PHP login screen will not move to next page

Question

Currently trying to do a project for school and as far as php is concerned, the code is fine. When I run it, I enter the username and password and click the submit button, but nothing seems to happen, I remain on the login page.

    <?php
session_start();
try{
    $databaseConnection = new PDO('mysql:host=127.0.0.1;dbname=mycontacts','root','');
    $databaseConnection->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION);
} catch(PDOException $e) {
    echo 'Error: '.$e->getMessage();
}
if(isset($_POST['login'])) {
    $errMsg = '';
    $username = trim($_POST['username']);
    $password = trim($_POST['password']);

    if ($username == ''){
        $errMsg .= "You must enter your Username <br />";
    }
    if($password == '') {
        $errMsg .= 'You must enter your Password<br>';
    }
    if ($errMsg == '') {
        $records = $databaseConnection->prepare('SELECT id,username,password from users WHERE username = :username');
        $records->bindParam(':username',$username);
        $records->execute();
        $results = $records->fetch(PDO::FETCH_ASSOC);
        if(count($results) > 0 && password_verify($password, $results['password'])){
            header('location:mainMenu.php');
            exit();
        }else {
            $errMsg .= 'Username and Password are not found<br />';
        }
    }
}
?>


<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Login</title>
    <link rel="stylesheet" href="CSS/main.css">
</head>
<body>
    <h1>Welcome to the Contact List</h1>
    <br />
    <br />
    <div>
    <form  method="post" class="submit" name="login">
        <h3><u>Please login</u></h3>
        <p>Username: <input type="text" name="username" maxlength="15" size="20" /> </p>
        <p>Password: <input type="text" name="password" maxlength="15" size="20" /> </p>
        <input type="submit" value="Submit" name="login" />
    </form>
    </div>
</body>
</html>

The database name is mycontacts The table name is users The Fields are id(primary), username, password

When putting in the username and password, the screen will remain on the login with nothing in the textboxes, nor any errors when querying it.

You have no `form action` http://www.w3schools.com/tags/att_form_action.asp — Kisaragi, Jan 22 '16 at 18:43
probably outputting before header. check for errors http://php.net/manual/en/function.error-reporting.php — Funk Forty Niner, Jan 22 '16 at 18:44
@Kisaragi action defaults to self if none given and OP has conditional statements for it, so that's not the problem here. — Funk Forty Niner, Jan 22 '16 at 18:45
why is that comment about no form action being upvoted? it's not the problem here. — Funk Forty Niner, Jan 22 '16 at 18:48
@Kisaragi no action is equivalent to `action=""`, being "self/same page" being valid. — Funk Forty Niner, Jan 22 '16 at 18:50
*Not so fast cowboy*. You have a name conflict here `
` and `` both bearing the same name attribute. Remove the `name="login"` from `
` which could be/is part of the problem. You need to answer to comments here so don't go replying to an "answer", but comments. — Funk Forty Niner, Jan 22 '16 at 18:52
@NanaPartykar this is turning out to be one of those *"Talk amongst ourselves"* type of question and OP's probably expecting a magic answer. Well, I have news for him; it's not going to happen, not anytime soon. Not till I know exactly which animal I'm really dealing with here and so far, have found 3, but can't submit my answer till I know exactly what I am dealing with here. Apples and oranges are fine in fruit salad, just not in code. — Funk Forty Niner, Jan 22 '16 at 18:56
But, even though it's having same name. Working fine in my desktop. — Nana Partykar, Jan 22 '16 at 18:56
I removed the name tag from form, still showing the same results. — James Hartwell, Jan 22 '16 at 18:58
Why use `count($results) > 0` instead of `$results !== false`? And where are you printing the error msg `$errMsg`? — Vinícius Fagundes, Jan 22 '16 at 18:59
@Vidhi you made an edit http://stackoverflow.com/revisions/34953739/2 where you removed the spaces before their ` — Funk Forty Niner, Jan 22 '16 at 19:45

score 2 · Answer 1 · edited Jun 20 '20 at 09:12

"id int(4) username varchar(20) password varchar(20)"

There's your problem. (Consult my footnotes also).

MySQL is failing silently on you, because the password column is not long enough to accomodate the hash.

The hash produced from the password_hash() function, is 60 chars long, that's IF you did in fact use that function to create the hash.

Increase it to 60 and start over again (Nota: the manual suggests 255 though). Meaning, clear your passwords, generate new ones and login again.

http://php.net/manual/en/function.password-hash.php

PASSWORD_DEFAULT - Use the bcrypt algorithm (default as of PHP 5.5.0). Note that this constant is designed to change over time as new and stronger algorithms are added to PHP. For that reason, the length of the result from using this identifier can change over time. Therefore, it is recommended to store the result in a database column that can expand beyond 60 characters (255 characters would be a good choice).

PASSWORD_BCRYPT - Use the CRYPT_BLOWFISH algorithm to create the hash. This will produce a standard crypt() compatible hash using the "$2y$" identifier. The result will always be a 60 character string, or FALSE on failure.

Footnotes:

Also make sure you're not outputting before header. Those spaces before your <?php tag will cause that and prevent your code from executing and should that be the case for any other subsequent files such as the one you're using for the header. Therefore, you need to remove those space before the <?php tag.

Consult the following on Stack:

How to fix "Headers already sent" error in PHP

Add error reporting to the top of your file(s) which will help find errors.

<?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);

// Then the rest of your code

Sidenote: Displaying errors should only be done in staging, and never production.

As stated in comments: You're not echoing $errMsg, although that won't cause your code to not redirect or execute properly.

If you're using JS/Ajax that you're not showing, then you will need to sort that out.

You also have duplicate name attributes name="login" for your form and the submit button. Remove name="login" from <form>, that could be conflicting.

You could also have a look at ircmaxell's answer:

https://stackoverflow.com/a/29778421/1415724

And he is not pritting the error msg `$errMsg` in `$errMsg .= 'Username and Password are not found
';`. — Vinícius Fagundes, Jan 22 '16 at 19:03
@ViníciusFagundes I'll get to that. On the phone right now lol — Funk Forty Niner, Jan 22 '16 at 19:08

PHP login screen will not move to next page

1 Answers1