0

I've got a login screen all setup but my php code doesn't seem to work with it. Can't find the issue either as the details I'm entering are correct but it is not displaying either of the outputs. 1 - being proceed to next page. 2 - being display message saying incorrect details. Atleast thats what I think it should be doing. My code is here;

 <?php
 session_start();
 if (isset($_POST['login'])):

 require_once('my_connect.php');
    $username=$_POST['username'];
    $password=$_POST['password'];

    $my_query="SELECT * from loanusers where username='$username' AND    password='$password'";
    $result= mysqli_query($connection, $my_query);

    if (mysqli_num_rows($result) >0):
    while ($myrow = mysqli_fetch_array($result)):

    $_SESSION['userid'] = $myrow["userid"];
    $_SESSION['username'] = $myrow["username"];
    $_SESSION['password'] = $password;
    $_SESSION['usertype'] = $myrow["usertype"];
    $_SESSION['authenticated'] = true;

    echo "<b> Hi ".$_SESSION['username']." (ID: ".$_SESSION['userid']."), You are now logged in!</b>";
    endwhile;

    //header('Location: homepage.php');

    else:
        echo "<b>Username or Password incorrect</b>";
    endif;
    mysqli_close();   

 endif; 
 require_once 'loginheader.php';

 ?>


 <html>
 <body>
 <h2>User Login</h2>
 <div id="loginp"><p>Need an Account? <a href='adduser.php'><b>Sign Up</b>  </p></a></div>


 <table>
 <form method="POST" action="homepage.php" autocomplete="off">
 <input type="text" name="username" placeholder="Username..."> 
 <br><br>
 <input type="password" name="password" placeholder="Password..."> 
 <br><br>
 <input type="submit" name="loanlogin" value="Sign In"  onclick="window.location.href='homepage.php'">
 </form> 
 </table>
 <br>
 <div id="loginp"><p>Forgot your Password?<b> Click Here</b></p></a></div>
 <body>
 <html>
Mucca019
  • 201
  • 1
  • 2
  • 15

3 Answers3

0

Remove the onclick Like user nv1t said as, there is already an form action referring to the same page. onclick functions are only for <button> tags

To pull the value, check this how to get a selected database value as a session variable in php - stackoverflow

Click the tick near the answer if this helped.

Community
  • 1
  • 1
Pranav Kumar
  • 104
  • 16
  • I need to pull the session variable information from my database rather than setting it in my php code. using $myrow["username"]; is this not correct? – Mucca019 May 26 '16 at 09:18
  • Updated answer. Check the bottom line. Click the arrow on the side of this answer if it helped – Pranav Kumar May 26 '16 at 09:26
0

Check these two Ideas:

  1. What are the values of $usernameand $password before you issue them to the select statement. (i would guess they are empty, then remove the onclick)
  2. is their really a username with this password in the database.

i would guess it's the onclick in your submit. You don't need this event their and it is not submitting the Form element.

Note that your code looks vulnerable to SQL and XSS injections, it's important to learn about security too while learning in PHP :-)

nv1t
  • 428
  • 2
  • 9
0

The html post action was taking me to another page bypassing the login script.

I changed the action to index.php and the login now displays an error if the details are incorrect and takes me to the take page if details are correct.

Thanks All for helping

Mucca019
  • 201
  • 1
  • 2
  • 15