0

This is my login page and this does not verify that user login is true or false after inserting any password or username it redirects the user to the login page again. Header location is also not working. I am new in php, so I am not sure what the issue is.

<?php
session_start();
$username = $password = $userError = $passError = '';
if(isset($_POST['sub'])){
    $username = $_POST['username'];
    $password = $_POST['password'];
    if($username === '9155499248' && $password === 'Ben 10'){
        $_SESSION['login'] = true;
        header('LOCATION:congratulation.php');
        die();
    }

    if($username !== '9155499248')
        $userError = 'Invalid Username';
    if($password !== 'Ben 10')
        $passError = 'Invalid Password';
}
echo "<!DOCTYPE html>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
   <head>
     <meta http-equiv='content-type' content='text/html;charset=utf-8' />
     <title>Login</title>
     <link rel="stylesheet" href="css/normalize.css">
     <link rel="stylesheet" href="css/style.css"/>
     <script src="js/prefixfree.min.js"></script>
     </head>
 <body>
    <div class="login">
<h1><b>Login</b></h1>
     <form name='input' action='{$_SERVER['PHP_SELF']}' method='post'>
    <label for='username'></label><input type='text' value='$username' id='username' name='username' />
    <div class='error'>$userError</div>
    <label for='password'></label><input type='password' value='$password' id='password' name='password' />
    <div class='error'>$passError</div>
    <button type="submit" class="btn btn-primary btn-block btn-large" name="submit">Let me in.</button>
  </form>
  </div>
        <script src="js/index.js"></script> 

  </body>
</html>
Rasclatt
  • 12,498
  • 3
  • 25
  • 33
  • I think the problem arise from here `$username = $password = $userError = $passError = '';` – MuthaFury Jul 01 '16 at 03:04
  • Can you plz describe in detail as I mentioned above that I am new in php –  Jul 01 '16 at 03:05
  • 1
    You have issues with double quotes where concatenation is concerned. You need to escape some of those in the bottom section of html. – Rasclatt Jul 01 '16 at 03:07
  • Your using your encapsulation quote inside your string. You can't do that it needs to be escaped. You should be getting errors. Use single quotes for all attributes. Escape the `php_self`, or don't use it. With no `action` you will be directed to the same page. http://stackoverflow.com/questions/6080022/php-self-and-xss – chris85 Jul 01 '16 at 03:10
  • How can I do that........after a lot of research I make login page but it is not working...........and sry for my child-like question –  Jul 01 '16 at 03:11
  • 1
    First thing to learn when programming is how to get useful errors. Find your error log and you should have some information in there about your current issue (and probably future issues as well). See http://stackoverflow.com/questions/845021/how-to-get-useful-error-messages-in-php – chris85 Jul 01 '16 at 03:12
  • learn to debug codes.print $username...and are they passed correctly to php – Madhawa Priyashantha Jul 01 '16 at 03:14
  • Ohk thnx.........I am trying to learn it –  Jul 01 '16 at 03:17

1 Answers1

1

There you go

<?php
session_start(); 
$username = '';
$password = '';
$userError = ''; 
$passError = '';
if(isset($_POST['submit'])){
  $username = $_POST['username']; $password = $_POST['password'];
  if($username === '9155499248' && $password === 'Ben 10'){
    $_SESSION['login'] = true; header('LOCATION:congratulation.php'); die();
  }
  if($username !== '9155499248')$userError = 'Invalid Username';
  if($password !== 'Ben 10')$passError = 'Invalid Password';
}
echo "<!DOCTYPE html>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
   <head>
     <meta http-equiv='content-type' content='text/html;charset=utf-8' />
     <title>Login</title>
     <link rel='stylesheet' href='css/normalize.css'>
     <link rel='stylesheet' href='css/style.css'/>
     <script src='js/prefixfree.min.js'></script>
     </head>
 <body>
    <div class='login'>
<h1><b>Login</b></h1>
     <form name='input' action='".$_SERVER['PHP_SELF']."' method='post'>
    <label for='username'></label><input type='text' value='".$username."' id='username' name='username' />
    <div class='error'>".$userError."</div>
    <label for='password'></label><input type='password' value='".$password."' id='password' name='password' />
    <div class='error'>".$passError."</div>
    <button type='submit' class='btn btn-primary btn-block btn-large' name='submit' value='1'>Let me in.</button>
  </form>
  </div>
        <script src='js/index.js'></script> 

  </body>
</html>";

I have updated a few things,

First are those quotes " and ', you are using it incorrectly, you may recheck the answer I provided.

Second is previously you put as if(isset($_POST['sub'])) it is wrong because your button you name is submit not sub therefore it will not work properly. Also I added a value value='1' in the button to satisfy the isset condition

MuthaFury
  • 805
  • 1
  • 7
  • 22