Hi friends, I’m trying to create a login page in which the user will login and be re-directed to another page but it seems the code I wrote isn’t working but I see nothing wrong with the codes I wrote as am still a beginner. so I decided to post it here so that you friends help to go through it and tell me the mistake I make.
<?php
#connecting to the session
session_start();
#connecting to the database
require_once ('connection_db.php');
if(isset($_POST['submit'])){
if(isset($_POST['email'])){
$email = trim($_POST['email']);
}else{
$email = '';
}
if(isset($_POST['password'])) {
$password = trim($_POST['password']);
}else{
$password = '';
}
#validating the user input
$good = true;
if($email === ''){
$good = false;
echo 'Please provide an email address' . '<br>';
}
if($password === ''){
$good = false;
echo 'Paswword field can\'t be left blank' . '<br>';
}
#connecting to the database
if($good){
$query = "SELECT id, email, password ";
$query .= "FROM authour WHERE ";
$query .= "email = '{$email}' AND password = '{$password}' ";
$query .= "LIMIT 1";
$result = mysqli_query($db, $query);
if(!$result){
die("Can't connect to the database");
}
if (mysqli_num_rows($result) == 0)
{
echo "email/password not match";
}else{
#$_SESSION['logged'] = true;
while($id = mysqli_fetch_assoc($result)){
$_SESSION['id'] = $id['id'];
}
$_SESSION['email'] = $email;
$_SESSION['password'] = $password;
("Location: admin_display_jokes.php");
}
}
}else{
$email = '';
$password = '';
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>ileya</title>
</head>
<body>
<p>Login as admin to view page content or modify page.</p>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method = "post">
<p>Email add:
<input type="text" name="email" value="<?php echo $email; ?>" /></p>
<p>Password:
<input type="password" name="password" value="" />
<input type="submit" name="submit" value="Login" />
</body>
</html>
EDIT
This post has been reformatted by enclosing the code block in 3 backticks
```
on their own lines.
if(filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)){
$email = trim($_POST['email']);
}else{
$email = '';
}
if (password_verify($_POST['password'], $hash)) { // where $hash contains the gashed password stored previously
// password is valid
} else {
// invalid password
}
see http://php.net/manual/en/book.password.php for more info on password processing in PHP - using the password functions ensures that only a hashed version of the password is stored, that it gets rehashed at appropriate intervals and that the hashing algorithm gets automatically updated when a more secure one is required.
see http://php.net/manual/en/book.filter.php for more about the filters PHP makes available for validation
Note that some browsers will not submit the form if you give the submit button a name=“submit”. Unless you have multiple submit buttons its best to not give the submit button a name at all and test for one of the form fields being passed to determine that the form has just been submitted.
Validate all user inputs.
use a validation filter where one is available
use a built in function where one exists
use a regular expression if neither of the first two alternatives apply.
Don’t move values out of $_POST $_GET etc arrays until after the value has been validated or sanitized.
Don’t use mysqli_query if there are data fields to be substituted - use mysqli_prepare and mysqli_bind instead - this keeps the data completely separate from the SQL and makes sure the data doesn’t get misinterpreted as SQL
You are already setting user id to session. Use that to check in areas that require login. Not the email etc.
Also do check for the space before <?php.
At least in the code posted above it looks as though it’s tabbed in or there are spaces. There should be none.
And I will really love to have you as friend on facebook as I seldom have internet connection over the system but I always make sure I stay connected on mobile and sitepoint dosen’t seems to work on phone anylonger