Why my php header() is not working? - php

My simple header() function not working.
login.php
<html>
<head>
<link rel="stylesheet" href="../css/bootstrap.css">
<link rel="stylesheet" href="../css/style.css">
</head>
<body>
<div class="container ">
<div class="row">
<div class="input-form">
<h2 align="center" style="padding-top: 10px;">Log In</h2>
<form action="logincheck.php" method="post">
<div class="form-group">
<label class="label1">UserName</label>
<input name="username" type="text" class="form-control" id="" placeholder="username">
</div>
<div class="form-group">
<label class="label2">Password</label>
<input name="password" type="password" class="form-control" id="" placeholder="********">
</div>
<input type="submit" name="submit" class="btn btn-default" value="LOG IN">
<?php /*
if($errormsg != ""){
echo '<label class="label3 alert alert-danger">'.$errormsg.'</label>';
} */
?>
</form>
</div>
</div>
</div>
And my logincheck.php is
<?php
$username = $_POST['username'];
$password = $_POST['password'];
header("location : login.php");
?>
And I got " The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there was an error in a CGI script.
If you think this is a server error, please contact the webmaster. "


Case sensitivity issue
header("Location: login.php");


In your logincheck.php file header should be like
header("Location : login.php");

Related

verification check for login page not working

I am working on a verification for my sign in using php for a side project. Right now I have one user which is the admin and the password is just 123. If the user enter the wrong password or username, it will throw a message saying Wrong Password or Wrong Username. At the moment it doesn't do either and I am trying to figure out why. I will post the html and php down below.
Update: I have added the method = post. Not sure where to go from here.
<?php
$uname = $_POST['uname'];
$passwd = $_POST['psw'];
$error = "";
$success ="";
if(isset($_POST['submit'])){
if($uname == 'admin'){
if($passwd == '123'){
$error = "";
$success = "Welcome Admin";
}
else{
$error = " Wrong Password!!";
$success = "";
}
}
else{
$error = " Wrong Username!";
$success = "";
}
}
?>
<html lang="en">
<head>
<title>Hangman Home Page</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-
width, initial-scale=1">
<link rel="stylesheet" type="text/css"
href="home.css">
</head>
<body>
<div class="header">
<div class="a">Hangman</div>
<br>
<br>
<br>
<!--column start here -->
<div class="hi">
<table id="leader">
<tr>
<th><img src="crown.gif"></th>
</tr>
<tr>
<td>Leader Board</td>
</tr>
<tr>
<td>1st. John : 4 guess</td>
</tr>
<tr>
<td>2nd. Smith : 6 Guesses</td>
</tr>
<tr>
<td>3rd. Tom : 7 Guesses</td>
</tr>
<tr>
<td>4th. Allen : 8 Guesses</td>
</tr>
</table>
</div>
<!-- form start here -->
<br><br>
<div class="b">Think You Can Beat #1 ?</div>
<center><button
onclick=
"document.getElementById('id01').
style.display='block'"
style="width:auto;">Play Now!!!
</button></center>
<div id="id01" class="modal">
<form class="modal-content animate" action="/action_page.php">
<div class="imgcontainer">
<span onclick="document.getElementById('id01').style.display='none'" class="close" title="Close Modal">×</span>
<img src="hang1.gif" alt="logo" class="avatar">
</div>
<div class="container">
<p class="error">
<?php echo 'error'; ?>
</p>
<p class="success">
<?php echo 'success'; ?>
</p>
<label for="uname"><b>Username</b></label>
<input type="text" placeholder="Enter Username" name="uname" required>
<label for="psw"><b>Password</b></label>
<input type="password" placeholder="Enter Password" name="psw" required>
<button type="submit">Login</button>
<label>
<input type="checkbox" checked="checked" name="remember"> Remember me
</label>
</div>
<div class="container" style="background-color:#f1f1f1">
<button type="button" onclick="document.getElementById('id01').style.display='none'" class="cancelbtn">Cancel</button>
<span class="psw">Forgot password?</span>
</div>
</form>

