
<h3>
I have login form with username and password.If i am entering wrong username or password it is showing blank page not displaying any error messages.it just showing in URL as website.com/Admin/#. Here is the code which i have written:
<form action="#" method="post" role="form" enctype="multipart/form-data">
<?php if ( $msg != '' ) { ?>
<div class="alert alert-success">
<?php echo $msg; ?>
</div>
<?php } ?>
<div class="form-group col-md-12 col-sm-12 col-xs-12">
<div class="field-label">Email</div>
<input type="text" placeholder="User Name" id="username" name="user_name" required>
</div>
<div class="form-group col-md-12 col-sm-12 col-xs-12">
<div class="field-label">Password</div>
<input type="password" placeholder="Password" id="password" name="password" required>
</div>
<div class="form-group col-md-12 col-sm-12 col-xs-12">
<div class="button-box">
<input type="submit" name="submit_login" value="Sign In" class="theme-btn btn-style-one">
</div>
</form>
PHP Code:
<?php
session_start();
include 'db.php';
if ( isset( $_POST['submit_login'] ) ) {
if ( !empty( $_POST['user_name'] ) && !empty( $_POST['password'] ) ) {
$get_user_name = mysqli_real_escape_string( $conn, $_POST['user_name'] );
$get_password = mysqli_real_escape_string( $conn, $_POST['password'] );
// Encrypting the password from text//
$get_password = md5( $get_password );
$sql = "SELECT * FROM users WHERE username = '$get_user_name' AND user_password = '$get_password'";
if ( $result = mysqli_query( $conn, $sql ) ) {
while ( $rows = mysqli_fetch_assoc( $result ) ) {
if ( mysqli_num_rows( $result ) == 1 ) {
$_SESSION['user'] = $get_user_name;
$_SESSION['password'] = $get_password;
$_SESSION['user_role'] = $rows['user_role'];
if ( $_SESSION['user_role'] === 'admin' ) {
header( 'Location:property-list.php' );
}
} else {
$msg = 'User name or Password was Wrong!';
$msgclass = 'bg-danger';
}
}
} else {
$msg = 'There is somekind of Database Issue!';
$msgclass = 'bg-danger';
}
} else {
$msg = 'User name or Password was empty!';
$msgclass = 'bg-danger';
}
} else {
}
?>
If i give correct username and password its working fine their was no issue in that the only problem is with if i enter wrong username or password or else submitting directly without giving any data it is not displaying message
You need to echo the $msg all the time remove the if in the form then declare mgs and msgclass before the submit action then just echo
<?php
session_start();
include 'db.php';
$msg =""; // declare message
$msgclass =""; //classs
if(isset($_POST['submit_login'])){
if(!empty($_POST['user_name']) && !empty($_POST['password'])){
$get_user_name = mysqli_real_escape_string($conn,$_POST['user_name']);
$get_password = mysqli_real_escape_string($conn,$_POST['password']);
// Encrypting the password from text//
$get_password=md5($get_password);
$sql = "SELECT * FROM users WHERE username = '$get_user_name' AND user_password = '$get_password'" ;
if($result = mysqli_query($conn,$sql)){
while($rows = mysqli_fetch_assoc($result)){
if(mysqli_num_rows($result) == 1){
$_SESSION['user'] = $get_user_name;
$_SESSION['password'] = $get_password;
$_SESSION['user_role'] = $rows['user_role'];
if($_SESSION['user_role'] === 'admin'){
header('Location:property-list.php');
}
}
else{
$msg = 'User name or Password was Wrong!';
$msgclass='bg-danger';
}
}
}
else {
$msg = 'There is somekind of Database Issue!';
$msgclass='bg-danger';
}
} else {
$msg = 'User name or Password was empty!';
$msgclass='bg-danger';
}
}else {
}
?>
Then
<form action="#" method="post" role="form" enctype="multipart/form-data">
<div class="alert <?php echo $msgclass;?>">
<?php echo $msg;?>
</div>
<div class="form-group col-md-12 col-sm-12 col-xs-12">
<div class="field-label">Email</div>
<input type="text" placeholder="User Name" id="username" name="user_name" required>
</div>
<div class="form-group col-md-12 col-sm-12 col-xs-12">
<div class="field-label">Password</div>
<input type="password" placeholder="Password" id="password" name="password" required>
</div>
<div class="form-group col-md-12 col-sm-12 col-xs-12">
<div class="button-box">
<input type="submit" name="submit_login" value="Sign In" class="theme-btn btn-style-one">
</div>
</form>
NB : You should use prepared statements to prevent sql injections.
