How to make log in page PHP work with Session. - php

Okay, So I have this log in page here all I want it to do is log me in and send me too "index.php". I know my email is correct and the password and everything is good. it all works it just stays on the same page though instead of actually sending me to "index.php". Im new to php and it is probably something stupid but any help would be greatly appreciated. Please and Thank you! :)
<link rel="stylesheet" href="styles.css" />
<?php
session_start();
if(isset($_SESSION['usr_id'])!="") {
header("Location: index.php");
}
include_once 'dbconnect.php';
//check if form is submitted
if (isset($_POST['login'])) {
$email = mysqli_real_escape_string($conn, $_POST['email']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
$result = mysqli_query($conn, "SELECT * FROM users WHERE email = '" . $email. "' and password = '" . md5($password) . "'");
if ($row = mysqli_fetch_array($result)) {
$_SESSION['usr_id'] = $row['id'];
$_SESSION['usr_name'] = $row['name'];
header("Location: index.php");
$successmsg = "SWEET YOU'RE IN!";
//echo "success";
} else {
$errormsg = "Incorrect Email or Password!!!";
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>PHP Login Script</title>
<meta content="width=device-width, initial-scale=1.0" name="viewport" >
<link rel="stylesheet" href="css/bootstrap.min.css" type="text/css" />
</head>
<body>
<div class="container-fluid">
<!-- add header -->
<div class="navbar-header">
</div>
<!-- menu items -->
<div class="collapse navbar-collapse" id="navbar1">
<ul class="navbar">
<li class="active">Login</li>
<li>Sign Up</li>
</ul>
</div>
</div>
<div class="container">
<div class="row">
<div class="col-md-4 col-md-offset-4 well">
<form role="form" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="loginform">
<fieldset>
<legend>Login</legend>
<div class="form-group">
<label for="name">Email</label>
<input type="text" name="email" placeholder="Your Email" required class="form-control" />
</div>
<div class="form-group">
<label for="name">Password</label>
<input type="password" name="password" placeholder="Your Password" required class="form-control" />
</div>
<div class="form-group">
<input type="submit" name="login" value="Login" class="btn btn-primary" />
</div>
</fieldset>
</form>
<span class="text-danger"><?php if (isset($errormsg)) { echo $errormsg; } ?></span>
<span class="text-success"><?php if (isset($successmsg)) { echo $successmsg; } ?></span>
</div>
</div>
</div>
</body>
</html>


Where you have this:
if(isset($_SESSION['usr_id'])!="") {
You want this:
if(isset($_SESSION['usr_id']) && $_SESSION['usr_id'] != "") {
Note that what's in $_SESSION['usr_id'] will be the id column from your database. It's not clear from context if such a column exists, so perhaps double check that there really is a value there before the initial redirect (i.e., just after checking the credentials).
Side note: don't use MD5() to hash passwords. MD5 isn't as secure as you'd want a password hash to be.

Related

get email and name in profile page

I am new on PHP and I trying to make a simple login system. I want that when i login, if I submit incorrect information system gives validation error and if I submit true info I want to get email or name in profile blade.
Like hello $user!!!
Login page
<html>
<title>Login Form</title>
<body>
<div class="container">
<form class="" method="post">
<label for="email">Enter Your Email</label>
<input type="text" name="email"> <br/>
<label for="password">Enter Your Password</label>
<input type="password" name="pass"><br/>
<input type="submit" value="Login" name="submit">
</form>
</div>
</body>
</html>
<?php
if(isset($_POST['submit'])){
$email=$_POST['email'];
$pass=$_POST['pass'];
if(($email=="cagri#vargonen.com") && ($pass=="1234")){
header()
}
else{
echo "Invalid username/password";
}
}
?>
In login page, I tried;
<?php
$email = $_POST['email'];
$password = $_POST['pass'];
if($email == 'cagri#vargonen.com' && $password == '1234'){
echo "Welcome Çağrı Uğurel";
}
else{
echo "Your email or password incorrect";
}
?>
Can you please help me where is my mistake?