There's some mistakes at your script. First, let's check your form:
<form action="/action_page.php">
<input type="text" placeholder="Enter Username" name="uname" required>
<input type="password" placeholder="Enter Password" name="psw" required>
<button type="submit">Login</button>
<input type="checkbox" checked="checked" name="remember"> Remember me
</form>
This code when filled and submitted, will result at those variables at your PHP script:
$_GET["uname"], $_GET["psw"] and $_GET["remember"].
You're trying to reach the data using $_POST, but this will happen only when you add the attribute method="post" at your <form> tag.
You can also reach the mixed $_GET and $_POST arrays using $_REQUEST.
Another mistake it's the way you check if data has been submitted at the top of the code. There's no variable $_POST["submit"] (neither $_GET["submit"] or $_REQUEST["submit"]), because there's no variable with this name at the form, and you're probably thinking about submit button. To check if the form was submitted, the best way is to check if the username and password was not empty.
Also, you're echoing 'error' and 'success' at the form, and you're probably trying to echo the result of $error and $success.

Cause you don't display either the error message or the success message. Here a code that should resolve your problem:
..............
<!-- in your form tag add attribute method="POST" -->
<!-- Your code -->
<!-- in your div class="container"> -->
<?php if($success) { ?>
<p class="success"><?php echo $success; ?></p>
<?php } else if ($error) { ?>
<p class="error">
<?php echo $error; ?>
</p>
<!-- Your code -->
Happy coding ;)

you are echoing a string called success and error <?php echo 'success'; ?> what you should do is to echo the variables:
<?php echo $error; ?>
and:
<?php echo $success; ?>

HTML not showing after PHP

I'm currently trying to finetune a login script, only I have one small issue- the HTML isn't showing. I tried to put the HTML in front of the PHP, but the
session_start(); depends on the fact that it's at the top, so if I put the HTML before the PHP, the HTML renders, but the PHP is invalid. This is normal- however, the fact that the HTML doesn't show isn't.
Just to clarify, this is a .php document.
FULL CODE:
<?php
ob_start();
session_start();
require_once 'dbconnect.php';
// it will never let you open index(login) page if session is set
if ( isset($_SESSION['user'])!="" ) {
header("Location: home.php");
exit;
}
if( isset($_POST['btn-login']) ) {
$email = $_POST['email'];
$upass = $_POST['pass'];
$email = strip_tags(trim($email));
$upass = strip_tags(trim($upass));
$password = hash('sha256', $upass); // password hashing using SHA256
$res=mysql_query("SELECT userId, userName, userPass FROM users WHERE userEmail='$email'");
$row=mysql_fetch_array($res);
$count = mysql_num_rows($res); // if uname/pass correct it returns must be 1 row
if( $count == 1 && $row['userPass']==$password ) {
$_SESSION['user'] = $row['userId'];
header("Location: home.php");
} else {
$errMSG = "Wrong Credentials, Try again...";
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login & Registration System</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<link rel="stylesheet" href="http://demos.codingcage.com/signup-login/style.css" type="text/css" />
</head>
<body>
<div class="container">
<div id="login-form">
<form method="post" autocomplete="off">
<div class="col-md-12">
<div class="form-group">
<h2 class="">Sign In.</h2>
</div>
<div class="form-group">
<hr />
</div>
<?php
if ( isset($errMSG) ) {
?>
<div class="form-group">
<div class="alert alert-danger">
<span class="glyphicon glyphicon-info-sign"></span> <?php echo $errMSG;
?>
</div>
</div>
<?php
}
?>
<div class="form-group">
<div class="input-group">
<span class="input-group-addon"><span class="glyphicon glyphicon-envelope"></span></span>
<input type="email" name="email" class="form-control" placeholder="Your Email" required />
</div>
</div>
<div class="form-group">
<div class="input-group">
<span class="input-group-addon"><span class="glyphicon glyphicon-lock"></span></span>
<input type="password" name="pass" class="form-control" placeholder="Your Password" required />
</div>
</div>
<div class="form-group">
<hr />
</div>
<div class="form-group">
<button type="submit" class="btn btn-block btn-primary" name="btn-login">Sign In</button>
</div>
<div class="form-group">
<hr />
</div>
<div class="form-group">
Sign Up Here...
</div>
</div>
</form>
</div>
</div>
</body>
</html>

