can anyone help me where exactly I am going wrong with this code? I got wrong when I am trying to check if email already exists in database or not.
how can I check if email exists in DB or not?
<html>
<h1> Registration Form </h1>
<body>
<form method="post" action="">
<input type="text" name="fname" placeholder="first name" required><br><br>
<input type="text" name="lname" placeholder="last name" required><br><br>
<input type="text" name="mail" placeholder="mail" required> <br><br>
<input type="PASSWORD" name="pass1" placeholder="password" required> <br><br>
<input type="PASSWORD" name="pass2" placeholder="repeat password" required> <br> <br>
<input type="submit" name="submit">
</form>
<?php
if(isset($_POST['submit']))
{
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$mail = $_POST['mail'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
if($pass1 !== $pass2)
{
echo "password in correct ";
}
else
{
$db = mysqli_connect("localhost","root","","reviewsystem");
$check = "SELECT * FROM registers WHERE $mail = email";
if($check == TRUE){
echo "email already exists";
}
else{
$query = "INSERT INTO registers(fname,lname,email,password) VALUES('$fname','$lname','$mail','$pass1')";
mysqli_query($db,$query);
echo " you are registered succesfully";
}
}
}
?>
</body>
</html>
First thing first: you didn't perform any kind of query. You just created a string. Add a line:
$db = mysqli_connect("localhost","root","","reviewsystem");
$check = "SELECT * FROM registers WHERE $mail = email";
$result = mysqli_query($db, $check); //i think there is a typo, mysqi_query
After that you can use mysqli_num_rows which returns number of SELECT rows that came back from DB to identify if the entry already exists:
if(mysqli_num_rows($result) > 0){
echo "email already exists";
}
The problem is in your where clause of mysql query . You must write it as
$check = "SELECT * FROM registers WHERE email = '".$mail."'"; if($check == TRUE){ echo "email already exists"; } else{
Related
my code generating fetal error in the code it check all fields except cnic filed, a cnic already exist in table in multiple rows.When we try to create login for new member with same cnic it create duplicate entry rather to checking and generate error for the already exiting cnic. i mean to say it check both email and cnic if both exit it deny for new registration but in my case some time it check and some time it not check the email and cnic. Please correct my code i try a lot but i am unable to filed where i'm doing wrong.Your help in this regard will highly helpful for me and i will be highly thankful to you.
<?php
//Start the Session
require_once("config.php");
//error_reporting(0);
$headers ='';
$res = '';
$Message = '';
$Message1 = '';
$Message2 = '';
$recaptcha = '';
$query ="SELECT * FROM tbl_signup;";
$result = mysqli_query($conn, $query);
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
$count = mysqli_num_rows($result);
$user_cnic = $row['apli_cnic'];
$User_Email = $row['apli_email'];
if(isset($_POST['ButtonSignUp']))
{
$Cnic=mysqli_real_escape_string($conn, $_POST['cnic']);
$Name= mysqli_real_escape_string($conn,$_POST['namesurname']);
$Email = mysqli_real_escape_string($conn, $_POST['email']);
$Password = mysqli_real_escape_string($conn, $_POST ['password']);
$CnfrmPassword = mysqli_real_escape_string($conn, $_POST['confirmPassword']);
$ActivationCode = md5( rand(0,1000) );
$Status = 0;
if ($Cnic == $user_cnic)
{
$Message = "Sign Up Failed. Account With CNIC: $user_cnic Already Exist";
}
elseif($Email == $User_Email)
{
$Message1 = "$Email Already Exist. Please Enter Another Email Address.";
}
elseif($Password != $CnfrmPassword)
{
$Message2 = "Your Password does not match the Confirm Password";
}
elseif ($Password == $CnfrmPassword)
{
$sql= "INSERT INTO table(fname, email, cnic, pwd, cnfrm_pwd, activation_code, status)
VALUES ('$Name','$Email','$Cnic','$Password','$CnfrmPassword', '$ActivationCode', '$Status');";
mkdir("DocumentUpload/$Cnic");
$to_email = $Email;
$subject = 'Verify Your Email';
$message = "Your account information is successfully updated. Please click the following link For verifying and activate your account.