Never use md5() as means of password encrption rather use
password_hash() and password_verify()
First you need to target your php file in the action attribute of your form
action="/path/tofile.php"
Most user friendly validation is done with javascript, so the page doesn't have to reload,
but if you really want to use PHP, one way to do it is with sessions.
You can add the $msg and $msgclass to the session variable:
$_SESSSION['response'] = ['message' => $msg, 'class' => $msgclass];
After that use header function to redirect back to your html:
header('Location: /pathtoformfile');
exit;
Note: be careful not to echo or print anything in the script before header.
Finally, in the form file do this:
// add this at THE TOP of the file
session_start();
// check session variable
if(!empty($_SESSION['response']) {
// display the message
echo $_SESSION['response']['message'];
}
Redirect to your login page again. Suppose, LoginForm.php
Updated code:
<?php session_start();
include 'db.php';
if(isset($_POST['submit_login']))
{
if(!empty($_POST['user_name']) && !empty($_POST['password']))
{
$get_user_name = mysqli_real_escape_string($conn,$_POST['user_name']);
$get_password = mysqli_real_escape_string($conn,$_POST['password']);
// Encrypting the password from text//
$get_password=md5($get_password);
$sql = "SELECT * FROM users WHERE username = '$get_user_name' AND user_password = '$get_password'" ;
if($result = mysqli_query($conn,$sql))
{
while($rows = mysqli_fetch_assoc($result))
{
if(mysqli_num_rows($result) == 1)
{
$_SESSION['user'] = $get_user_name;
$_SESSION['password'] = $get_password;
$_SESSION['user_role'] = $rows['user_role'];
if($_SESSION['user_role'] === 'admin')
{
header('Location:property-list.php');
}
}
else{
$msg = 'User name or Password was Wrong!';
$msgclass='bg-danger';
}
}
}
else {
$msg = 'There is somekind of Database Issue!';
$msgclass='bg-danger';
}
} else {
$msg = 'User name or Password was empty!';
$msgclass='bg-danger';
}
header("Location:Login.php");
}
?>
If the user enters a wrong password or blank one you are not redirecting it to anywhere.
see updated code.
<?php session_start();
include 'db.php';
if(isset($_POST['submit_login'])){
if(!empty($_POST['user_name']) && !empty($_POST['password'])){
$get_user_name = mysqli_real_escape_string($conn,$_POST['user_name']);
$get_password = mysqli_real_escape_string($conn,$_POST['password']);
// Encrypting the password from text//
$get_password=md5($get_password);
$sql = "SELECT * FROM users WHERE username = '$get_user_name' AND user_password = '$get_password'" ;
if($result = mysqli_query($conn,$sql)){
while($rows = mysqli_fetch_assoc($result)){
if(mysqli_num_rows($result) == 1){
$_SESSION['user'] = $get_user_name;
$_SESSION['password'] = $get_password;
$_SESSION['user_role'] = $rows['user_role'];
if($_SESSION['user_role'] === 'admin'){
// redirect to members area or login area
header('Location:property-list.php');
exit();
}
}
else{
$msg = 'User name or Password was Wrong!';
$msgclass='bg-danger';
}
}
}
else {
$msg = 'There is somekind of Database Issue!';
$msgclass='bg-danger';
}
} else {
$msg = 'User name or Password was empty!';
$msgclass='bg-danger';
}
}else {
}
// redirect to error page or login page..
header("redirect:error.php?msg=$msg&c=$msgClass");
exit();
?>
Some developers pass the variables with get others set a session and read the session. Is your choice I prefer sessions, but if you use GET or POST please always sanitize the user input.
