0

A user is able to Register their account but nothing happens (no errors appear, no redirection after login) when I submit a registered users information.

I've posted my form partial code down below as well as my Login.php file if anyone could help me out? I've played around with the code to see if there was anything specific blocking the functionality of the page but nothing seems to make a difference

Login Form 

<body>  
    <div align = "center" ><p style="margin-top: 100px;">
        <div class="col-lg-4 mb-4">
            <div class="card h-100">
                <h4 class="card-header"><font face = "Lucida 
                     Handwriting">Login</font></h4>
                <form method="post" action="<?php echo 
                    htmlspecialchars($_SERVER["PHP_SELF"]);?>"><b

                <p style="margin-top: 50px;"></p>
                <span class="error">* <?php echo $email_addressErr;?></span>
                    Email Address:<br><input type="text" 
                    name="email_address" 
                    value="<?php echo $email_address;?>"><br>

                <span class="error">* <?php echo $acc_passwordErr;?></span>
                    Password:<br><input type="text" name="acc_password" 
                    value=" 
                <?php echo $acc_password;?>"><br>

                <br><p style="margin-top: 30px;"></p>
                <input type ="submit" value="submit" name="Sign-In" 
                     href="Main.php"></p> 
                </form>
            </div>
        </div>
    </div>
</body>

Main page

<html lang="en">

    <?php

        include 'Assets/Partials/Header.php'
    ?>
    <?php

        //start session
        session_start();
        //if userSession is set
        if ( isset($_SESSION['userSession'])!="" ) 
        {
            header("Location: Main.php");
        }
        require_once 'DBConnect.php';

        //initialising variables
        $email_address = "";
        $acc_password = "";     

        //if login button is clicked
        if (isset($_POST['Sign-In']) ) 
        {
            //Following 3 lines commented out and they weren't doing 
              anything
            //$email_address = strip_tags($_POST['email_address']);  
            //$email_address = $mysqli->strip_tags($_POST['email_address']);

            // $acc_password = strip_tags($_POST['acc_password']);

            $email_address = $DBcon->mysqli_real_escape_string($DBcon, 
            $_POST['email_address']);
            $acc_password = $DBcon->mysqli_real_escape_string($DBcon, 
            $_POST['acc_password']);

            //select user details where email matches email field
            $query = $DBcon->query("SELECT customer_id FROM customer WHERE 
            email_address='$email_address' and acc_password = 
            '$acc_password'");
            $result  = mysqli_query($DBcon, $query);
            $row = mysqli_fetch_arry($result, MYSQLI_ASSOC);
            $active = $row['active'];

            //see if row is returned
            $count = mysqli_num_rows($result); 

            //if row is returned and hashed password is verified, set 
              session
            if ( password_verify($acc_password, $row['acc_password']) && 
                 $count==1 ) 
            {
                $_SESSION['userSession'] = $row['customer_id'];
                header("Location: Main.php");
            }
            //else notify user that email or password is incorrect
            else 
            {
            echo"<script>alert('Your Email Address and/or Password is 
            invalid')</script>";
            }
            //close connection
            $DBcon->close();
        }//End If
    ?>


    <body>

        <?php
            include 'Assets/Partials/IndexMenu.php'
        ?>

        <?php
            include 'Assets/Partials/LoginForm.php'
        ?>

    </body>

</html>
Lawrence Cherone
  • 46,049
  • 7
  • 62
  • 106
FYP
  • 7
  • 2
  • Do you get any PHP errors? If not, you can try to enable them at the top of your code to get more info: https://stackoverflow.com/questions/1053424/how-do-i-get-php-errors-to-display – KillerKode Apr 09 '18 at 16:28
  • Strange place to find a `` – RiggsFolly Apr 09 '18 at 16:29
  • 1
    `header("Location: Main.php");` wont work as you have already sent a bunch of data to the browser. – RiggsFolly Apr 09 '18 at 16:31
  • 1
    As a general rule, the PHP controlling code should go before the HTML – RiggsFolly Apr 09 '18 at 16:31
  • Typo here: `mysqli_fetch_arry` – aynber Apr 09 '18 at 16:31
  • You are wide open for SQL injection. Since you're using mysqli, take advantage of [prepared statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [bind_param](http://php.net/manual/en/mysqli-stmt.bind-param.php). **This will take care of any pesky quoting issues that may occur.** – aynber Apr 09 '18 at 16:32
  • 1
    `session_start()` wont work where you have it either All your code is in the wrong place – RiggsFolly Apr 09 '18 at 16:32
  • Great help @RiggsFolly – FYP Apr 09 '18 at 21:19
  • After the first form you have what seems like the start of a `
    ` but you have only typed `     – Lordbug Apr 10 '18 at 14:22

0 Answers0