$headers = 'From: abc.com
$res = mysqli_query($conn, $sql);
if(mail($to_email, $subject, $message, $headers))
{
}
}
if($res == 1)
{
header("location:VerifyEmailWait.php");
}
else
{
}
}
mysqli_close($conn);
?>
<form id="sign_up" method="POST">
<input type="number" class="form-control" name="cnic" placeholder="CNIC e.g. 3520212345678" maxlength="13" required autofocus autocomplete="off">
<input type="text" class="form-control" name="namesurname" placeholder="Full Name (As Per CNIC)" required autofocus autocomplete="off">
<input type="email" class="form-control" name="email" placeholder="Email Address" required autocomplete="off">
<input type="password" class="form-control" name="password" id="password" minlength="8" placeholder="Password" required autocomplete="off">
<input type="password" class="form-control" name="confirmPassword" id="confirmPassword" minlength="8" placeholder="Confirm Password" required autocomplete="off">
<button class="btn btn-block btn-lg bg-pink waves-effect" type="submit" name="ButtonSignUp">SIGN UP</button>
Already a Member? Please Sign In
</form>
Your insert statement
INSERT INTO table(fname, email, cnic, pwd, cnfrm_pwd, activation_code, status)
VALUES ('$Name','$Email','$Cnic','$Password','$CnfrmPassword', '$ActivationCode', '$Status');
is wrong it must be
INSERT INTO tbl_signup(fname, email, cnic, pwd, cnfrm_pwd, activation_code, status)
VALUES ('$Name','$Email','$Cnic','$Password','$CnfrmPassword', '$ActivationCode', '$Status');
Where you use the proper tabke name a generic table like you did is not allowed.
But please read this about passwords
And of course that about preventing sql injection
Before you proceed in your development.
My site won't let me log into it after filling out the registration form, everything in the database is correct but it just wont let me log in! Also if I do sort out the logging in problem will it let me pass over to 'home.php'? Sorry for being such a novice and thank you for your time in advance!
<?php
session_start();
if(!isset($_SESSION["userlogin"])){
}else{
$username = $_SESSION["userlogin"];
}
?>
<?php
$reg = #$_POST['reg'];
//declaring variables to prevent errors
$first_name = ""; //First Name
$last_name = ""; //Last Name
$username = ""; //Username
$email = ""; //Email
$email2 = ""; //Email 2
$password = ""; //Password
$password2 = ""; // Password 2
$signupdate = ""; // Sign up Date
$usercheck = ""; // Check if username exists
//registration form
$first_name = strip_tags(#$_POST['first_name']);
$last_name = strip_tags(#$_POST['last_name']);
$username = strip_tags(#$_POST['username']);
$email = strip_tags(#$_POST['email']);
$email2 = strip_tags(#$_POST['email2']);
$password = strip_tags(#$_POST['password']);
$password2 = strip_tags(#$_POST['password2']);
$signupdate = date("Y-m-d"); // Year - Month - Day
if ($reg) {
if ($email==$email2) {
// Check if user already exists
$usercheck = mysql_query("SELECT username FROM users WHERE username='$username'");
// Count the amount of rows where username = $un
$check = mysql_num_rows($usercheck);
//Check whether Email already exists in the database
$echeck = mysql_query("SELECT email FROM users WHERE email='$email'");
//Count the number of rows returned
$emailcheck = mysql_num_rows($echeck);
if ($check == 0) {
if ($emailcheck == 0) {
//check all of the fields have been filed in
if ($username && $first_name && $last_name &&
$email && $email2 && $password && $password2)
{
// check that passwords match
if ($password==$password2) {
// check the maximum length of username/first name/last name does not exceed 25 characters
if (strlen($username)>25 ||
strlen($first_name)>25 ||
strlen($last_name)>25)
{
echo "The maximum limit for username/first name/last name is 25 characters!";
}else {
// check the maximum length of password does not exceed 25 characters and is not less than 5 characters
if (strlen($password)>30||strlen($password)<5) {
echo "Your password must be between 5 and 30 characters long!";
}else {
//encrypt password and password 2 using crypt before sending to database
$password = crypt($password);
$password2 = crypt($password2);
$query = mysql_query("INSERT INTO users VALUES ('','$username','$first_name','$last_name','$email','$password','$signupdate','0')");
header("Location: index.php");
exit;
}
}
} else {
echo "Your passwords don't match!";
}
} else {
echo "Please fill in all of the fields";
}
}else{