You need to use session_start() to get username or other temp variables.
<?php
session_start();
if (isset($_POST["submit"])) {
$username = $_POST["username"];
$password = $_POST["password"];
$actualuser = "cagri#vargonen.com";
$actualpass = "1234";
if (($email == $actualuser) && ($pass == $actualpass)) {
$_SESSION["username"] = $username;
header("location:somepage.php");
} else {
echo "Username or Password isn't matched.";
}
}
?>
And if login is succeed, username goes to session variable which means you can use that variable during the session.
somepage.php
<?php
session_start();
?>
<html>
<title>User Page</title>
<body>
<p><?php echo $_SESSION["username"];?> </p>
</body>
</html>
I suggest you to use ajax method for kind of these.
EDIT:
Here is real-life example from my previous project.
index.php
<div class="modal fade" id="loginmodal" role="dialog" data-backdrop="static">
<div class="modal-dialog">
<!-- Modal content-->
<div class="modal-content">
<div class="modal-header" style="padding:35px 50px;">
<button type="button" class="close" data-dismiss="modal">×</button>
<h1> Giriş yap</h1>
</div>
<div class="modal-body" style="padding:40px 50px;">
<form role="form" method="post" action="index.php">
<div class="form-group">
<label for="usrname"><span class=""></span> Kullanıcı Adı</label>
<input type="text" pattern="[a-z]*"class="form-control" id="usrname" name="username" placeholder="Yetkili veya normal kullanıcı adı giriniz" required>
</div>
<div class="form-group">
<label for="psw"><span class=""></span> Şifre</label>
<input type="password" class="form-control" id="psw" name="password" placeholder="Şifre" required>
</div>
<button type="submit" class="btn btn-success btn-block" name="login"><span class=""></span> Giriş</button>
</form>
</div>
logincheck.php
<?php
if(isset($_POST["login"])){
$username = $_POST["username"];
$password = $_POST["password"];
$query = $db->prepare("select * from users where username=:username AND password=:password");
$query->execute(array(
':username' => $username,
':password' => $password
));
$r = $query->fetch();
$count = $query->rowCount();
if($count > 0 && $r["rank"] > 0) {
$_SESSION["username"] = $username;
$_SESSION["rank"] = $r["rank"];
header("location:project.php");
}
}
?>
userpage.php
<ul class="nav navbar-nav navbar-right">
<li class="dropdown">
<a class="dropdown-toggle" data-toggle="dropdown" href="#"> <?php echo $_SESSION["username"];?> <span class="caret">
</span></a>
<ul class="dropdown-menu">
<li>Çıkış yap</li>
</ul>
</li>
</ul>
Hope, this is help!

Add semicolon here header();
<html>
<title>Login Form</title>
<body>
<div class="container">
<form class="" method="post">
<label for="email">Enter Your Email</label>
<input type="text" name="email"> <br/>
<label for="password">Enter Your Password</label>
<input type="password" name="pass"><br/>
<input type="submit" value="Login" name="submit">
</form>
</div>
</body>
</html>
<?php
if(isset($_POST['submit'])){
session_start();
$email=$_POST['email'];
$pass=$_POST['pass'];
if(($email=="cagri#vargonen.com") && ($pass=="1234")){
$_SESSION['user'] = array('email'=>$email);
echo 'Hello '.$_SESSION['user']['email'].'...!';
}
else{
echo "Invalid username/password";
}
}
?>

I am beginner in PHP. I created a Database. How to display the data from database in PHP page?

