i got a problem on my validation script using php; when the user only fills out username form and emptied the password it still logs the user in it should show the user that the password field is blank error. i'm kinda new to php and i'm hoping you can help me. thanks!
here's my code for checking login
<?php
$usernameErr = $passwordErr = "";
$username = $password = "";
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
if (empty($_POST['username']))
{$usernameErr = "Username is required.";}
else
{$username =($_POST['username']);}
if (empty($_POST['password']))
{$passwordErr = "Password is required.";}
else
{$password =($_POST['password']);}
}
?>
<body>
<div id="header" align="center">
<h1>PT. Sumber Urip Alfindo</h1>
</div>
<br/>
<div id="content" align="center">
<form id="login" name="login" method="post" action="checklogin.php">
<table>
<tr>
<td>Username</td>
<td></td>
<td><input name="username" type="text" id="username"><span class="error"><?php echo $usernameErr;?></span></td>
</tr>
<tr>
<td>Password</td>
<td></td>
<td><input name="password" type="password" id="password"><span class="error"><?php echo $passwordErr;?></span></td>
</tr>
<tr>
<td colspan="3" align="center"><input type="submit" name="submit" value="Login"></td>
</tr>
</table>
</form>
<?php
$sql="SELECT * FROM $tbl_name WHERE usrname='$username'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1 && $username="admin")
{
header("location:mainadmin.php");
}
else if($count==1)
{
header("location:main.php");
}
else
{
echo "Wrong username or password";
}
?>
Before anyone moans, I'm not replacing mysql with mysqli/PDO to answer the question. Yes it's wrong that it's used but it's not related to the question.
Correct model: if (there is not an error) { log the person in } else { do something else}.
Your model: check for errors. log the user in anyway.
This is what you're doing now
// checking stuff
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
if (empty($_POST['username']))
{$usernameErr = "Username is required.";}
// blah blah check check check
}
// don't bother considering the error, just log them in anyway
$sql="SELECT * FROM $tbl_name WHERE usrname='$username'";
// etc
But what you need to do is this:
// check for errors and store them
$errors=array(); // create an empty array to store errors
if (empty($_POST['username'])){
$errors['usernameErr'] = "Username is required."; // add an error
}else{
$username =($_POST['username']);
}
if (empty($_POST['password'])){
$errors['passwordErr'] = "Password is required."; // add an error
}else{
$password =($_POST['password']);
}
// etc etc
// check if there were any errors anywhere along the way
// and if not, proceed with login
if (!count($errors)) { // check there are no errors
$sql="SELECT * FROM $tbl_name WHERE usrname='$username'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
// etc etc
}else{
// if there were errors do something else
echo implode("<br />", $errors); // output the errors however you like
}
Try this for a start
<?php
/* validate form first */
if (!empty($_POST['username']))
{ $username = $_POST['username'];
}
else{ echo "Username is required."; }
if (!empty($_POST['password']))
{ $password = $_POST['password'];
}
else{ echo "password is required."; }
/* Do the queries second i.e */
SELECT * FROM Persons WHERE username='' AND password ='';
?>
hi,You should describe your question clearly,I have read your code and checked it ,when i not fills out password,it was really display Password is required.
general validation method is as follows:
if(empty($_POST['username'])){
$usererror = '...';
return false;
}else{
$username = $_POST['username'];
}
if(empty($_POST['password'])){
$passerror = '...';
return false;
}else{
$password = $_POST['password'];
}
The best way to handle error validation is to use same variable, especially if you have many input form data
$username = $_POST['username'];
$password = $_POST['password'];
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if ($username == '') {
$error_msg[]= 'Username is required';
} else if ($password == '') {
$error_msg[]= 'Password is required';
}
}
if (!empty($error_msg)) {
$ERROR_MSG = implode($error_msg);
exit;
}
Related
<?php
echo "<h1>Register</h1>";
$submit = isset($_POST['submit']);
$fullname = strip_tags(isset($_POST['fullname']));
$username = strip_tags(isset($_POST['username']));
$password = strip_tags(isset($_POST['password']));
$repeatpassword = strip_tags(isset($_POST['repeatpassword']));
$date = date("Y-m-d");
if ($submit)
{
if ($fullname&&$username&&$password&&$repeatpassword)
{
}
else
echo "Please fill in <b>all</b> fields! ";
}
?>
The PHP Code above is the edited code with isset function.
