0

I am very new to web development, working on a school project right now. I have a problem with my login code, but I can't figure out what it is. When I submit the form, the page seems to just reload and no session is being set.

My shortened login page:

<?php include "connect.php";

if (isset($POST['login'])) {
    $user_email_username = mysqli_real_escape_string($link, $_POST['email_username']);
    $user_password = mysqli_real_escape_string($link, $_POST['password']);

    $email_username_query = mysqli_query($link, "SELECT * FROM User WHERE email='$user_email_username' OR username='$user_email_username'");

    if (mysqli_num_rows($email_username_query) == 0) {
        $not_registered_error = "It looks like you still don't have an account. <a href=\"signup.php\">Sign up</a>.";
    } else {
        $row = mysqli_fetch_array($email_username_query);
        if (sha1($user_password) != $row['password']) {
            $wrong_password_error = "The password you submitted is wrong.";
        } else {
            $_SESSION['user_id'] = $row['idUser'];
            $_SESSION['user_name'] = $row['name'];
            $_SESSION['user_username'] = $row['username'];
            header("Location: index.php");
        }
    }
}
?>
<!--metadata-->
<div class="container">
    <div class="row">
        <div class="col-md-6 col-md-offset-3">
            <div id="login" class="login-panel panel panel-default">
                <div class="panel-body">
                    <form role="form" method="post" action="login.php">
                        <fieldset>
                            <!--login form-->
                        </fieldset>
                        <?php if (isset($not_registered_error)) {
                            echo "<div class=\"alert alert-danger\" role=\"alert\">" . $not_registered_error . "</div>";
                        }
                        if (isset($wrong_password_error)) {
                            echo "<div class=\"alert alert-danger\" role=\"alert\">" . $wrong_password_error . "</div>";
                        } ?>
                        <p>Haven't joined yet? <a href="signup.php">Sign up</a>.</p>
                    </form>
                </div>
            </div>
        </div>
    </div>
</div>
//...

Unlike most examples I found on the web, what I am trying to accomplish here is to have the program to figure out whether the username (or email) doesn't exists or the password for that username is wrong. The sign up program I wrote works just great. The question itself is already long enough so I didn't add signup.php. Let me know if it can be helpful. Using mysql for a local database and Bootstrap for the styling.

I know that this question won't be helpful for many as it is being asked, but I did't know how to formulate it better.

Thank you all :D

itsmeciao
  • 97
  • 7
  • *Unlike most examples you found*?! That seems to be the basis of a login... – jeroen May 14 '16 at 20:16
  • I meant, most examples use a such query: "SELECT * FROM User WHERE email='$user_email_username' AND password='$password'"; This way you can't tell if the problem is in the email submitted or in the password... – itsmeciao May 14 '16 at 20:27
  • Ryan Vincent, thanks :) – itsmeciao May 14 '16 at 20:29
  • I sure hope this isn't a live or intended to go live site. – Funk Forty Niner May 14 '16 at 20:41
  • I believe his question is a unique instance, dont see how some other question has anything to do with HIS question. PS this isnt a mysql issue, its a PHP one. – iGNEOS May 14 '16 at 20:51
  • @Fred -ii- No it's not going to go live, it is poor and insecure. It's a simple school exercise, a website that updates a database, but also an opportunity to get into something I didn't know before. – itsmeciao May 14 '16 at 21:51

1 Answers1

7
if (isset($POST['login'])) {

Needs to be:

if (isset($_POST['login'])) {
Rasclatt
  • 12,498
  • 3
  • 25
  • 33
iGNEOS
  • 194
  • 8