0

I have a simple Login system which won't work and I can't figure out why. Once I press the login button nothing happens, the site just reloads instead of redirecting me or giving me any error messages.

if(!empty($_POST['email']) && !empty($_POST['password'])){

    $records = $conn->prepare('SELECT email, password FROM Profiles WHERE email = :email');
    $records ->bindParam(':email', $_POST['email']);
    $records->execute();
    $results = $records->fetch(PDO::FETCH_ASSOC);

    $message = '';

    if(count($results) > 0 && password_verify($_POST['password'], $results['password'])){

        $_SESSION['user_email'] = $results['email'];
        header("Location: main.php");
    }else{
        $message = 'Sorry, those credentials do not match';
    }
}

And here's the HTML form.

<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="POST">
    <input type="text" placeholder="Email" name="email"> <br/> <br/>
    <input type="password" placeholder="Password" name="password"> <br/> <br/>
    <input type="submit" value="Login">
</form>
RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
Krillex
  • 479
  • 1
  • 6
  • 9
  • What's the error? – NineBerry Mar 12 '17 at 21:57
  • @NineBerry I do not get any error messages, I just never get redirected to main.php again after I've pressed the login button. Nothing happens at all. – Krillex Mar 12 '17 at 22:04
  • So, you still see the form after pressing the login button? How do you open the login form? Or could see an empty page after pressing the button? – NineBerry Mar 12 '17 at 22:06
  • @NineBerry I still see the form afterwards, I am still at the same page after I've pressed the login button. The login form is just in the body of a very simple document. – Krillex Mar 12 '17 at 22:10
  • The form is not inside login.php, but inside a separate html file? – NineBerry Mar 12 '17 at 22:11
  • @NineBerry They're in the same document. The form is also inside of login.php. – Krillex Mar 12 '17 at 22:14
  • Well, then the question does not contain all relevant code. Create a mcve. http://stackoverflow.com/help/mcve – NineBerry Mar 12 '17 at 22:15
  • Also see http://stackoverflow.com/q/845021/101087 on how to enable output of errors – NineBerry Mar 12 '17 at 22:18
  • @NineBerry On some different checks I think that the problem lays in my password_verify, it seems that's why I never get to enter the if case. – Krillex Mar 12 '17 at 22:20
  • At the very top of the script try printing the contents of POST - try printing $message at the end to see if (a) the script ever gets into the first main if and (b) if password_verify "works. Also switch on server errors in case you do not have PDO enabled for example – bhttoan Mar 12 '17 at 22:22
  • so, what's the status on this question? there are 2 answers below; is it solved? @Krillex – Funk Forty Niner Mar 12 '17 at 22:30
  • you also realize that your query may be failing on you silently @Krillex – Funk Forty Niner Mar 12 '17 at 22:32
  • @bhttoan So, when I echo the $_POST[] stuff I get the correct results in the beginning of the document. I also tried echoing the $results['password'] which gives me the correct hashed version of the password. – Krillex Mar 12 '17 at 22:44
  • @Fred-ii- It is not yet solved, I've figured out that it has something to do with the password verification and that if I echo the different things I get the correct result. So I do not understand what the problem is. – Krillex Mar 12 '17 at 22:45
  • @Krillex my guess is and this has happened often before, is that the password column's length isn't long enough. If that is the case, then that failed silently, which is what I said earlier and was in regards to that. If the column is anything less than 60, then you will need to start over, delete the old hashes, ALTER the column to be 60+ (255 is better) and create a new set of hashes. I've answered quite a few questions like this and because of that. – Funk Forty Niner Mar 12 '17 at 22:47
  • @Fred-ii- You were right and it's working now! Thank you so much! No wonder this has been bugging me for hours. – Krillex Mar 12 '17 at 22:52
  • @Krillex I posted my comment to an answer below that you can mark off as solved and you're quite welcome, *cheers* – Funk Forty Niner Mar 12 '17 at 22:54

3 Answers3

2

From (my) comments:

"my guess is and this has happened often before, is that the password column's length isn't long enough. If that is the case, then that failed silently, which is what I said earlier and was in regards to that. If the column is anything less than 60, then you will need to start over, delete the old hashes, ALTER the column to be 60+ (255 is better) and create a new set of hashes. I've answered quite a few questions like this and because of that. . – Fred -ii- "

and the OP:

@Fred-ii- You were right and it's working now! Thank you so much! No wonder this has been bugging me for hours. – Krillex"

Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
1

Put session_write_close() before line with header change.

session_write_close();
header("Location: main.php");
exit;

Comment for "I just never get redirected to main.php again after I've pressed the login button. Nothing happens at all.".

Add exit after header change to be sure nothing breaks (some echo for example) redirecting.

David Vareka
  • 252
  • 2
  • 6
0

please be sure you have started the session before call it, else put this session_start(); before call $_SESSION[]

UPDATE 1 then print the $_POST and compare the data with $results after hashed it and verify manually if match.

Frank Leal
  • 212
  • 4
  • 18
  • I have used session_start() in the beginning of my LogIn.php and are doing that in most of my files. – Krillex Mar 12 '17 at 22:07