Why is it that echo "Please fill in <b>all</b> fields! "; does not appear after clicking register button?. Any suggestion to run the program successfully?
Before inserting isset() function the code runs successfully. Anyone can explain?
Any Suggestions or any code structure?
I'm trying to create a login-registration system for the office.
Im a newbie in Php.
Included in the code is the full html used.
Thank you
The PHP Code below is the original code that outputs an error:
( ! ) Notice: Undefined index: submit in C:\wamp\www\registerloginsystem\register.php on line 4
( ! ) Notice: Undefined index: fullname in C:\wamp\www\registerloginsystem\register.php on line 6
Notice: Undefined index: username in C:\wamp\www\registerloginsystem\register.php on line 7
Notice: Undefined index: password in C:\wamp\www\registerloginsystem\register.php on line 9
Notice: Undefined index: repeatpassword in C:\wamp\www\registerloginsystem\register.php on line 10
<?php
echo "<h1>Register</h1>";
$submit = $_POST['submit'];
$fullname = strip_tags($_POST['fullname']);
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$repeatpassword = strip_tags($_POST['repeatpassword']);
$date = date("Y-m-d");
if ($submit)
{
//check for existence
if ($fullname&&$username&&$password&&$repeatpassword)
{
# code...
// encrypt password
$password = md5($password);
$repeatpassword = md5($repeatpassword);
if ($password==$repeatpassword)
{
# code...
// Check char length of username and fullname
if (strlen($username)>25||strlen($fullname)>25)
{
echo "Length of username or fullname is too long!";
}
else
//check password length
{
if (strlen($password)>25||strlen($password)<6)
{
echo "Password must be between 6 and 25 characters";
}
else
{
// register the user!
}
}
}
else
echo "Your passwords do not match!";
}
else
{
echo "Please fill in <b>all</b> fields! ";
}
}
?>
<!DOCTYPE html>
<html>
<body>
<p>
<form action='register.php' method="POST">
<table>
<tr>
<td>
Your full name:
</td>
<td>
<input type="text" name="fullname">
</td>
</tr>
<tr>
<td>
Choose a username:
</td>
<td>
<input type="text" name="username">
</td>
</tr>
<tr>
<td>
Choose a password:
</td>
<td>
<input type="password" name="password">
</td>
</tr>
<tr>
<td>
Repeat your password:
</td>
<td>
<input type="password" name="repeatpassword">
</td>
</tr>
</table>
<p>
<input type="submit" name="submit" value="Register" >
</form>
</body>
</html>
Try use empty(), like so:
<?php
echo "<h1>Register</h1>";
if(!empty($_POST)){
$submit = isset($_POST['submit']);
$fullname = strip_tags(isset($_POST['fullname']));
$username = strip_tags(isset($_POST['username']));
$password = strip_tags(isset($_POST['password']));
$repeatpassword = strip_tags(isset($_POST['repeatpassword']));
}
$date = date("Y-m-d");
if ($submit)
{
if (!empty($fullname) && !empty($username) && !empty($password) && !empty($repeatpassword))
{
}
else
echo "Please fill in <b>all</b> fields! ";
}
?>
<?php
echo "<h1>Register</h1>";
if(!empty($_POST)){
$submit = $_POST['submit'];
$fullname = strip_tags($_POST['fullname']);
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$repeatpassword = strip_tags($_POST['repeatpassword']);
}
$date = date("Y-m-d");
if ($submit)
{
//check for existence
if (!empty($fullname) && !empty($username) && !empty($password) && !empty($repeatpassword))
{
# code...
// encrypt password
$password = md5($password);
$repeatpassword = md5($repeatpassword);
if ($password==$repeatpassword)
{
# code...
// Check char length of username and fullname
if (strlen($username)>25||strlen($fullname)>25)
{
echo "Length of username or fullname is too long!";
}
else
//check password length
{
if (strlen($password)>25||strlen($password)<6)
{
echo "Password must be between 6 and 25 characters";
}
else
{
// register the user!