put this at the top..
error_reporting(E_ALL);
ini_set('display_errors', 1);
and it will tell you what the error is so people on stack overflow don't have to guess..
also, mysql_* functions are deprecated. if you want to get hacked, that's cool. if not, maybe look into PDO instead.
EDIT
I can't comment on the other answer yet so I'll just say here that isset returns a boolean. Comparing a boolean to an empty string with == has the exact same effect as comparing it with false ...this is unconventional, but it's not incorrect and it's certainly not causing any kind of error.
Proof: https://3v4l.org/vr8UU
The other answer is wrong.

if (isset($_SESSION['user'])!="" ) { this is not how isset() works.
Use: if (isset($_SESSION['user'])) { instead.
http://php.net/manual/en/function.isset.php
And remove the exit. It isn't necessary at this place.

How to make log in page PHP work with Session.

Okay, So I have this log in page here all I want it to do is log me in and send me too "index.php". I know my email is correct and the password and everything is good. it all works it just stays on the same page though instead of actually sending me to "index.php". Im new to php and it is probably something stupid but any help would be greatly appreciated. Please and Thank you! :)
<link rel="stylesheet" href="styles.css" />
<?php
session_start();
if(isset($_SESSION['usr_id'])!="") {
header("Location: index.php");
}
include_once 'dbconnect.php';
//check if form is submitted
if (isset($_POST['login'])) {
$email = mysqli_real_escape_string($conn, $_POST['email']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
$result = mysqli_query($conn, "SELECT * FROM users WHERE email = '" . $email. "' and password = '" . md5($password) . "'");
if ($row = mysqli_fetch_array($result)) {
$_SESSION['usr_id'] = $row['id'];
$_SESSION['usr_name'] = $row['name'];
header("Location: index.php");
$successmsg = "SWEET YOU'RE IN!";
//echo "success";
} else {
$errormsg = "Incorrect Email or Password!!!";
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>PHP Login Script</title>
<meta content="width=device-width, initial-scale=1.0" name="viewport" >
<link rel="stylesheet" href="css/bootstrap.min.css" type="text/css" />
</head>
<body>
<div class="container-fluid">
<!-- add header -->
<div class="navbar-header">
</div>
<!-- menu items -->
<div class="collapse navbar-collapse" id="navbar1">
<ul class="navbar">
<li class="active">Login</li>
<li>Sign Up</li>
</ul>
</div>
</div>
<div class="container">
<div class="row">
<div class="col-md-4 col-md-offset-4 well">
<form role="form" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="loginform">
<fieldset>
<legend>Login</legend>
<div class="form-group">
<label for="name">Email</label>
<input type="text" name="email" placeholder="Your Email" required class="form-control" />
</div>
<div class="form-group">
<label for="name">Password</label>
<input type="password" name="password" placeholder="Your Password" required class="form-control" />
</div>
<div class="form-group">
<input type="submit" name="login" value="Login" class="btn btn-primary" />
</div>
</fieldset>
</form>
<span class="text-danger"><?php if (isset($errormsg)) { echo $errormsg; } ?></span>
<span class="text-success"><?php if (isset($successmsg)) { echo $successmsg; } ?></span>
</div>
</div>
</div>
</body>
</html>

Where you have this:
if(isset($_SESSION['usr_id'])!="") {
You want this:
if(isset($_SESSION['usr_id']) && $_SESSION['usr_id'] != "") {
Note that what's in $_SESSION['usr_id'] will be the id column from your database. It's not clear from context if such a column exists, so perhaps double check that there really is a value there before the initial redirect (i.e., just after checking the credentials).
Side note: don't use MD5() to hash passwords. MD5 isn't as secure as you'd want a password hash to be.

