my login.php page in course "Login and Registration" has issues!

Posted in CategoryGeneral Discussion
  • Terry Ogbemudia 1 year ago

     Great

  • Christian Haugland 1 year ago

    I Googled php PDO login and found a fix for my problem. my new code for login.php:

    -----------------------------------------------------------------------------------------

    <?php

    include_once 'resource/session.php';

    include_once 'resource/database.php';

    include_once 'resource/utilities.php';

     

    if(isset($_POST['loginBtn'])){

        // Array to hold errors

        $form_errors = array();

     

        // validate

        $required_fields = array('username', 'password');

     

        $form_errors = array_merge($form_errors, check_empty_fields($required_fields));

     

        if(empty($form_errors)){

     

            // collect form data

            $user = $_POST['username'];

            $password = $_POST['password'];

     

            // check if user is in the database

            $sqlQuery = "SELECT * FROM users WHERE username = :username";

            $statement = $db->prepare($sqlQuery);

            $statement->execute(array(':username' => $user));

     

            // Instead of the while statement and enumerate trought the rows  use  the

            // make a $db_result variable and fetch the result using FETCH_ASSOC

            $db_result = $statement->fetch(PDO::FETCH_ASSOC);

     

            //set the variables using the $db_result variable

            $id = $db_result['id'];

            $hashed_password = $db_result['password'];

            $username = $db_result['username'];

     

            // now just check if the db_result count is 0, no user with that username was found

            // if $db_result count is 1 the user was found, so now check the if the password can be verified.

            if (count($db_result) > 0 && password_verify($password, $hashed_password)) {

                // all checks went fine so add data to the session        

                $_SESSION['id'] = $id;

                $_SESSION['username'] = $username;

                header("Location: index.php");

            } else {
                // either the $db_result count was 0 or the password could not be verified.

                $result = "<p style='padding: 20px; color: red;'>Invalid username or password</p>";

            }

     

        }

        else{

            if(count($form_errors) == 1){

                $result = "<p style='color: red;'>There was 1 error in the form.</p>";

            }else{

                $result = "<p style='color: red;'>There were ".count($form_errors)." errors in the form.</p>";

            }

        }

     

    }

     

     

    ?>

     

     

    <!DOCTYPE html>

    <html>

    <head lang="en">

        <meta charset="UTF-8">

        <title>Login Page</title>

    </head>

    <body>

    <h2>User Authentication system</h2><hr>

     

    <h3>Login Form</h3>

     

    <?php if(isset($result)) echo $result; ?>

    <?php if(!empty($form_errors)) echo show_errors($form_errors); ?>

     

    <form method="post" action="">

        <table>

            <tr><td>Username:</td><td><input type="text" title="username" name="username" value=""></td></tr>

            <tr><td>Password:</td><td><input type="password" title="password" name="password" value=""></td></tr>

            <tr><td></td><td><input style="float: right;" type="submit" name="loginBtn" value="SignIn"></td></tr>

        </table>

    </form>

     

    <p><a href="index.php">Back</a> </p>

    </body>

    </html>

  • Terry Ogbemudia 1 year ago

    I will have a look shortly

  • Christian Haugland 1 year ago

    HI,

    i have an issue with the login form in the course "Login and registration"

    When i enter a correct Username in the username field, but wrong password the "Invalid Username/Password" error message appears as expected, if i enter Correct username and Password it logs me in as expected, but if i enter a username that is not in the database, itseem to skip over the while loop and just refreshes the login form.

    I use PHP 7.0.17 and i have now tried with 5.5, 5.6 also but same result and my php.ini is set to reporting all errors. but no errors show.

    Best regards

    Christian Haugland.

    My login.php page:

    ----------------------------------------------------------

    <?php

    include_once 'resource/session.php';

    include_once 'resource/database.php';

    include_once 'resource/utilities.php';

     

    if(isset($_POST['loginBtn'])){

        // Array to hold errors

        $form_errors = array();

     

        // validate

        $required_fields = array('username', 'password');

     

        $form_errors = array_merge($form_errors, check_empty_fields($required_fields));

     

        if(empty($form_errors)){

     

            // collect form data

            $user = $_POST['username'];

            $password = $_POST['password'];

     

            // check if user is in the database

            $sqlQuery = "SELECT * FROM users WHERE username = :username";

            $statement = $db->prepare($sqlQuery);

            $statement->execute(array(':username' => $user));

     

            while ($row = $statement->fetch()) {

                    $id = $row['id'];

                    $hashed_password = $row['password'];

                    $username = $row['username'];

     

                if(password_verify($password, $hashed_password)){

                    $_SESSION['id'] = $id;

                    $_SESSION['username'] = $username;

                    header("Location: index.php");

                }else{

                    $result = "<p style='padding: 20px; color: red;'>Invalid username or password</p>";

                }

            }

        }else{

            if(count($form_errors) == 1){

                $result = "<p style='color: red;'>There was 1 error in the form.</p>";

            }else{

                $result = "<p style='color: red;'>There were ".count($form_errors)." errors in the form.</p>";

            }

        }

     

    }

     

     

    ?>

     

     

    <!DOCTYPE html>

    <html>

    <head lang="en">

        <meta charset="UTF-8">

        <title>Login Page</title>

    </head>

    <body>

    <h2>User Authentication system</h2><hr>

     

    <h3>Login Form</h3>

     

    <?php if(isset($result)) echo $result; ?>

    <?php if(!empty($form_errors)) echo show_errors($form_errors); ?>

     

    <form method="post" action="">

        <table>

            <tr><td>Username:</td><td><input type="text" title="username" name="username" value=""></td></tr>

            <tr><td>Password:</td><td><input type="password" title="password" name="password" value=""></td></tr>

            <tr><td></td><td><input style="float: right;" type="submit" name="loginBtn" value="SignIn"></td></tr>

        </table>

    </form>

     

    <p><a href="index.php">Back</a> </p>

    </body>

    </html>

Please login or register to leave a response.