PHP Login system not working


#23

When I log in on the login.php page with the values in the database, I don’t get forwarded to welkom.php, but to a page that still has login.php in the title and all the code from the index.php.
Can any of you please help?

The code from login.php:

<!DOCTYPE html>
<?php
//session_start();

$link = mysqli_connect("localhost","id5386627_root","XXXxxx","id5386627_root");
 
if($link === false){
    die("ERROR: Kon niet verbinden. " . mysqli_connect_error());
}

if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true){
    header("location: welkom.php");
    exit;
}
 
$username = $password = "";
$username_err = $password_err = "";
$param_username = $username ; 
$param_password = password_hash($password, PASSWORD_DEFAULT);

if($_SERVER["REQUEST_METHOD"] == "POST"){
 
    if(empty(trim($_POST["username"]))){
        $username_err = "Voer hier uw gebruikersnaam in.";
    } else{
        $username = trim($_POST["username"]);
    }
    
    if(empty(trim($_POST["password"]))){
        $password_err = "Voer uw wachtwoord in.";
    } else{
        $password = trim($_POST["password"]);
    }
    
    if(empty($username_err) && empty($password_err)){
        $sql = "SELECT Naam, wachtwoord FROM Users WHERE Naam = ?";
        
        if($stmt = mysqli_prepare($link, $sql)){
            mysqli_stmt_bind_param($stmt, 's', $param_username);
            
            $param_username = $username;
            
            if(mysqli_stmt_execute($stmt)){
                mysqli_stmt_store_result($stmt);
                
                if(mysqli_stmt_num_rows($stmt) == 1){                    
                    mysqli_stmt_bind_result($stmt, $username, $hashed_password);  
                    if(mysqli_stmt_fetch($stmt)){
                        if(password_verify($password, $hashed_password)){
                            session_start();
                            
                            $_SESSION["loggedin"] = true;
                            $_SESSION["password"] = $password;
                            $_SESSION["username"] = $username;                            
                            
                            header("location: welkom.php");
                          exit;
                        } else{
                            $password_err = "Het wachtwoord bestaat niet.";
                        }
                    }
                } else{
             $username_err = "Geen account gevonden met deze gebruikersnaam.";
                }
            } else{
                echo "Er is iets misgegaan, probeer het later opnieuw.";
            }
        }
        
  
    }
    
 
}

?>

  <html>

  <head>
    <meta charset="UTF-8">
    <title>Inloggen</title>
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css">
    <style type="text/css">
      body {
        font: 14px sans-serif;
      }

      .wrapper {
        width: 350px;
        padding: 20px;
      }
    </style>
  </head>

  <body>
    <center>
      <div class="wrapper">
        <h2>Login</h2>
        <p>Voer uw gegevens in om door te gaan.</p>
        <form method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>">
          <div class="form-group <?php echo (!empty($username_err)) ? 'has-error' : ''; ?>">
            <label>Gebruikersnaam</label>
            <input type="text" name="username" class="form-control" value="<?php echo $username; ?>">
            <span class="help-block"><?php echo $username_err; ?></span>
          </div>
          <div class="form-group <?php echo (!empty($password_err)) ? 'has-error' : ''; ?>">
            <label>Wachtwoord</label>
            <input type="password" name="password" class="form-control">
            <span class="help-block"><?php echo $password_err; ?></span>
          </div>
          <div class="form-group">
            <input id="button" type="submit" class="btn btn-primary" value="Verzenden">
            <input id="button" type="reset" class="btn btn-default" value="Leeg maken">
          </div>
          <p>Heb je nog geen account? <a href="register.php">Meld je hier aan</a>.</p>
        </form>
      </div>
    </center>
  </body>

  </html>

#24

There are numerous issues with your code, but as for your problem, you are trying to process the login with an empty username and password which will never work.


#25

So what should I change? And what other issues are there @benanamen?


#26

The short answer, everything in the first 76 lines.

Take a look at this PDO login code and see what you can get out of it.
https://github.com/benanamen/perfect_app_oop/blob/master/public/login.php


#28

There’s a lot that I would like to say, but I don’t think it’ll be appropriate to say. I’ll try to tell you in a manner that isn’t rude or anything. So basically, how I see this is that you should start from scratch. Save this as like an extra file to reference. Don’t use the entire code or anything. Just use it as a reference so that you know what fields you need and what not.

The first thing I would say is, separate your PHP code from your HTML code. That’s the biggest problem for you right now. You have PHP code mished-mashed with HTML and it’s just causing you so much problems. It may not be the current problem, but it does cause a little bit a headache to read what’s going on.

Next, you should change your logic because that’s also what’s causing the problem. I’ll help you out with just this part as a starting point. Then you have to figure it out yourself. What I am trying to doing is help guide you away from all of this mess and help you organize your code. I know that your code works for me and I know why that is, but what you need to do is take a step back and just breath. I’m going to use an example from my older threads.

So the first thing we need to really determine is what kind of action we are going to make. So we know we want a user to submit something, we are going to use 2 files. 1 for access point and 1 to create our visual stuff. We also need to create a connection file so that it’ll be easier to modify instead of going into 2 different files to modify the connection configurations.

db.php

<?php
session_start(); // You may require this if you want to store sessions

$db = mysqli_connect("localhost","id5386627_root","XXXxxx","id5386627_root");
 
if($db === false) {
	die("ERROR: Kon niet verbinden. " . mysqli_connect_error());
}

Once we have this file made, we’ll just only need to include this during the initial start of the files that require a database connection. This is more easier to work with than having these lines in 2 - 3 locations where you have to manually overwrite. It just saves time.

index.php

<?php
require_once 'db.php';

if($_SERVER['REQUEST_METHOD'] == 'POST') {

	// Our logic here.

} else {

	require_once 'our_html_file.php';

}

Now like I said, I’m not going to give you everything so I’m just going to start you off with this kind of layout. This layout will help you organize your HTML stuff from your PHP stuff. This just makes things so much neater and easier for your eyes.

our_html_file.php

<!DOCTYPE html>
<head>
<title>Untitled</title>
</head>

<body>
</body>
</html>

This is also another layout for you to use. You should start designing this layout first before you start working with the logic or data processing. Once you finish this, let me know. I’ll help you with the logic.

What I’m doing is helping you organize your work flow. Doing it this way will actually solve your problem once you are finished with the whole setup. Let me know when you are done. I know it’s not helping the current problem at hand, but that’s the problem. Just getting something to “work” can easily be done. What you should be doing is helping yourself in the long run.


#29

Do you get any error messages when you try to login? Did one of them cause you to comment out your session_start() line?

Slightly OT, but you can simplify this line

<form method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>">

to read

<form method="post" action="">

if you just want the form submit to run the same script that drew it.


#30

Here is an obvious problem, if you do have php logic and html in the same document, do the php first, before starting any html.
You can start sessions or have any headers after there has been any output to the browser.
Simply cutting and pasting the doctype to below the php block will fix this (to an extent). But in the longer term this is another good reason to stop mingling too much php with html and start separating them.


#31

As long as we are going for simplicity, lets do it. Just remove the action altogether.

<form method="post">

#32

I would argue that anything written in php is far from “perfect”. There is a huge learning gap for beginners in understanding several of the concepts exhibited in your repo. However, I understand what you are doing.