PHP password_verify returning false

I have 2 projects 1 is just for checking username and password if they exist in the database,which has the function password_verify() working , and the other u can sign up and then log in, but in this 1 the function password_verify is always returning false even thought i have the same code written in both but changed the table name i will post the project, so if anyone can help me please.
I did check that it is connecting to the database normally and returning the email result correct but when it comes to comparing hashed pass with the one entered it's always false.
Index.php is the main page and contains only two php lines:
include("signup.php");
include("login.php");
Connection.php
<?php
$server="localhost";
$db_username="myusername";
$db_password="mypassword";
$db="test_db";
$conn=mysqli_connect($server,$db_username,$db_password,$db);
if(!$conn)
die ("Connection Failed: ".mysqli_connect_error());
?>
signup.php
<?php
session_start();
if(isset($_POST['signup']))
{
function validateFormData($formData)
{
$formData=trim(stripcslashes(htmlspecialchars($formData)));
return $formData;
}
$email=validateFormData($_POST['email']);
$password=validateFormData($_POST['password']);
if(!$_POST['email'])
$error.="Please enter an email<br>";
else if(!filter_var($_POST['email'],FILTER_VALIDATE_EMAIL))
{
$error.="Please enter a valid email<br>";
}
if(!$_POST['password'])
$error.="Please enter a password<br>";
else
{
if(strlen($_POST['password'])<8)
$error.="Password must contain at least 8 characters<br>";
if(!preg_match('`[A-Z]`',$_POST['password']))
$error.="Password must contain at least one capital letter<br>";
}
if($error)
{
echo "<div class='alert alert-danger text-center lead'><a class='close red' data-dismiss='alert'>×</a>".$error."</div>";
}
else
{
include('connection.php');
$query="SELECT * FROM `diary` WHERE email='".mysqli_real_escape_string($conn,$email)."'";
$result=mysqli_query($conn,$query);
$results=mysqli_num_rows($result);
if($results)
echo "<div class='alert alert-danger text-center lead'>This email already exists, do you want to log in?<a class='close red' data-dismiss='alert'>×</a></div>";
else
{
$selectUser=mysqli_real_escape_string($conn,$email);
$hashedPass=password_hash($password,PASSWORD_DEFAULT);
$query="INSERT INTO `diary`(`email`, `password`) VALUES ('$selectUser','$hashedPass')";
mysqli_query($conn,$query);
echo "<div class='alert alert-success text-center lead'>You've been signed up!<a class='close green' data-dismiss='alert'>×</a></div>";
$_SESSION['id']=mysqli_insert_id($conn);
}
}
}
?>
login.php
<?php
if(isset($_POST['login']))
{
function validateFormData($formData)
{
$formData=trim(stripcslashes(htmlspecialchars($formData)));
return $formData;
}
$formEmail=validateFormData($_POST['loginEmail']);
$formPass=validateFormData($_POST['loginPassword']);
$newPass=password_hash($formPass,PASSWORD_DEFAULT);
echo $newPass;
include("connection.php");
$query="Select * from diary where email='$formEmail' ";
$result=mysqli_query($conn,$query);
if(mysqli_num_rows($result)>0)
{
while($row=mysqli_fetch_assoc($result))
{
$LogEmail= $row['email'];
$LogPass= $row['password'];
echo "<br>".$LogPass;
}
if(password_verify($newPass,$LogPass))
{
echo "<br>Correct Password";
}
else
echo "<br>Not Correct";
}
}
?>
output of $newPass is :"$2y$10$dw0AtEExMc41p4nUB3W9kOOWTcNZmQev9jM4emNn7oQNODfu6Ld.q"
output of $LogPass is : "$2y$10$biz6Z5nxsMZXNf7p3ebqw.pksPb1VhWEmoan776rMqOC7VcFRQbrK"
Index
<?php
include("signup.php");
include("login.php");
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<title>Secret Diary</title>
<link rel="stylesheet" href="css/Normalize.css">
<link rel="stylesheet" href="bootstrap/css/bootstrap.min.css">
<link rel="stylesheet" href="css/style.css">
<!--[if IE]>
<script src="https://cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/respond.js/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body>
<div class="container">
<form class="form-horizontal emailForm" role="form" method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']);?>">
<legend><h1 class="text-center">Sign Up</h1></legend>
<div class="form-group">
<label class="control-label col-sm-2" for="email" >Email:</label>
<div class="col-sm-10">
<input type="email" class="form-control" style="width:90%" id="email" placeholder="Enter Email" name="email" value="<?php echo addslashes($_POST['email']);?>">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="pwd">Password:</label>
<div class="col-sm-10">
<input type="password" class="form-control" style="width:90%" id="pwd" placeholder="Password" name="password">
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" class="btn btn-success " id="btnClick" name="signup">Sign Up</button>
</div>
</div>
</form><!--SIGN UP-->
<form class="form-horizontal emailForm" role="form" method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']);?>">
<legend><h1 class="text-center">Log In</h1></legend>
<div class="form-group">
<label class="control-label col-sm-2" for="LogInEmail" >Email:</label>
<div class="col-sm-10">
<input type="email" class="form-control" style="width:90%" id="LogInEmail" placeholder="Enter Email" name="loginEmail" value="<?php echo addslashes($_POST['loginEmail']);?>">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="LogInPassword">Password:</label>
<div class="col-sm-10">
<input type="password" class="form-control" style="width:90%" id="LogInPassword" placeholder="Password" name="loginPassword">
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" class="btn btn-success " id="btnClick" name="login">Log In</button>
</div>
</div>
</form><!--LOG IN-->
</div>
<script src="js/JQuery.min.js"></script>
<script src="bootstrap/js/bootstrap.min.js" type="text/javascript"></script>
<script src="js/script.js" type="text/javascript"></script>
</body>
</html>