On the query you should update your code to use prepared statements to eliminate possibilities of SQL injection.
On the password you are using MD5 if you are going to use it or either hashing protocol you should salt it so your passwords are stronger in case your sql is expose and the hashes are obtain.
$salt = "s0meRand0mStr1ng..Long..difficult...etc."; // must be longer than 20 chars at least.
$get_password=md5($get_password . $salt);
This worked fine for me
<?php session_start();
include 'db.php';
if(isset($_POST['submit_login'])){
if(!empty($_POST['user_name']) && !empty($_POST['password'])){
$get_user_name = mysqli_real_escape_string($conn,$_POST['user_name']);
$get_password = mysqli_real_escape_string($conn,$_POST['password']);
// Encrypting the password from text//
$get_password=md5($get_password);
$sql = "SELECT * FROM users WHERE username = '$get_user_name' AND user_password = '$get_password' limit 0,1" ;
$result = mysqli_query($conn,$sql);
$row = mysqli_fetch_assoc($result);
if(mysqli_num_rows($result) == 1){
$_SESSION['user'] = $get_user_name;
$_SESSION['password'] = $get_password;
$_SESSION['user_role'] = $row ['role'];
if($_SESSION['user_role'] === 'admin'){
header('Location:property-list.php');
exit;
}
}
else{
header('Location:index.php?msg=1');
exit;
}
} else {
header('Location:index.php?msg=3');
exit;
}
}
if(isset($_GET['msg']) && !empty($_GET['msg'])){
if($_GET['msg']==1){
$msg = 'User name or Password was Wrong!';
$msgclass='bg-danger';
}else if($_GET['msg']==2){
$msg = 'User name or Password was empty!';
$msgclass='bg-danger';
}
}
?>
PHP saying theres nothing in the boxes when I put stuff in.
Tried putting var_dump($_POST); die(); at the top of register.php and it showed what I put in the boxes
Not sure what's going on here.
Any help is appreciated. Thanks in advance.
I've spent a while trying to figure this out.
Will login work aswell?
Thanks,
Jon
functions.php
<?php
session_start();
// connect to database
$db = mysqli_connect(:-));
// variable declaration
$username = "";
$email = "";
$errors = array();
// call the register() function if register_btn is clicked
if (isset($_POST['register_btn'])) {
register();
}
// REGISTER USER
function register(){
// call these variables with the global keyword to make them available in function
global $db, $errors, $username, $email;
// receive all input values from the form. Call the e() function
// defined below to escape form values
$username = e($_POST['username']);
$email = e($_POST['email']);
$password_1 = e($_POST['password_1']);
$password_2 = e($_POST['password_2']);
// form validation: ensure that the form is correctly filled
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($email)) {
array_push($errors, "Email is required");
}
if (empty($password_1)) {
array_push($errors, "Password is required");
}
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
// register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
if (isset($_POST['user_type'])) {
$user_type = e($_POST['user_type']);
$query = "INSERT INTO users (username, email, user_type, password)
VALUES('$username', '$email', '$user_type', '$password')";
mysqli_query($db, $query);
$_SESSION['success'] = "New user successfully created!!";
header('location: home.php');
}else{
$query = "INSERT INTO users (username, email, user_type, password)
VALUES('$username', '$email', 'user', '$password')";
mysqli_query($db, $query);
// get id of the created user
$logged_in_user_id = mysqli_insert_id($db);
$_SESSION['user'] = getUserById($logged_in_user_id); // put logged in user in session
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}
}
}
// return user array from their id
function getUserById($id){
global $db;
$query = "SELECT * FROM users WHERE id=" . $id;
$result = mysqli_query($db, $query);
$user = mysqli_fetch_assoc($result);
return $user;
}
// escape string
function e($val){