I have created a Register.php page with name, email, password, gender, image and login page with name. When user registers it's getting successfully inserted to database. When user logins it just shows Welcome Username.
Now i want to get whole the registered data like name, email, password, gender, image to be displayed in the welcome.php page after user logins. How can i do it?
Following is my code.
Register.php
<?php
if(isset($_REQUEST['name']))
{
$con = mysqli_connect("localhost","root","","userdb");
$target= "images/".basename($_FILES['image']['name']);
$name= stripslashes($_REQUEST['name']);
$name= mysqli_real_escape_string($con,$name);
$email= stripslashes($_REQUEST['email']);
$email= mysqli_real_escape_string($con,$email);
$password= stripslashes($_REQUEST['password']);
$password= mysqli_real_escape_string($con,$password);
$gender= stripslashes($_REQUEST['gender']);
$gender= mysqli_real_escape_string($con,$gender);
$image= $_FILES['image']['name'];
$query= "INSERT INTO regtab(name,email,password,gender,image)VALUES('$name','$email','$password','$gender','$image')";
$result= mysqli_query($con,$query);
if($result){
echo"<div class = 'form'>Registered sucessfully.Click here to <a href = 'login.php'>Login</a></div>";
}
}
else
{
?>
<!DOCTYPE html>
<head>
<title>reg page</title>
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<!-- jQuery library -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
<!-- Latest compiled JavaScript -->
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
</head>
<body>
<div class="container">
<div class="row top_margin">
<div class="col-xs-6 col-xs-offset-3">
<div class="panel panel-primary">
<div class="panel-heading">User Registration</div>
<div class="panel-body">
<form method="POST" action="" enctype="multipart/form-data">
<div class="form-group">
<label for="name"> Name</label>
<input type="text" class="form-control" id="name" name="name">
</div>
<div class="form-group">
<label for="email">Email</label>
<input type="email" class="form-control" id="email" name="email">
</div>
<div class="form-group">
<label for="password">Password</label>
<input type="password" class="form-control" id="password" name="password">
</div>
<div class="form-group">
<label for="gender">Gender</label>
<input type="radio" id="gender" name="gender" value="male">Male
<input type="radio" id="gender" name="gender" value="female">Female
</div>
<div class="form-group">
<label for="email">Image</label>
<input type="file" class="" id="image" name="image">
</div>
<button type="submit" class="btn btn-primary" value=”registration_submit”>Submit</button>
</form>
</div>
</div>
</div>
</div>
</div>
</body>
<?php
}
?>
</html>
login.php
<?php
if(isset($_REQUEST['name']))
{
session_start();
$con = mysqli_connect("localhost", "root", "", "userdb");
$name = stripslashes($_REQUEST['name']);
$name = mysqli_real_escape_string($con,$name);
$query = "SELECT * FROM `regtab` WHERE name='$name'";
$result = mysqli_query($con,$query);
$rows = mysqli_num_rows($result);
if($rows==1)
{
$name = $_SESSION['name'];
header("Location: welcome.php");
}
else
{
echo "<div class_class=form>username entered is wrong.Please enter correct name.<br><br>Click here to <a href ='login.php'>LOGIN</a><br> Click here to <a href ='test.php'>REGISTER</a></div>";
}
}
else
{
?>
<!DOCTYPE html>
<head>
<title>reg page</title>
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<!-- jQuery library -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
<!-- Latest compiled JavaScript -->
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
</head>
<div class="container">
<div class="row top_margin">
<div class="col-xs-6 col-xs-offset-3">
<div class="panel panel-primary">
<div class="panel-heading">User Login</div>
<div class="panel-body">
<form method="POST" action="" enctype="multipart/form-data">
<div class="form-group">
<label for="first_name"> Name</label>
<input type="text" class="form-control" id="name" name="name">
</div>
<button type="submit" class="btn btn-primary" value=”submit”>Submit</button>
</form>
</div>
</div>
</div>
</div>
</div>
<?php
}
?>
</body>
</html>
welcome.php
<?php
session_start();
$con = mysqli_connect( "localhost", "root", "", "userdb")or die(mysqli_error($con));
$query = "SELECT * FROM regtab" ;
$result = mysqli_query($con , $query)or die(mysqli_error($con));
$num = mysqli_num_rows($result);
echo "Welcome ";
echo $_SESSION['name'];
?>