echo "Sorry, but it looks like someone has already used that email!";
}
}else{
echo "Username already taken ...";
}
}else {
echo "Your E-mails don't match!";
}
}
?>
<?php
//Login Script
if (isset($_POST["userlogin"]) && isset($_POST["passwordlogin"])) {
$userlogin = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["userlogin"]); // filter everything but numbers and letters
$passwordlogin = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["passwordlogin"]); // filter everything but numbers and letters
$cryptpasswordlogin = crypt($passwordlogin);
$sql = mysql_query("SELECT id FROM users WHERE username='$userlogin' AND password='$cryptpasswordlogin' LIMIT 1"); // query the person
//Check for their existance
$userCount = mysql_num_rows($sql);
echo mysql_error();
//Count the number of rows returned
if ($userCount == 1) {
while($row = mysql_fetch_array($sql)){
$id = $row["id"];
}
$_SESSION["userlogin"] = $userlogin;
header("home.php");
exit();
}else{
echo 'That information is incorrect, try again';
exit();
}
}
?>
<div>
<h2>Already a Memeber? Login below ...</h2>
<form action="index.php" method="post" name="form1" id="form1">
<input type="text" size="40" name="userlogin" id="user_login" class="auto-clear" placeholder="Username..." /><p />
<input type="text" size="40" name="passwordlogin" id="password_login" placeholder="Password..." /><p />
<input type="submit" name="button" id="button" value="Login to your account">
</form>
</div>
<div>
<h2>Sign up Below ...</h2>
<form action="#.php" method="post">
<input type="text" size="40" name="username" class="auto-clear" title="Username" placeholder="Username..."><p />
<input type="text" size="40" name="first_name" class="auto-clear" title="First Name" placeholder="First name..."><p />
<input type="text" size="40" name="last_name" class="auto-clear" title="Last Name" placeholder="Last name..."><p />
<input type="text" size="40" name="email" class="auto-clear" title="Email" placeholder="Email..."><p />
<input type="text" size="40" name="email2" class="auto-clear" title="Repeat Email" placeholder="Email again..."><p />
<input type="password" size="40" name="password" placeholder="Password..."><p />
<input type="password" size="40" name="password2" placeholder="Password again..."><p />
<input type="submit" name="reg" value="Sign Up!">
</form>
</div>
</div>
</body>
</html>
Please note in this simple test. Using crypt() twice on the same string will not generate the same result.
echo crypt('password') . PHP_EOL;
echo crypt('password') . PHP_EOL;
Results are :
$1$5u1.o45.$QqFY/BeCcln/LO7efiDp61
$1$R55.G3..$LQ9HxetMhV3KmJYM2q8UR/
So when you use crypt() to HASH the password on registration, and then again when you try the login part of your script, even if the user enters the correct password it will NOT generate the same HASH therefore this query will not find the user row
SELECT id
FROM users
WHERE username='$userlogin'
AND password='$cryptpasswordlogin'
LIMIT 1
i.e. crypt() will not generated the same HASH twice from the same string.
Please dont roll your own password hashing. PHP provides password_hash()
and password_verify() please use them.
And here are some good ideas about passwords
If you are using a PHP version prior to 5.5 there is a compatibility pack available here
I'm wondering if and how I could check if a username is being used.
I heard you can do this with jQuery but i just want something simple since I'm a beginner.
I have tried it but i can't seam to get it right. I just have it connected to a mysql database but since when a username with the same password as another account tries to logon, theres an issue, so i need this to stop people adding multiple usernames.
Here is my simple code for the registration form and the php
<form action="" method="POST">
<p><label>name : </label>
<input id="password" type="text" name="name" placeholder="name" /></p>
<p><label>User Name : </label>
<input id="username" type="text" name="username" placeholder="username" /></p>
<p><label>E-Mail : </label>
<input id="password" type="email" name="email"/></p>
<p><label>Password : </label>
<input id="password" type="password" name="password" placeholder="password" /></p>
<a class="btn" href="login.php">Login</a>
<input class="btn register" type="submit" name="submit" value="Register" />
</form>
</div>
<?php
require('connect.php');
// If the values are posted, insert them into the database.