global $db;
return mysqli_real_escape_string($db, trim($val));
}
function display_error() {
global $errors;
if (count($errors) > 0){
echo '<div class="error">';
foreach ($errors as $error){
echo $error .'<br>';
}
echo '</div>';
}
}
function isLoggedIn()
{
if (isset($_SESSION['user'])) {
return true;
}else{
return false;
}
}
if (isset($_GET['logout'])) {
session_destroy();
unset($_SESSION['user']);
header("location: login.php");
}
if (isset($_POST['login_btn'])) {
login();
}
// LOGIN USER
function login(){
global $db, $username, $errors;
// grap form values
$username = e($_POST['username']);
$password = e($_POST['password']);
// make sure form is filled properly
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
// attempt login if no errors on form
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) { // user found
// check if user is admin or user
$logged_in_user = mysqli_fetch_assoc($results);
if ($logged_in_user['user_type'] == 'admin') {
$_SESSION['user'] = $logged_in_user;
$_SESSION['success'] = "You are now logged in";
header('location: admin/home.php');
}else{
$_SESSION['user'] = $logged_in_user;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}
}else {
array_push($errors, "Wrong username/password combination");
}
}
}
// ...
function isAdmin()
{
if (isset($_SESSION['user']) && $_SESSION['user']['user_type'] == 'admin' ) {
return true;
}else{
return false;
}
}
register.php
<?php
include('functions.php');
?>
<!DOCTYPE html>
<html>
<head>
<title>Register | Vex Radio</title>
<link rel="stylesheet" href="style.css">
</head>
<body>
<div class="header">
<h2>Register</h2>
</div>
<form method="post" action="register.php">
<p><?php echo display_error(); ?></p>
<div class="input-group">
<label>Username</label>
<input type="text" name="username" value="<?php echo $username; ?>">
</div>
<div class="input-group">
<label>Email</label>
<input type="email" name="email" value="<?php echo $email; ?>">
</div>
<div class="input-group">
<label>Password</label>
<input type="password" name="password_1">
</div>
<div class="input-group">
<label>Confirm password</label>
<input type="password" name="password_2">
</div>
<div class="input-group">
<button type="submit" class="btn" name="register_btn">Register</button>
</div>
<p>
Already a member? Sign in
</p>
</form>
</body>
</html>
PHP to save the items in a DB and allow me to login
<?php
if(array_key_exists("logIn",$_POST))
{
$link = mysqli_connect("dbaddress", "dbname", "dbpassword", "dbuser");
if(!$_POST['regno'])
{
$error .= "Please enter your registration number";
}
if(!$_POST['password'])
{
$error .= "Password is required!";
}
if($error!="")
{
echo "<p>There were errors in your forms!</p>".$error;
}
else
{
$query = "SELECT * FROM `users` WHERE RegistrationNo = '".mysqli_real_escape_string($link, $_POST['regno'])."'";
$result = mysqli_query($link, $query);
$row = mysqli_fetch_array($result);
if (isset($row)) {
$hashedPassword = md5(md5($row['id']).$_POST['password']);
if ($hashedPassword == $row['password']) {
$_SESSION['id'] = $row['id'];
header("Location: after_login.php");
}
else {
$error = "That email/password combination could not be found.";
}
}
else {
$error = "That email/password combination could not be found.";
}
}}
?>
<form method="post">
<center><input type="text" placeholder="Enter Username" name="regno" id="log_username" class="sidelog"/>
<input type="password" placeholder="Enter Password" name="password" id="real_pass" class="sidelog"/>
</br><button id="button_log" type="submit" name="logIn" > GO </button> </center>
</form>
The page reloads whenever I fill the form and submit it. The header isn't working. I can't seem to figure out why.If i leave the form empty, the error string is showing up properly. I used md5 encryption for the password. I concatenated the md5 of id in the database with the password and md5 encrypted the resulting string.
