<?php
session_start();
$username="";
$email="";
$errors=array();
$db=mysqli_connect('localhost','root','','upshot');
if (isset($_POST['register'])) {
$username=mysqli_real_escape_string($db,$_POST['username']);
$email=mysqli_real_escape_string($db,$_POST['email']);
$password_1=mysqli_real_escape_string($db,$_POST['password_1']);
$password_2=mysqli_real_escape_string($db,$_POST['password_2']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($email)) {
array_push($errors, "Email is required");
}
if (empty($password_1)) {
array_push($errors, "Password is required");
}
if ($password_1!= $password_2) {
array_push($errors, "The two passwords do not match !");
}
if (count($errors)==0) {
$password=md5($password);
$sql ="INSERT INTO users (username,email,password) VALUES ('$username','$email','$password')";
mysqli_query($db,$sql);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header("location: home.php");
}
}
if (isset($_POST['login'])) {
$username=mysqli_real_escape_string($db,$_POST['username']);
$password=mysqli_real_escape_string($db,$_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query =" SELECT * FROM users WHERE username='$username' AND password='$password'";
$result = mysqli_query($db, $query);
if (mysqli_num_rows($result)== 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: home.php');
}else{
array_push($errors, "wrong username/password combination");
}
}
}
if (isset($_GET['logout'])) {
session_destroy();
unset($_SESSION['username']);
header("location:login.php");
}
?>
<?php include('server.php'); ?>
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
<title>User login</title>
</head>
<body>
<div class= header>
<h2>
login
</h2>
</div>
<form method="post" action="login.php" >
<?php include ('errors.php'); ?>
<div class="input-group">
<label>Username</label>
<input type="text" name="username" value="<?php echo $username;?>">
</div>
<div class="input-group">
<label>Password</label>
<input type="password" name="password">
</div>
<div class="input-group">
<button type="submit" name="login" class="btn">login</button>
</div>
<p>
not yet a member?<a href="register.php">Sign up</a>
</p>
</form>
</body>
</html>Oh please, throw that login (registration) into file 13 and start over.
Find a better tutorial out there, I recommend using PDO (https://phpdelusions.net/pdo) over mysqli and use password_hash and password_verify functions (if a tutorial is using them it’s pretty safe to assume it’s a better tutorial). A good link to check out those functions and others php functions is at php.net
You’ll be saving a lot of headaches if you switch and will definitely get more help online.
HTH John
BTW - Welcome to the community and I rather be truthful than lead you on.
1 Like
try echoing out what you are sending to the DB to check then see if they match exactly in the database. Also, try running the code directly in the DB to see what the result is.
For instance…
After they try to login, in the [if (isset($_POST[‘login’]))] part
do this…
if (isset($_POST[‘login’])) {
$username=mysqli_real_escape_string($db,$_POST[‘username’]);
$password=mysqli_real_escape_string($db,$_POST[‘password’]);
echo $username . ‘
’ . $password;
exit();
Then you can see whats going into the database