}
}
}
else
echo "Your passwords do not match!";
}
else
{
echo "Please fill in <b>all</b> fields! ";
}
}
?>
Your code is not structured well. I'd suggest something like this:
<?php
$submit = isset($_POST['submit']);
if($submit)
{
if(empty($_POST['fullname']) || empty($_POST['username']) || empty($_POST['password']) || empty($_POST['repeatpassword']))
{
echo "Please fill in all fields!";
}else{
/** continue
* with
* registration
**/
//like strip tags in input e.t.c
}
}
?>
This is how you should check whether your form is submitted.
if($_SERVER['REQUEST_METHOD'] == 'POST') {
//form handling code
}
You can check for variables like this if you are using PHP 7 and above
$fullName = $_POST['fullname']?? null;
This question already has an answer here:
Check to see if an email is already in the database using prepared statements
(1 answer)
Closed 6 years ago.
I am trying to check if username already exits in DB. have already done this easily with mysqli, but am trying to secure all my database query by using Prepared Statement.
Below is the code for both Mysqli and prepared statement.
<?php
ini_set('display_errors', 0);
ini_set('log_errors',1);
error_reporting(E_ALL);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
// start session
session_start();
// include connection
require_once('include/connection.php');
// if user is loggin, redirected to homepage
if(isset($_SESSION['user_type'])){
header('Location: index.php');
}
$error[] = "";
if(isset($_POST['submit'])) {
$firstname = trim($_POST['firstname']);
$lastname = trim($_POST['lastname']);
$user_type = $_POST['user_type'];
$user_name = trim($_POST['user_name']);
$email = trim($_POST['email']);
$password = trim($_POST['password']);
$confirm_password = trim($_POST['confirm_password']);
// $password = mysqli_real_escape_string($con, trim($_POST['password'], ENT_QUOTES, 'UTF-8'));
// $confirm_password = mysqli_real_escape_string($con, trim($_POST['confirm_password'], ENT_QUOTES, 'UTF-8'));
// password hash security
$hash_pass = password_hash($password, PASSWORD_BCRYPT);
extract($_POST);
// validate form field
if (empty($firstname)){
$error[] = 'Field empty, please enter your first name';
}else{
if (strlen($firstname) < 3){
$error[] = 'First Name is too short';
}
}
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$firstname)) {
$error[] = "Only letters and white space allowed";
}
if (empty($lastname)){
$error[] = 'Field empty, please enter your last name';
}else{
if (strlen($lastname) < 3){
$error[] = 'Last Name is too short';
}
}
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$lastname)) {
$error[] = "Only letters and white space allowed";
}
if (empty($user_name)){
$error[] = 'Field empty, please enter your username';
}else{
if (strlen($user_name) < 3){
$error[] = 'UserName is too short';
}
}
//if( $query = "select * from user where user_name = "."'".trim($user_name)."'" );
// $result = mysqli_query($con,$query);
// if(mysqli_num_rows($result)){
// $error[] = "User Name Already Exist, try other";
// header('Location: '.$_SERVER['PHP_SELF']);
// }
/* create a prepared statement */
if($stmt = mysqli_prepare($con, "SELECT user_name FROM user WHERE user_name = ?"));
// $stmt = mysqli_query($con, $query);
/* bind param variables */
mysqli_stmt_bind_param($stmt, 's', $user_name);
/* execute statement */
mysqli_stmt_execute($stmt);
/* store result */
// mysqli_stmt_store_result($stmt);
/* num rows */
if(mysqli_stmt_num_rows($stmt) > 0) {
$error[] = "User Name Already Exist, try other";
header('Location: '.$_SERVER['PHP_SELF']);
}
//}
// validate user type option
if (empty($user_type)){
$error[] = 'Please select user type from list';
}
// set email filter validation
if (empty($email)){
$error[] = 'Field empty, please enter your email address';
}else {
$query = "select * from user where email = "."'".trim($email)."'";
$result = mysqli_query($con,$query);
if(mysqli_num_rows($result) == 1){
$error[] = "Chosen email Already Exist, please choose another ";
// header('Location: '.$_SERVER['PHP_SELF']);
}
// check if e-mail address is well-formed