Try this will may help you,
if ($hashedPassword == $row['password']) {
$_SESSION['id'] = $row['id'];
header("Location: after_login.php");
die();
}
having a bit of trouble with my login / reg forms
Basically when i register (create new user) it takes me to the login.php script and not the register script.
The login form is in the "header.php" page so its at the top of every page including the register form. But dont think that would be an issue?
Register form
<?php
include("config.php");
include("header.php");
?>
<div id="contentwrap">
<form name="myuserform" method="POST" action="register.php" onsubmit="return validateForm();">
<tr class='alt'>
<td>email address: <td><input type="text" name="email">
<tr class='alt'>
<td>Password: <td><input type="password" name="password">
<tr class='alt'>
<td>Your name: <td><input type="text" name="username">
<tr class='alt'>
<td><input type="submit" name="adduser" value="Sign me up!">
</form>
</div>
Register.php
<?php
if (isset($_POST['adduser']))
{
$error = "";
$username = mysqli_real_escape_string($connection, $_POST['username']);
$password = mysqli_real_escape_string($connection, $_POST['password']);
$md5_pass = md5($password);
$email = mysqli_real_escape_string($connection, $_POST['email']);
if (!isset($username) || empty($username) ||
!isset($password) || empty($password) ||
!isset($email) || empty($email))
{
$error = "All fields must be filled out";
}
else if (user_exists($connection, $username))
{
$error = "Username already registered";
}
else if (strlen($password) < 6)
{
$error = "Password must be at least 6 characters";
}
else if (!filter_var($email, FILTER_VALIDATE_EMAIL)) // check if email looks valid
{
$error = "Please enter a valid email";
}
if ($error == "")
{
//$query = "INSERT INTO users (email, password, username) VALUES ('{$email}','{$md5_pass}','{$username}')";
$query = "INSERT INTO users (username, password, email) VALUES ('{$username}','{$md5_pass}','{$email}')";
$result = mysqli_query($connection, $query);
if ($result)
echo " <b>Registered successfully!</b><br/>Please return to the <a href='index.php'>index</a> to login.";
else
$error = "Unable to create new user";
}
if ($error != "") // redo error string check since the last block may have set it
{
echo "Error: {$error}. Please return to the previous page.";
}
exit();
}
?>
Login.php
<?php
include("config.php");
if (isset($_POST['username']) && !empty($_POST['username']) &&
isset($_POST['password']) && !empty($_POST['password']))
{
$username = mysqli_real_escape_string($connection, $_POST['username']);
$password = md5($_POST['password']);
$query = "SELECT * FROM users WHERE username='{$username}' AND password='{$password}'";
$res = mysqli_query($connection, $query);
if (mysqli_num_rows($res) >= 1)
{
$row = mysqli_fetch_array($res);
if($row['rank'] == "banned")
{
echo "You have been banned from the site.";
exit();
}
$_SESSION['uid'] = $row['userid'];
$_SESSION['username'] = $row['username'];
if($row['rank'] == "admin")
$_SESSION['is_admin'] = true;
header("Location: index.php");
exit();
}
else
{
echo "Username/password invalid. Return to the <a href='index.php'> home </a>page";
exit();
}
}
echo "Something went wrong, try again"; <--- this is the result im getting
?>
here is the login form (apart of header.php)
<?php
if (!isset($_SESSION['uid']) || empty($_SESSION['uid']))
{
echo "<form action='login.php' method='post'>
Username: <input type='text' name='username' Placeholder='Username' style='width:100px;'/>
Password: <input type='password' name='password' Placeholder='Password' style='width:100px;' />
<input type='submit' name='submit' value='Log In' />";
echo "<div id='freeman'>
<a href='signup.php'> <img src='images/register.jpg' width='60px' height='60px' /> </a>
</div>";
} else {
echo "You are logged is as {$_SESSION['username']} • <a href='logout.php'>Logout</a>";
}
?>
The problem that when you register your not opening a session to consider the user as logged and acquire a session for him.
The other issue your not checking in your login script if the user already have a session which implies that he is already logged in