if (isset($_POST['username']) && isset($_POST['password'])){
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$name = $_POST['name'];
$query = "INSERT INTO `user` (username, password, email, name) VALUES ('$username', '$password', '$email', '$name')";
$result = mysql_query($query);
if($result){
}
}
?>
For starters you don't want to just rely on something like unique field for doing this, of course you will want to add that attribute to your username column within your database but above that you want to have some sort of frontal protection above it and not rely on your database throwing an error upon INSERT INTO, you're also going to want to be using mysqli for all of this and not the old version, mysql. It's vulnerable to exploitation and no longer in common practice, here's what each of your files should look like:
connect.php
<?php
$conn = mysqli_connect("localhost","username","password","database");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
?>
register.php
<form action="insertuser.php" method="POST">
Username:
<input type="text" name="username" placeholder="Username" />
<br />
Password:
<input type="password" name="password" placeholder="Password" />
<br />
Name:
<input type="text" name="name" placeholder="Name" />
<br />
Email address:
<input type="text" name="email" placeholder="Email address" />
<br /><br />
<input type="submit" value="Register" />
</form>
<?php
// If there's an error
if (isset($_GET['error'])) {
$error = $_GET['error'];
if ($error == "usernametaken") {
echo "<h4>That username is taken!</h4>";
} elseif ($error == "inserterror") {
echo "<h4>Some kind of error occured with the insert!</h4>";
} else {
echo "<h4>An error occured!</h4>";
}
echo "<br />";
}
?>
Already have an account? Login here
insertuser.php
<?php
// Stop header errors
ob_start();
// Check if form has been posted
if (isset($_POST['username'])){
// Requre database connection file
require('connect.php');
// Clean the variables preventing SQL Injection attack
$username = mysqli_real_escape_string($conn, $_POST['username']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
$name = mysqli_real_escape_string($conn, $_POST['name']);
// Check if the username exists
// Construct SELECT query to do this
$sql = "SELECT id FROM user WHERE username = '".$username."';";
$result = mysqli_query($conn, $sql);
$rowsreturned = mysqli_num_rows($result);
// If the username already exists
if ($rowsreturned != 0) {
echo "Username exists, redirecting to register.php with an error GET variable!";
// Redirect user
header('Location: register.php?error=usernametaken');
} else {
// Construct the INSERT INTO query
$sql = "INSERT INTO user (username, password, email, name) VALUES ('".$username."', '".$password."', '".$email."', '".$username."');";
$result = mysqli_query($conn, $sql);
if($result){
// User was inserted
echo "User inserted!";
/* DO WHATEVER YOU WANT TO DO HERE */
} else {
// There was an error inserting
echo "Error inserting, redirecting to register.php with an error GET variable!";
// Redirect user
header('Location: register.php?error=inserterror');
}
}
}
?>
Good luck with whatever you're working on and I hope this helps!
James
if (isset($_POST['username']) && isset($_POST['password'])){
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$name = $_POST['name'];
$query = "select username from user where username = '$username'";
$res = mysql_query($query);
$rows = mysqli_num_rows($res);
if ($rows > 0) {
print 'Username already exists...';
} else {
$query = "INSERT INTO `user` (username, password, email, name) VALUES ('$username', '$password', '$email', '$name')";
$result = mysql_query($query);
if($result){
}
}
}
Here is another example :) , succes.
<?php
//Set empty variables.
$usernameError = $emailError = $passwordError = $nameError = $okmsg = "";
$username = $password = $email = $name = "";
if (isset($_POST['submit'])) {
//Check if empty labels form
if (empty($_POST['name'])) {
$userError = "The 'name' is required.";
echo '<script>window.location="#registrer"</script>';
} else { $name = $_POST['name']; }
if (empty($_POST['email'])) {
$emailError = "El 'Email' es requerido.";
echo '<script>window.location="#registrer"</script>';
} else {
$email = $_POST['email'];
//Check only contain letters and whitespace.
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailError = "El 'Email' is not valid. ";
echo '<script>window.location="#registrer"</script>';
}
}
if (empty($_POST['password'])) {
$passwordError = "The 'password' is requiered.";
echo '<script>window.location="#registrer"</script>';
} else {
$password = $_POST['password'];
}
}
//Check if correctly filled
if ($name && $username && $email && $password) {
require('connect.php');
//Query SQL
$sql = "SELECT * FROM user WHERE username='$username'"; //String SQL
$query = mysqli_query($ConDB, $sql);//Query
//Securite
$username = mysqli_real_escape_string($ConDB, $username);
$password = mysqli_real_escape_string($ConDB, $username);
$passw = sha1($password);//For securite.