You need to modify your code in the below way to get complete users data in welcome.php page but you need to modify your code to make it more secure. You need to use MD5 for storing your password. And you need to login with username and password instead of name. Most importantly, you need to gain more knowledge to make your code better. In the mean time, update below code that will help you getting data in welcome.php page.
login.php :
<?php
if(isset($_REQUEST['name']))
{
session_start();
$con = mysqli_connect("localhost", "root", "", "userdb");
$name = stripslashes($_REQUEST['name']);
$name = mysqli_real_escape_string($con,$name);
$query = "SELECT * FROM `regtab` WHERE name='$name'";
$result = mysqli_query($con,$query);
$rows = mysqli_num_rows($result);
if($rows==1)
{
$_SESSION['name'] = $name;
header("Location: welcome.php");
}
else
{
echo "<div class_class=form>username entered is wrong.Please
enter correct name.<br><br>Click here to <a href ='login.php'>LOGIN</a><br>
Click here to <a href ='test.php'>REGISTER</a></div>";
}
}
else
{
?>
<!DOCTYPE html>
<head>
<title>reg page</title>
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href =
"https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<!-- jQuery library -->
<script
src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js">
</script>
<!-- Latest compiled JavaScript -->
<script
src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js">
</script>
</head>
<div class="container">
<div class="row top_margin">
<div class="col-xs-6 col-xs-offset-3">
<div class="panel panel-primary">
<div class="panel-heading">User Login</div>
<div class="panel-body">
<form method="POST" action="" enctype="multipart/form-data">
<div class="form-group">
<label for="first_name"> Name</label>
<input type="text" class="form-control" id="name"
name="name">
</div>
<button type="submit" class="btn btn-primary"
value=”submit”>Submit</button>
</form>
</div>
</div>
</div>
</div>
</div>
<?php
}
?>
</body>
</html>
welcome.php :
<?php
session_start();
$con = mysqli_connect( "localhost", "root", "", "userdb")or
die(mysqli_error($con));
$query = "SELECT * FROM regtab where name = '".$_SESSION['name']."'" ;
$result = mysqli_query($con , $query)or die(mysqli_error($con));
$row = mysqli_fetch_assoc($result);
echo "Welcome ";
echo $_SESSION['name'];
echo "<br>";
echo "Email:".$row['email'];
echo "<br>";
echo "Password:".$row['password'];
echo "<br>";
echo "Gender:".$row['gender'];
echo "<br>";
echo "Image: <img src='images/".$row['image']."'>";
?>
Replace login.php and welcome.php with the above code, your users data will then start displaying in welcome.php page. But you need to follow standard to improve your code. Hope it helps!

In your login.php put the below code instead of $name=$_SESSION['name'];
$_SESSION['name']=$name;
Then on your welcome.php, you can access the current user by $_SESSION['name']. Now you have the current user and you can retrieve all the data of the current user from the db by using $query = "SELECT * FROM regtab where name = '".$_SESSION['name']."'" ;

