I can't figure out what is wrong with these codes

programmer · January 22, 2015, 8:34pm

Hi friends, I’m trying to create a login page in which the user will login and be re-directed to another page but it seems the code I wrote isn’t working but I see nothing wrong with the codes I wrote as am still a beginner. so I decided to post it here so that you friends help to go through it and tell me the mistake I make.

    <?php
#connecting to the session
session_start();

#connecting to the database
require_once ('connection_db.php');

if(isset($_POST['submit'])){
	
	if(isset($_POST['email'])){
		$email = trim($_POST['email']);	
	}else{
		$email = '';	
	}
	if(isset($_POST['password'])) {
		$password = trim($_POST['password']);	
	}else{
		$password = '';		
	}
	
#validating the user input
$good = true;

if($email === ''){
 $good = false;
 echo 'Please provide an email address' . '<br>';
}
if($password === ''){
 $good = false;
 echo 'Paswword field can\'t be left blank' . '<br>';
}


	#connecting to the database
	if($good){
	$query = "SELECT id, email, password ";
	$query .= "FROM authour WHERE ";
	$query .= "email = '{$email}' AND password = '{$password}' ";
    	$query .= "LIMIT 1";
	
	$result = mysqli_query($db, $query);
	if(!$result){
	 die("Can't connect to the database");	
	}
	if (mysqli_num_rows($result) == 0)
	{
		echo "email/password not match";
	}else{
	#$_SESSION['logged'] = true;
	while($id = mysqli_fetch_assoc($result)){
	$_SESSION['id'] = $id['id'];
	}
	$_SESSION['email'] = $email;
	$_SESSION['password'] = $password;
	("Location: admin_display_jokes.php");
	}
	}
}else{
$email = '';
$password = '';
}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>ileya</title>
</head>

<body>
<p>Login as admin to view page content or modify page.</p>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method = "post">
<p>Email add:
<input type="text" name="email" value="<?php echo $email; ?>" /></p>
<p>Password:
<input type="password" name="password" value="" />
<input type="submit" name="submit" value="Login" />
</body>
</html>

EDIT
This post has been reformatted by enclosing the code block in 3 backticks
```
on their own lines.

programmer · January 22, 2015, 8:46pm

And this is the page I want to send it to…

        <?php 
#starting sessoion
session_start();
require_once ('connection_db.php');
isset ($_SESSION['id']) . '<br/>';
isset($_SESSION['email']) . '<br/>';

#check if login
if(!isset($_SESSION['id'] && $_SESSION['email']){
 header("Location: admin_login.php");									   
}
	#Connecting to the database to display admin's joke
$query = "SELECT joked.id, caption, content, name, ";
$query .= "email FROM joked INNER JOIN authour ";
$query .= "ON authour_id = authour.id";
$result = mysqli_query ($db, $query);
if(!$result) {
die("Sever not available at the moment.");
}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>ileya</title>
</head>

<body>
<p>Welcome, <?php #echo $_SESSION['name']; ?>
<a href="?add">+Add new joke</a></p>
<ul>
<?php
while($joke = mysqli_fetch_assoc($result)) {?>
	<li><?php echo $joke["caption"] . '<br>';?></li>
    <?php echo $joke["content"] . '<br>';?>
    <?php echo $joke["name"] . '<br>';?>
    <?php echo $joke["email"] . '<br>';?>
    <a href="edit_joke.php?joke=<?php echo urlencode($joke['id']); ?>">Edit joke</a>
    <?php }?>
<?php mysqli_close($db);?>



<p><a href="new_admin.php">+Add new Admin</a></p>
<p><a href="logout.php">Logout</a></p>
</body>
</html>

EDIT
This post has been reformatted by enclosing the code block in 3 backticks
```
on their own lines.

jeffreylees · January 22, 2015, 8:49pm

header("Location: admin_display_jokes.php");

You’re missing header() on your redirect, to start with.

What does the script do when you try to login? Nothing? Or an error of some kind?

felgall · January 22, 2015, 8:57pm

if(isset($_POST['email'])){
		$email = trim($_POST['email']);	
	}else{
		$email = '';	
	}
	if(isset($_POST['password'])) {
		$password = trim($_POST['password']);	
	}else{
		$password = '';

Is missing the validation.

if(filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)){

		$email = trim($_POST['email']);	
	}else{
		$email = '';	
	}
if (password_verify($_POST['password'], $hash)) { // where $hash contains the gashed password stored previously
            // password is valid
      } else {
            // invalid password
      }

see http://php.net/manual/en/book.password.php for more info on password processing in PHP - using the password functions ensures that only a hashed version of the password is stored, that it gets rehashed at appropriate intervals and that the hashing algorithm gets automatically updated when a more secure one is required.
see http://php.net/manual/en/book.filter.php for more about the filters PHP makes available for validation

Note that some browsers will not submit the form if you give the submit button a name=“submit”. Unless you have multiple submit buttons its best to not give the submit button a name at all and test for one of the form fields being passed to determine that the form has just been submitted.

Validate all user inputs.

use a validation filter where one is available
use a built in function where one exists
use a regular expression if neither of the first two alternatives apply.

Don’t move values out of $_POST $_GET etc arrays until after the value has been validated or sanitized.

Don’t use mysqli_query if there are data fields to be substituted - use mysqli_prepare and mysqli_bind instead - this keeps the data completely separate from the SQL and makes sure the data doesn’t get misinterpreted as SQL

programmer · January 22, 2015, 9:35pm

the HEADER head is there at the top. It won’t just go and it dosen’t display any error

programmer · January 22, 2015, 9:38pm

I know about FILTER and I know about about SANITIZING and also password hashed…I only remove them from the code to make it easy to read

Mittineague · January 22, 2015, 9:39pm

Try adding this to the top of your file

/* development debugging */
error_reporting(E_ALL);
ini_set('display_errors', TRUE);
//error_reporting(0);
//ini_set('display_errors', FALSE);

Drummin · January 22, 2015, 10:16pm

As already noted by jeffreylees post#3, fix this line.

("Location: admin_display_jokes.php");

DON’T save login info to session.
Make sure there is no space before opening php tag.

programmer · January 22, 2015, 10:28pm

Where should I save the login info? And can I have your fb name so as to add you…

jeffreylees · January 22, 2015, 10:39pm

The actual word “header” header is missing. Without it you’re going nowhere regardless of your other issues

Drummin · January 22, 2015, 10:47pm

You are already setting user id to session. Use that to check in areas that require login. Not the email etc.
Also do check for the space before <?php.
At least in the code posted above it looks as though it’s tabbed in or there are spaces. There should be none.

programmer · January 22, 2015, 11:47pm

its working now but you said I should not save my login info into the session

Drummin · January 23, 2015, 12:36am

Yes, so don’t save it to session and remove from this line. Keep the id.

if(!isset($_SESSION['id'] && $_SESSION['email']){

programmer · January 23, 2015, 12:38am

I will but help me look at my new question on editing page in PHP

programmer · January 23, 2015, 12:40am

And I will really love to have you as friend on facebook as I seldom have internet connection over the system but I always make sure I stay connected on mobile and sitepoint dosen’t seems to work on phone anylonger

system · April 24, 2015, 7:46am

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.