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$error[] = "Invalid email format";
}
}
if (empty($password)){
$error[] = 'Field empty, please create a password';
}else{
if (strlen($password) < 6){
$error[] = 'Password is too short';
}
if (strlen($password) > 15){
$error[] = 'Password is too long';
}
if ( !preg_match("#[A-Z]+#", $password) ) {
$error[] = "Password must include at least one CAPS! ";
}else{
if( !preg_match("#[0-9]+#", $password) ) {
$error[] = "Password must include at least one NUMBER! ";
}
}
}
// set field validation for confirm password
if (empty($confirm_password)){
$error[] = 'Field empty, please confirm your password';
}else{
if ($password != $confirm_password) {
$error[] = 'Error... Passwords do not match';
}
}
//if no errors have been created carry on
if(!isset($error)){
$created_at = date('Y-m-d');
$queryInsert = "insert into user
(firstname,lastname,user_name,
user_type,email,password,
created_at)
values ('$firstname','$lastname','$user_name',
'$user_type','$email','$hash_pass',
'$created_at')";
$resInsert = mysqli_query($con,$queryInsert);
if($resInsert){
$_SESSION['main_notice'] = "Successfully registered, login here!";
header('Location: index.php');
exit;
}else{
$_SESSION['main_notice'] = "Some error, try again";
header('Location: '.$_SERVER['PHP_SELF']);
}
}
//}
}
// exit mysqli connection
// title page
$title = "Registration Page";
// include header
require_once('include/header.php');
?>
<?php
if(isset($_SESSION['main_notice'])) {
?>
<div class="main-notice">
<p>
<?php
echo $_SESSION['main_notice'];
//unset($_SESSION['main_notice']);
?>
</p>
</div>
<?php
}
?>
<div>
<?php
//check for any errors
if(isset($error)){
foreach($error as $error){
echo '<p style="color: red">'.$error.'</p>';
}
}
?>
<form name="register" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8'); ?>" method="post">
<table>
<tr>
<td>First Name</td>
<td><input type="text" name="firstname" value='<?php if(isset($error)){ echo $_POST['firstname']; } ?>'</td>
</tr>
<tr>
<td>Last Name</td>
<td><input type="text" name="lastname" value='<?php if(isset($error)){ echo $_POST['lastname']; } ?>'</td>
</tr>
<tr>
<td>User Name</td>
<td><input type="text" name="user_name" value='<?php if(isset($error)){ echo $_POST['user_name']; } ?>'></td>
</tr>
<tr>
<td>User Type</td>
<td>
<select name="user_type" required>
<option selected>Please choose user type</option>
<option value="member">RSW</option>
<option value="admin">Admin</option>
<option value="leader">SP</option>
</select>
</td>
</tr>
<tr>
<td>Email</td>
<td><input type="email" name="email" value='<?php if(isset($error)){ echo $_POST['email']; } ?>'</td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" id="password" value='<?php if(isset($error)) ?>'></td>
</tr>
<tr>
<td>Confirm Password:</td>
<td><input type="password" name="confirm_password" id="confirm_password" value='<?php if(isset($error)) ?>'></td>
</tr>
<tr>
<td><input type="submit" name="submit" value="Register"></td>
</tr>
<tr>
<td></td>
<td>Login</td>
</tr>
</table>
</form>
</div>
<?php
if(is_file('include/footer.php'))
include_once('include/footer.php');
?>
Have comment out the mysqli. Am not receiving error but the form is not executing.
Note have also comment out the mysqli_stmt_store_result because I don't see what that does really.
You have used prepared statement and why for you combine the mysqli.* along with all the queries that you execute. You can better change the queries as per the normal prepared statement process.
You can use the num_rows so that it will help you to fetch the count of the queries executed above.
Replace your Prepared Statement like this:
<?php
$stmt = mysqli_prepare($con, "SELECT user_name FROM user WHERE user_name = ?");
$stmt -> bind_param("s", $user_name);// Here you will bind the parameters
$stmt -> execute(); // here it will execute the statement
$numberofrows = $stmt->num_rows; // here if will fetch the count
if($numberofrows > 0) {
$error[] = "User Name Already Exist, try other";
header('Location: '.$_SERVER['PHP_SELF']);
}
else
{
// This part is for user name mot present.
}
?>
The Mysqli way you can have like this.