Can't get login script to work after adding salt to hash; worked fine before

I've reset my database and on registration, we added random salt to hashes, and the registration script worked fine, we could create accounts and accounts with the same password and they had different hashes, but our login script is broken, not logging in users, saying their password is incorrect.
No idea why- we have spent the last 2 hours trying to fix it. We have used PHP error checkers(https://phpcodechecker.com/), nothing was wrong.
We are running an old version PHP(5.6) and MySQL and can't currently change.
<?php
ob_start();
session_start();
require_once 'dbconnect.php';
// it will never let you open index(login) page if session is set
if ( isset($_SESSION['user'])!="" ) {
header("Location: index.php");
exit;
}
$error = false;
if( isset($_POST['btn-login']) ) {
// prevent sql injections/ clear user invalid inputs
$email = trim($_POST['email']);
$email = strip_tags($email);
$email = htmlspecialchars($email);
$name = trim($_POST['name']);
$name = strip_tags($name);
$name = htmlspecialchars($name);
$pass = trim($_POST['pass']);
$pass = strip_tags($pass);
$pass = htmlspecialchars($pass);
// prevent sql injections / clear user invalid inputs
if(empty($name)){
$error = true;
$nameError = "Please enter your username.";
}
if(empty($pass)){
$error = true;
$passError = "Please enter your password.";
}
$res=mysql_query("SELECT userId, userEmail, userPass, userSalt, userSalt2 FROM users WHERE userName='$name'");
$row=mysql_fetch_array($res);
$row['userSalt']=$salt1;
$row['userSalt2']=$salt2;
// if there's no error, continue to login
if (!$error) {
$passwordHash = hash('sha256', $salt1 . $password . $salt2); // password hashing using SHA256
//$res=mysql_query("SELECT userId, userEmail, userPass, userSalt, userSalt2 FROM users WHERE userName='$name'");
//$row=mysql_fetch_array($res);
$count = mysql_num_rows($res); // if email/pass correct it returns must be 1 row
if( $count == 1 && $row['userPass']==$passwordHash ) {
$_SESSION['user'] = $row['userId'];
header("Location: dashboard.php");
} else {
$errMSG = "Incorrect Credentials, Try again...";
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<script src="//code.jquery.com/jquery-1.10.2.js"></script>
<script>
$(function(){
$("#overallhead").load("overall_header.php");
$("#overallfoot").load("overall_footer.html");
});
</script>
<style>
body {
color: Thistle;
}
</style>
<div id="overallhead"></div>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Creature Paradise</title>
<link rel="stylesheet" href="assets/css/bootstrap.min.css" type="text/css" />
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>
<div class="container">
<div id="login-form">
<form method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" autocomplete="off">
<div class="col-md-12">
<div class="form-group">
<h2 class="">Login</h2>
</div>
<div class="form-group">
<hr />
</div>
<?php
if ( isset($errMSG) ) {
?>
<div class="form-group">
<div class="alert alert-danger">
<span class="glyphicon glyphicon-info-sign"></span> <?php echo $errMSG; ?>
</div>
</div>
<?php
}
?>
<div class="form-group">
<div class="input-group">
<span class="input-group-addon"><span class="glyphicon glyphicon-envelope"></span></span>
<input type="name" name="name" class="form-control" placeholder="Your Username" value="<?php echo $name; ?>" maxlength="40" />
</div>
<span class="text-danger"><?php echo $nameError; ?></span>
</div>
<div class="form-group">
<div class="input-group">
<span class="input-group-addon"><span class="glyphicon glyphicon-lock"></span></span>
<input type="password" name="pass" class="form-control" placeholder="Your Password" maxlength="15" />
</div>
<span class="text-danger"><?php echo $passError; ?></span>
</div>
<div class="form-group">
<hr />
</div>
<div class="form-group">
<button type="submit" class="btn btn-block btn-primary" name="btn-login">Sign In</button>
</div>
<div class="form-group">
<hr />
</div>
<div class="form-group">
Don't have an account? Sign up here!
</div>
</div>
</form>
</div>
</div>
<div id="overallfoot"></div>
</body>
</html>
<?php ob_end_flush(); ?>

Have you do hashing on registration page, too? Because $row['userPass'] will never equal $passwordHash if you have not registration a new account with new hash applied

