At which point? In the beginning when you check to see if the loggedin flag is set, or after your user has logged in?
Don’t forget you need an exit() after your header redirect. You don’t have that after the second one.
Also, is the form at the end of your html the one you use to log in with? Your PHP code does stuff with “username” and “password” fields, but your form has “email” and “password” fields, neither of which have a “name” parameter on them. As your form tag doesn’t specify it, your form fields will be sent in the $_GET array, and yet you look in the $_POST array for the values, or you would if the code got there, which it won’t because you (correctly) check for the REQUEST_METHOD before you get there.
Or do you have some JavaScript that processes the form input and alters those names?
It’s after the user logs in. When Login is clicked, it reloads the page and doesn’t load the database page (aka homepage/index.php)
I’ve added this in. Thanks for the heads up. (But why is this needed? I’m assuming the exit(); function tells PHP to stop processing at that point?)
So, I’m using a template that I found online to build the application. Yes, the login form you see from the code in my previous response is the login form used to login through the database which (if matched correctly), loads the homepage. The HTML in the login code is all my template, not stuff I have written. I need help to figure out what it is I have to rewrite in order to make the login work successfully. I have no JavaScript aid in this code at all other than the database on the homepage (which is not being used on the login page). I am solely relying on PHP unless there is an easier workaround through JavaScript.
Because my form inputs will be sent in $_GET rather than $_POST, does that mean that I need to change every instance of $_POST to $_GET?
Well, you could, but I would add method="post" to the form tag instead.
You need to add name= tags to the form inputs for a start, to match the names you use in your PHP code. Use var_dump($_POST) to see that what is coming into the PHP is correct.
Exactly that. If you don’t exit, PHP will carry on with the rest of the code, which you don’t need it to do. You already had it after your other redirect.
How do you run var_dump(_POST) to see if the output is correct? Could I do this from my browser’s console or do I have to write this in my login PHP somewhere?
This. Just put it at the start of your PHP code, inside your check for server-request-method. You could stick an exit() after it, until you see that the values are correct.
That should do it. Does the code exit at that point, or does it re-draw your form? If it re-draws the form, it’s not hitting the exit, which suggests that the request method is not correct.
That’s normally in the action= parameter in your form tag. If you leave it out, or leave it blank, it will reload the same page using the method you specify.
It’s supposed to show you the contents of whatever you type into the boxes in your form. Well, it shows you the contents of whatever variable you specify, but in this case it’s the `$_POST array which is where your form vars are passed through.
Well, I don’t get it. Are you saying that it doesn’t execute the var_dump() and exit() statements? If so, that means that it’s not getting into that if clause, which means there must be something else at work.
Is it live anywhere, where someone could actually see it running? There is too much that I don’t have (all the linked JS stuff) for me to put it on my test machine.
What is the name of the file containing the code that you are working on here? Isn’t that index.php? I thought that’s why you put it in the “action” parameter for your form.
If it is, then your check above is just going to redirect to the same place over and over. Except that if the login code isn’t working in the first place, you’ll never be able to set that session var, so it won’t redirect.
If it is not, then your form action needs to point back to this file, as this file contains the form processing code.
The file containing the code above is login.php. If a user logs in successfully, it should create a session and redirect to index.php where the database is located.
I added the action tag to index.php as I thought that’s what was needed in order to complete the redirect.
I changed it back to login.php. and here is what I receive:
So, when you tested with real credentials, did you remove the var_dump and exit statements?
As you’ve now got it going into the section that reads from the database, you can add echo and exit pairs past each section, and see how far it gets.
I notice you set various error messages through the login process, but I can’t see that you display them anywhere. You have an echo to say something went wrong, but you probably won’t see that because it’s before your DOCTYPE and opening html tag.
I did try with real credentials and I commented out the var_dump and exit() lines to no effect. The page still reloads.
I do not display error messages yet because I need to figure out how the template displays them (as far as css classes and etc.) According to the code they provided, it doesn’t look like they are being displayed anywhere.
No, no, no. Get it working first, then make it look nice.
Yes, but that’s after it’s tried to read and verify the login information that you provided for sign-in. But because you don’t show your error messages, or even just exit out when you hit a problem (during dev only, of course), you don’t know how far through it does get.