<?php
$stmt = mysqli_prepare($con, "SELECT user_name FROM user WHERE user_name = '".$user_name."'");
$stmt->execute(); // here it will execute the statement
$numberofrows = $stmt->num_rows; // here if will fetch the count
if($numberofrows > 0) {
$error[] = "User Name Already Exist, try other";
header('Location: '.$_SERVER['PHP_SELF']);
}
else
{
// if the user name is not present
}
?>
<?php
error_reporting (E_ALL ^ E_NOTICE);
session_start();
?>
<html>
<head>
<title>Log in</title>
</head>
<body>
<?php
$form = "<form action='./log.php' method='POST'>
<table>
<tr>
<td>Username</td>
<td><input type='text' name='name'></td>
</tr>
<tr>
<td>Password</td>
<td><input type='text' name='password'></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='loginbtn' value='Login'></td>
</tr>
</table>
</form>";
if ($_POST['loginbtn']) {
$user = $_POST['name'];
$password = $_POST['password'];
if($user) {
if($password) {
require('connect.php');
$password = md5($password)
//make user login info correct
$query = mysql_query("SELECT * FROM users where name= '$user'");
$numrows = mysql_num_rows($query);
if($numrows == 1) {
$row = mysql_fetch_assoc($query);
$dbid = $row['id'];
$dbuser = $row['name'];
$dbpass = $row['password'];
$dbactive = $row['active'];
if($password == $dbpass) {
if($dbactive == 1) {
//set session info
$_SESSION['id'] = $dbid;
$_SESSION['name'] = $dbuser;
echo "You have logged in as <b>$dbname</b> <a href='en/index.html'>Click Here</a> to go on next page";
}
else {
echo "You must activate your account to login. $form";
}
}
else {
echo "You did not enter the correct password";
}
}
else {
echo "The username you entered was not found. $form";
}
mysql_close();
}
else {
echo "Tou must eneter your password. $form";
}
}
else {
echo "Tou must eneter a username. $form";
}
}
else {
echo $form;
}
?>
</body>
</html>
*My registration system instert password on db in md5 format.
but this login form can't find my password and print me problem "You did not enter the correct passsword".
How to sloving this problem?*
Persistently trying to solve the problem but have not been able
It may possible while inserting password into database some white space or other values are inserted alongwith password field. So once again check your inserting code. Use trim befor making password md5 like $password = md5(trim($password)) at both side(for Insert and Select). also note that it is case sensitive. As said in the comment section dont use md5 as it is not that much secure.
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color:red;}
</style>
</head>
<body>
<?php
$username = $password = $email = "";
$usernameerr = $passworderr = $emailerr = "";
if ($_SERVER["REQUEST_METHOD"]=="POST") {
if (empty($_POST["username"])) {
$usernameerr = "Please fill username";
} else {
$username = test_input($_POST["username"]);
if(!preg_match("/^[a-zA-Z]*$/",$username)) {
$usernameerr = "Only letters allowed";
}
}
if (empty($_POST["email"])) {
$emailerr = "Please fill e-mail";
} else {
$email = test_input($_POST["email"]);
if (!filter_var($email,FILTER_VALIDATE_EMAIL)) {
$emailerr = "not a valid e-mail";
}
}
if (empty($_POST["password"])) {
$passworderr = "Cannot be blank";
} else {
$password = test_input($_POST["password"]);
if(!preg_match("/^[a-zA-Z]*$/",$password)) {
$pasworderr = "Must be Letters";
}
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
$con = mysqli_connect('localhost','root','','my_db');
if (mysqli_connect_errno()) {
echo "Fail to connect :".mysqli_connect_error();
}
$username = mysqli_real_escape_string($con, $_POST["username"]);
$password = mysqli_real_escape_string($con, $_POST["password"]);
$email = mysqli_real_escape_string($con, $_POST["email"]);
$sql = "INSERT INTO register(Username, Password, Email)
VALUES ('$username','$password','$email')";
if (!mysqli_query($con,$sql)) {
die ('Error: '.mysqli_error($con));
}
echo "Registration successful";
mysqli_close($con);
?>
<h2>Register</h2>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
Username :<input type="text" name="username" value="<?php echo $username;?>">
<span class="error">*<?php echo $usernameerr;?></span>
<br><br>
Password :<input type="text" name="password" value="<?php echo $password;?>">
<span class="error">*<?php echo $passworderr;?></span>
<br><br>
E-mail :<input type="text" name="email" value="<?php echo $email;?>">
<span class="error">* <?php echo $emailerr;?></span>
<br><br>
<input type="submit" value="submit" name="submit">
</form>
</body>
</html>
Hi, I am a newbie, and I need advice on making registration form. So here is the code for my registration form, the validation code works and it submit data to mysql database too. But, the problem is, it will submit data to database every time it loads (even if it is blank). What line of codes should I add to prevent the form submitting data when it is not filled completely / filled with the right format.