"Welcome user" on the same page without textboxes

I am very new at php and I'm trying to create a login div on the right side bar. Well it's seems to work but when I login it shows me:
user name [ textbox ]
password [ textbox ]
[ login button ]
welcome new2
Obviously, I'm not intrested of showing the textboxing and the login button because the user is already login.
Here is the code of the home page (templat.php):
<?php
session_start();
$db=mysqli_connect("localhost","root","","mydb");
?>
<!DOCTYPE html>
<html lang="he">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title><?php echo $title; ?></title>
<link rel="stylesheet" type="text/css" href="Styles/Stylesheet2.css" />
</head>
<body dir="rtl">
<div id="wrapper">
<div id="banner">
</div>
<nav id="navigation" dir="rtl">
<ul id="nav">
<li>home</li>
<li>topics</li>
<li>on us</li>
</ul>
</nav>
<!--
<div id="content_area">
<?php
//echo $content; ?>
</div>
-->
<div id="sidebar">
<div id="main-wrapper">
<center><h2>Login Form</h2></center>
<div class="imgcontainer">
<center>
<img src="images/avatar.png" width='60' height='60' alt="Avatar" class="avatar">
</center>
</div>
<form action="Template.php" method="post">
<div class="inner_container">
<label><b>Username</b></label>
<br/>
<input type="text" placeholder="Enter Username" name="username" required>
<br/>
<label><b>Password</b></label>
<br/>
<input type="password" placeholder="Enter Password" name="password" required>
<br/>
<button class="login_button" name="login"
type="submit">Login</button>
</div>
</form>
<?php
if(isset($_POST['login']))
{
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
$password=md5($password); //Remember we hashed password before storing last time
$sql="SELECT * FROM users WHERE username='$username' AND password='$password'";
$result=mysqli_query($db,$sql);
$row = mysqli_fetch_array($result);
$num = mysqli_num_rows($result);
if($num==1)
{
$_SESSION['message']="You are now Loggged In";
$_SESSION['username']=$username;
$id=$row['id'];
$_SESSION['id']=$id;
?>
<div id="main-wrapper">
<center><h3>Welcome <?php echo $_SESSION['username']; ?></h3></center>
<form action="Template.php" method="post">
<div class="imgcontainer">
<img src="images/avatar.png" alt="Avatar" width='60' height='60' class="avatar">
</div>
<div class="inner_container">
<button class="logout_button" type="submit">Log Out</button>
</div>
</form>
</div>
<?php
}
else
{
$_SESSION['message']="Username and Password combiation incorrect";
}
}
?>
</br>
</div>
</div>
<footer>
<p>aaa</p>
</footer>
</div>
</body>
</html>
update : logout.php:
<?php
session_start();
session_destroy();
unset($_SESSION['username']);
$_SESSION['message']="You are now logged out";
header("Location:login.php");
?>

You need to check if user is already logged in. You can check if $_SESSION['username'] is empty or not.
Update your login form like that:
<?php if(!isset($_SESSION['username'])) { ?>
<form action="Template.php" method="post">
<div class="inner_container">
<label><b>Username</b></label>
<br/>
<input type="text" placeholder="Enter Username" name="username" required>
<br/>
<label><b>Password</b></label>
<br/>
<input type="password" placeholder="Enter Password" name="password" required>
<br/>
<button class="login_button" name="login"
type="submit">Login
</button>
</div>
</form>
<?php }; ?>

PHP Query invalid result

I apologise if the title is confusing, but when I run the page with the code below and enter an email not found in the database, on the webpage I get Notice: Trying to get property of non-object in C:\xampp\htdocs\Testing\login.php on line 72. Instead of it saying this, I want it to give an error that the email is not registered.
<?php
session_start();//session starts here
if(isset($_SESSION['adminName'])||isset($_SESSION['email'])){
header("Location: welcome.php");//redirect to login page to secure the welcome page without login access.
}
?>
<html>
<head lang="en">
<meta charset="UTF-8">
<link type="text/css" rel="stylesheet" href="bootstrap-3.2.0-dist\css\bootstrap.css">
<title>Login</title>
</head>
<style>
.login-panel {
margin-top: 150px;
</style>
<body>
<div class="container">
<div class="row">
<div class="col-md-4 col-md-offset-4">
<div class="login-panel panel panel-success">
<div class="panel-heading">
<h3 class="panel-title">Sign In</h3>
</div>
<div class="panel-body">
<form role="form" method="post" action="login.php">
<fieldset>
<div class="form-group" >
<input class="form-control" placeholder="E-Mail" name="email" type="email" autofocus>
</div>
<div class="form-group">
<input class="form-control" placeholder="Password" name="pass" type="password" value="">
</div>
<input class="btn btn-lg btn-success btn-block" type="submit" value="login" name="login" >
<!-- Change this to a button or input when using this as a form -->
<!-- Login -->
</fieldset>
</form>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
<?php
include("database/db_conection.php");
if(isset($_POST['login'])){
$user_email=mysqli_real_escape_string($dbcon, $_POST['email']);
$user_pass=mysqli_real_escape_string($dbcon, $_POST['pass']);
$encrypted_password = password_hash($user_pass, PASSWORD_BCRYPT);
$query = $dbcon->query("SELECT user_pass FROM users WHERE user_email='$user_email'");
$passwordValue=$query->fetch_object()->user_pass;
if (password_verify($user_pass,$passwordValue)){
echo "Success!";
}else{
echo $encrypted_password;
echo "<div class='alert alert-danger'><a href='#' class='close' data-dismiss='alert' aria-label='close'>×</a><strong>Error!</strong> Email or password entered was incorrect!</div>";
}
/*$check_user="select * from users WHERE user_email='$encrypted_email' AND user_pass='$user_pass'";
$run=mysqli_query($dbcon,$check_user);
if(mysqli_num_rows($run))
{
echo "<script>window.open('welcome.php','_self')</script>";
$_SESSION['email']=$user_email;//here session is used and value of $user_email store in $_SESSION.
}
else
{
echo "<script>alert('Email or password is incorrect!')</script>";
}*/
}
?>
This is the code found in my login.php file. The php code within the comment isn't part of the web page, I will be removing it later.