$name = mysqli_real_escape_string($ConDB, $username);
$email = mysqli_real_escape_string($ConDB, $username);
if ($existe = mysqli_fetch_object($query)) {
$usernameError = "The 'Username' is already exists.";
echo '<script>window.location="#registrer"</script>';
} else {
$sql = "INSERT INTO user (username, password, email, name) VALUES ('$username', '$passw', '$email', '$name')";
mysqli_query($ConDB, $sql);
$okmsg = "Register with succes.";
mysqli_close($ConDB);//Close conexion.
echo '<script>window.location="#registrer"</script>';
}
}
?>
<a name="registrer"></a>
<form action="" method="POST">
<p><label>name : </label>
<input id="password" type="text" name="name" placeholder="name" /></p>
<?php echo $nameError; ?>
<p><label>User Name : </label>
<input id="username" type="text" name="username" placeholder="username" /></p>
<?php echo $usernameError; ?>
<p><label>E-Mail : </label>
<input id="password" type="email" name="email"/></p>
<?php echo $emailError; ?>
<p><label>Password : </label>
<input id="password" type="password" name="password" placeholder="password" /></p>
<?php echo $passwordError; ?>
<a class="btn" href="login.php">Login</a>
<input class="btn register" type="submit" name="submit" value="Register" />
<?php echo $okmsg; ?>
</form>
--
-- DATA BASE: `user`
--
SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
SET time_zone = "+00:00";
CREATE TABLE user (
id int(11) unsigned not null auto_increment primary key,
name varchar(50) not null,
email varchar(80) not null unique,
username varchar(30) not null unique,
password varchar(40) not null
)engine=InnoDB default charset=utf8 collate=utf8_general_ci;
You can try use jQuery AJAX for what you want.
First, add this to your registration.php file
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
<script>
// when user submit the form
$('form').on('submit', function(event){
$.ajax({
url: "check_username.php",
type: "POST",
dataType: "JSON",
data: {
username: $("#username").val() // get the value from username textbox
},
success: function(data){
if(data.status == "exists"){
alert('Username already existed');
}
else{
$('form').submit();
}
},
});
event.preventDefault();
});
</script>
So now your registration.php file will look like this
registration.php
<form action="" method="POST">
<p>
<label>name : </label>
<input id="password" type="text" name="name" placeholder="name" />
</p>
<p>
<label>User Name : </label>
<input id="username" type="text" name="username" placeholder="username" />
</p>
<p>
<label>E-Mail : </label>
<input id="password" type="email" name="email"/>
</p>
<p>
<label>Password : </label>
<input id="password" type="password" name="password" placeholder="password" />
</p>
<a class="btn" href="login.php">Login</a>
<input class="btn register" type="submit" name="submit" value="Register" />
</form>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
<script>
// when user typing in 'username' textbox
$('form').on('submit', function(event){
$.ajax({
url: "check_username.php",
type: "POST",
dataType: "JSON",
data: {
username: $("#username").val() // get the value from username textbox
},
success: function(data){
if(data.status == "exists"){
alert('Username already existed');
}
else{
$('form').submit();
}
},
});
event.preventDefault();
});
</script>
Then create php file named check_username.php to check the username submitted by user if it is already existed in database or still available.
check_username.php
<?php
// Check if 'username' textbox is not empty
if(!empty($_POST['username'])){
$username = trim(mysqli_real_escape_string($_POST['username']));
// Check the database if the username exists
$query = "SELECT username FROM `user` WHERE username = '".$username."'";
$result = mysqli_query($query);
if(mysqli_num_rows($result) > 0){
// if username already exist
// insert into array, to be sent to registration.php later
$response['status'] = 'exists';
}
else{
// if username available
$response['status'] = 'available';
}
}
header('Content-type: application/json');
echo json_encode($response);
exit;
?>
Here is how it works:
1. When user click the register button, jQuery will call check_username.php.
2. Now in check_username.php it will check the database if the username submitted already exists or still available.
3. Whatever the result either exists or available, check_username.php will send the result back to registration.php as string contains 'exists' or 'available'.