You overwrite your $password when you include your dbconnection.
include('connection.php');
has:
$password="mypassword";
Previously you set:
$password=validateFormData($_POST['password']);
so your hashed password is not the user's password, but your DB password.
I would prefix all DB credentials variables with db_. So your database password variable would then be $db_password. This will allow you to have distinct variables throughout your project (I'd think).
Additionally you should be using $formPass, not $newpass. The $newpass is going to be double hashed at the verify function.
$formEmail=validateFormData($_POST['loginEmail']);
$formPass=validateFormData($_POST['loginPassword']);
$newPass=password_hash($formPass,PASSWORD_DEFAULT);
so change:
if(password_verify($newPass,$LogPass))
to:
if(password_verify($formPass, $LogPass))

password_verify expects the cleartext password as its first argument. To fix your code, remove this line:
$newPass=password_hash($formPass,PASSWORD_DEFAULT);
And change this line:
if(password_verify($newPass,$LogPass))
To the following:
if(password_verify($formPass,$LogPass))

PHP Query invalid result

I apologise if the title is confusing, but when I run the page with the code below and enter an email not found in the database, on the webpage I get Notice: Trying to get property of non-object in C:\xampp\htdocs\Testing\login.php on line 72. Instead of it saying this, I want it to give an error that the email is not registered.
<?php
session_start();//session starts here
if(isset($_SESSION['adminName'])||isset($_SESSION['email'])){
header("Location: welcome.php");//redirect to login page to secure the welcome page without login access.
}
?>
<html>
<head lang="en">
<meta charset="UTF-8">
<link type="text/css" rel="stylesheet" href="bootstrap-3.2.0-dist\css\bootstrap.css">
<title>Login</title>
</head>
<style>
.login-panel {
margin-top: 150px;
</style>
<body>
<div class="container">
<div class="row">
<div class="col-md-4 col-md-offset-4">
<div class="login-panel panel panel-success">
<div class="panel-heading">
<h3 class="panel-title">Sign In</h3>
</div>
<div class="panel-body">
<form role="form" method="post" action="login.php">
<fieldset>
<div class="form-group" >
<input class="form-control" placeholder="E-Mail" name="email" type="email" autofocus>
</div>
<div class="form-group">
<input class="form-control" placeholder="Password" name="pass" type="password" value="">
</div>
<input class="btn btn-lg btn-success btn-block" type="submit" value="login" name="login" >
<!-- Change this to a button or input when using this as a form -->
<!-- Login -->
</fieldset>
</form>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
<?php
include("database/db_conection.php");
if(isset($_POST['login'])){
$user_email=mysqli_real_escape_string($dbcon, $_POST['email']);
$user_pass=mysqli_real_escape_string($dbcon, $_POST['pass']);
$encrypted_password = password_hash($user_pass, PASSWORD_BCRYPT);
$query = $dbcon->query("SELECT user_pass FROM users WHERE user_email='$user_email'");
$passwordValue=$query->fetch_object()->user_pass;
if (password_verify($user_pass,$passwordValue)){
echo "Success!";
}else{
echo $encrypted_password;
echo "<div class='alert alert-danger'><a href='#' class='close' data-dismiss='alert' aria-label='close'>×</a><strong>Error!</strong> Email or password entered was incorrect!</div>";
}
/*$check_user="select * from users WHERE user_email='$encrypted_email' AND user_pass='$user_pass'";
$run=mysqli_query($dbcon,$check_user);
if(mysqli_num_rows($run))
{
echo "<script>window.open('welcome.php','_self')</script>";
$_SESSION['email']=$user_email;//here session is used and value of $user_email store in $_SESSION.
}
else
{
echo "<script>alert('Email or password is incorrect!')</script>";
}*/
}
?>
This is the code found in my login.php file. The php code within the comment isn't part of the web page, I will be removing it later.