<html>
<head lang="en">
<meta charset="UTF-8">
<link type="text/css" rel="stylesheet" href="bootstrap-3.2.0-dist\css\bootstrap.css">
<title>Login</title>
</head>
<style>
.login-panel {
margin-top: 150px;
</style>
<body>
<div class="container">
<div class="row">
<div class="col-md-4 col-md-offset-4">
<div class="login-panel panel panel-success">
<div class="panel-heading">
<h3 class="panel-title">Sign In</h3>
</div>
<div class="panel-body">
<form role="form" method="post" action="login.php">
<fieldset>
<div class="form-group" >
<input class="form-control" placeholder="E-Mail" name="email" type="email" autofocus>
</div>
<div class="form-group">
<input class="form-control" placeholder="Password" name="pass" type="password" value="">
</div>
<input class="btn btn-lg btn-success btn-block" type="submit" value="login" name="login" >
<!-- Change this to a button or input when using this as a form -->
<!-- Login -->
</fieldset>
</form>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
<?php
include("database/db_conection.php");
if(isset($_POST['login'])){
$user_email=mysqli_real_escape_string($dbcon, $_POST['email']);
$user_pass=mysqli_real_escape_string($dbcon, $_POST['pass']);
$encrypted_password = password_hash($user_pass, PASSWORD_BCRYPT);
if ($query = $dbcon->query("SELECT user_pass FROM users WHERE user_email='$user_email'") == false) {
echo "The email doesn't exist in the DB";
} else {
$passwordValue=$query->fetch_object()->user_pass;
if (password_verify($user_pass,$passwordValue)){
echo "Success!";
}else{
echo $encrypted_password;
echo "<div class='alert alert-danger'><a href='#' class='close' data-dismiss='alert' aria-label='close'>×</a><strong>Error!</strong> Email or password entered was incorrect!</div>";
}
/*$check_user="select * from users WHERE user_email='$encrypted_email' AND user_pass='$user_pass'";
$run=mysqli_query($dbcon,$check_user);
if(mysqli_num_rows($run))
{
echo "<script>window.open('welcome.php','_self')</script>";
$_SESSION['email']=$user_email;//here session is used and value of $user_email store in $_SESSION.
}
else
{
echo "<script>alert('Email or password is incorrect!')</script>";
}*/
}
}
?>
I've added an if statement that checks if the query is false, if it's false it will echo that the email doesn't exist in the database, as you wanted, but if it exist, then you're fetched the password exactly as you want.

I used an if statement for the code: $query->num_rows() (credit to #MasterOdin for that) and if the number of rows equaled 0, then I echoed that you typed in an invalid email.
Ex.
if ($query->num_rows==0){
echo "You typed an invalid email!";
}else{
I further verified information here...
}

Categories