Thx in advance.
You have to check if there's any data in the fields.
Just add this line before your sql executes, after $email = mysqli_real_escape_string($con, $_POST["email"]); :
if ($username != "" && $password != "" && $email != "")
{
//your sql and rest of the script goes here
}
else
{
//don't save the data if it's not completed well
//do whatever you want in that case no valid data was completed
}
Notes: I answered only to your question but be careful, you have some implementation mistakes. You should just use a flag that by default is 1 and, if an error is found in any of your validation functions, the falg should be set to 0 and you should check the value of the flag before the sql instead of checking the content of the $_POST variables again.
Edit: BETTER SOLUTION FOR YOUR CODE
Add this block before the sql:
if ($usernameerr == "" && $passworderr == "" && $emailerr == "")
{
//no errors, all fine we can add to the database
}
else
{
//we have errors, do something but don't add the data
}
Please outsource your DB-Connection and your DB-Insert in some seperate files and speak to them per ajax-request..
your db-insert-query should be taken place after you validation and at the end of the
if ($_SERVER["REQUEST_METHOD"]=="POST") {
block
You did not close the $_SERVER["REQUEST_METHOD"]=="POST" block properly.
Also inside the if ($_SERVER["REQUEST_METHOD"]=="POST") { block you can add another
if condition as if(!empty($_POST["username"] && !empty($_POST["email"] && !empty($_POST["password"]) {....}
I am learning how to use "setcookie", however, I couldn't get following line to work,
I have pasted all my codes here, if someone could give me a hand please?
Have no idea the reason.
Many thanks.
else{ die ("hahahahahahahahahahahahahaha"); }
HTML code
<form method="POST" action="">
<div class="error"><?php echo $error;?></div>
<p></p>
<label>Username: </label><br>
<input type="text" name="username"><br>
<label>Password: </label><br>
<input type="password" name="password"><br>
<input type="checkbox" name="rememberme"> Remember me<br>
<input type="submit" name="submit" value="Login">
PHP CODE
<?
if(isset($_POST['submit'])){
//get data
$username = $_POST['username'];
$password = $_POST['password'];
$rememberme = isset($_POST['rememberme']);
echo $rememberme;
if($username&&$password){
$login = mysql_query("SELECT * FROM form WHERE username='$username'");
while ($row = mysql_fetch_assoc($login))
{
$db_password = $row['password'];
if (md5($password)== $db_password)
{
$logstatus = TRUE;
}
else{
$logstatus = FALSE;
}
if ($logstatus == TRUE)
{
if ($rememberme == "1")
setcookie("username", $username, time()+600);
else if ($rememberme == "")
$_SESSION['username'] = $username;
echo " I am here";
}
else{
die ("hahahahahahahahahahahahahaha"); //unable to get here
}
}
}
else{
echo "enter username / password";
}
}
?>
Try this code, I haven't tested it but is should works :)
session_start();//dont forget this :P
if(isset($_POST['submit'])){
//get data
$username = $_POST['username'];
$password = $_POST['password'];
$rememberme = isset($_POST['rememberme']);
echo $rememberme;
if($username&&$password){
$login = mysql_query("SELECT * FROM form WHERE username='$username' AND password='".md5($password)."'");
if (mysql_num_rows($login))//if this returns 1 you are logged in
{
if ($rememberme == "1")
setcookie("username", $username, time()+600);
else
$_SESSION['username'] = $username;
echo " I am here";
}else{
die ("Incorrect Username/Password"); //unable to get here
}
}
}
else{
echo "enter username / password";
}
}
The while loop is causing the issue, simply remove it.
Well I didn't tested the code but trying following might help.
Add line:
$logstatus = TRUE;
before while.
Justification:
Scope of variable finishes as soon as block finishes. defining logstatus outside while will make sure its scope do not end where it is required.