<html>
<head lang="en">
<meta charset="UTF-8">
<link type="text/css" rel="stylesheet" href="bootstrap-3.2.0-dist\css\bootstrap.css">
<title>Login</title>
</head>
<style>
.login-panel {
margin-top: 150px;
</style>
<body>
<div class="container">
<div class="row">
<div class="col-md-4 col-md-offset-4">
<div class="login-panel panel panel-success">
<div class="panel-heading">
<h3 class="panel-title">Sign In</h3>
</div>
<div class="panel-body">
<form role="form" method="post" action="login.php">
<fieldset>
<div class="form-group" >
<input class="form-control" placeholder="E-Mail" name="email" type="email" autofocus>
</div>
<div class="form-group">
<input class="form-control" placeholder="Password" name="pass" type="password" value="">
</div>
<input class="btn btn-lg btn-success btn-block" type="submit" value="login" name="login" >
<!-- Change this to a button or input when using this as a form -->
<!-- Login -->
</fieldset>
</form>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
<?php
include("database/db_conection.php");
if(isset($_POST['login'])){
$user_email=mysqli_real_escape_string($dbcon, $_POST['email']);
$user_pass=mysqli_real_escape_string($dbcon, $_POST['pass']);
$encrypted_password = password_hash($user_pass, PASSWORD_BCRYPT);
if ($query = $dbcon->query("SELECT user_pass FROM users WHERE user_email='$user_email'") == false) {
echo "The email doesn't exist in the DB";
} else {
$passwordValue=$query->fetch_object()->user_pass;
if (password_verify($user_pass,$passwordValue)){
echo "Success!";
}else{
echo $encrypted_password;
echo "<div class='alert alert-danger'><a href='#' class='close' data-dismiss='alert' aria-label='close'>×</a><strong>Error!</strong> Email or password entered was incorrect!</div>";
}
/*$check_user="select * from users WHERE user_email='$encrypted_email' AND user_pass='$user_pass'";
$run=mysqli_query($dbcon,$check_user);
if(mysqli_num_rows($run))
{
echo "<script>window.open('welcome.php','_self')</script>";
$_SESSION['email']=$user_email;//here session is used and value of $user_email store in $_SESSION.
}
else
{
echo "<script>alert('Email or password is incorrect!')</script>";
}*/
}
}
?>
I've added an if statement that checks if the query is false, if it's false it will echo that the email doesn't exist in the database, as you wanted, but if it exist, then you're fetched the password exactly as you want.

I used an if statement for the code: $query->num_rows() (credit to #MasterOdin for that) and if the number of rows equaled 0, then I echoed that you typed in an invalid email.
Ex.
if ($query->num_rows==0){
echo "You typed an invalid email!";
}else{
I further verified information here...
}

Categories