4. registration.php now get the result and will check the result sent by check_username.php if it contain 'exists' or 'available'. If the string is 'exists' then alert will be triggered. If the string is 'available', the form will be submitted.
I'm trying to make a simple register and login form.
I want to use SHA1 to save the encrypted password in database.
But when I try to login with the password, it seems it does not work.
There are three files - index.php, register.php ,login.php
Please help me to solve this problem.
//index.php
<form action="register.php" method="post" enctype="multipart/form-data">
<label for="email">Email:</label>
<input type="text" name="email">
<br />
<label for="password">Password:</label>
<input type="password" name="password">
<button>Register</button>
</form>
<form action="login.php" method="post">
<label for="email">Email:</label>
<input type="text" name="email">
<br />
<label for="password">Password:</label>
<input type="password" name="password">
<button>Login</button>
</form>
//register.php
<?php
$email = $_POST['email'];
$password = $_POST['password'];
$regist_day=date('d-m-Y (H:i)');
if (!empty($email) && !empty($password)) {
require_once('lib/db_connect.php');
$dbc = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME)
or die('Error connecting database');
$sql = "INSERT INTO member(email,password,regist_day)";
$sql .= "VALUES ('$email',SHA1('$password'),'$regist_day')";
mysqli_query($dbc,$sql);
echo("
<script>
location.href='try.php'
</script>
") ;
}
else{
echo "You need to enter Email and Password";
}
?>
//login.php
<?php
$user_email = $_POST['email'];
$user_password = SHA1($_POST['password']);
if (!empty($user_email) && !empty($user_password)) {
require_once('lib/db_connect.php');
$dbc = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME)
or die('Error connecting database');
$sql = "SELECT * FROM member WHERE email = '$user_email'";
$result = mysqli_query($dbc,$sql);
$num_match = mysqli_num_rows($result);
if (!$num_match) {
echo "No result";
}
else{
$sql = "SELECT * FROM member WHERE password = '$user_password' ";
$result = mysqli_query($dbc,$sql);
$password_match = mysqli_num_rows($result);
if (!$password_match) {
echo "SHA1 does not work";
exit;
}
else{
echo"success";
}
}
}
else{
echo "You need to enter both Email and Password";
}
?>
I am wondering where is the errors that I am missing.
my form would be like this
<form id="myForm" action="loginAction" name="login" method="POST">
<p> <label class="inputField" > Email Address : </label> </p>
<p> <input class="registerField" id="emailid" name="email" required="required" type="text" placeholder="eg. john.wick#yahoo.com"/> <span class="warning" id="emailWarning"> </p>
<p> <label class="inputField" > Password : </label> </p>
<p> <input class="registerField" id="textpwd" name="password" required="required" type="password" placeholder="Your password"/> </p>
<p> <input name="submit" class="registerButton" type="submit" value="LOGIN"> </p>
loginAction.php at the following code below
<?php
// Report all PHP errors
error_reporting(-1);
session_start();
include 'dbconnect.php';
$username = $_POST['email'];
$password = $_POST['password'];
$username = mysqli_real_escape_string(stripslashes($username));
$password = mysqli_real_escape_string(stripslashes($password));
$loginUser = " SELECT registerPassword, emailAddress FROM register_user
WHERE emailAddress = '$username' AND registerPassword = '$password'";
$loginSuccess = mysqli_query($mysqli, $loginUser) or die(mysqli_error($mysqli));
$loginRow = mysqli_num_rows($loginSuccess);
if($loginRow == 1) {
// $_SESSION['login_user'] = $username;
echo "SUCCESSFUL LOGIN";
//header ("Location: index");
} else {
echo "YOU WRONG";
}
mysqli_close($mysqli);
?>
The answer is YOU WRONG even though the password and email are the same. I am aware that I haven't finished session yet, but this can't login, so i cant do further to Session.
you form field name is email not username change
$username = $_POST['username'];
to
$username = $_POST['email'];
Also on error reporting and
remove spaces before opening php tag like <?php session_start();
You put $username = $_POST['username']; in loginAction.php
change it to $username = $_POST['email'];
Because in your form you write:
<input id="emailid" name="email" type="text"/>
and
if($loginRow!=0) {
// $_SESSION['login_user'] = $username;
echo "SUCCESSFUL LOGIN";
//header ("Location: index");
} else {
echo "YOU WRONG";
}