1

I know this question was posted over and over, I've tried already to fix it with

if(isset($_POST['username'])) {} ... and check if $_POST is with capital letters and see if they are declared correct both in login form and in check_login script, I just can't find why is this happening.

Yesterday was all working fine, today when I open my pc I just try it to go further and suddenly it doesn't work anymore also the database table user was empty?! Im storing the database locally through xampp so no one could get into it,I don't know really what changed.

this is my login form :

<?php 
session_start();
if(isset($_SESSION['memberlogged'])== true)
{
    header("location: login_success.php");
}
?>
<!DOCTYPE HTML>
<html>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<center>
<body style="background-color:rgb(248,248,248);">
<div id="loginmenu">
<img src="/img/choose.jpg"><br>
<input type="text" name="username" id="unu" placeholder="username"> <br /><br>
<input type="password" name="password" id="unu"  placeholder="password"> <br />
<br><input type="submit" value="Log in" id="button" onClick="parent.location='check_login.php'"> 
<div class="divider"></div>
<input type="submit" id="button2" onClick="parent.location='index.php'" value='Leave' name="leave">
</center>
</div>
</body>
</html>

and this is my check_login.php script

<?php
include ("config.php");
// username and password sent from form
$password=$_POST['password']; 
$username=$_POST['username']; 
// To protect MySQL injection 
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$query="SELECT * FROM users WHERE username='$username' and password='$password'";
$result=mysql_query($query);
// Mysql_num_row is counting table row
if($query)
{
$count=mysql_num_rows($result);}
else
{die ("something is not good");}
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
 // SAVE SESSION VARIABLES AND REDIRECT TO "login_success.php"
    $_SESSION['username'] = $username;
    $_SESSION['memberlogged'] = true;
    header("location:login_success.php");
    exit;
}
else {
echo "Wrong Username or Password";
}
?>

when I try to connect ( the login datas are 100% corect ) I get

Notice: Undefined variable: username in *********\check_login.php on line 6

Notice: Undefined variable: password in *********\check_login.php on line 7 Wrong Username or Password

Paul R
  • 208,748
  • 37
  • 389
  • 560
mrwhite
  • 105
  • 12
  • You're using `if ($query)` to check for the query working properly. However, your `if` statement is actually checking if `$query` is not empty. You need to be using `if ($result)`. Also, stop using the `mysql_` functions - they're being removed in PHP 7. Use PDO or `mysqli_` and learn about prepared statements. Also, you're not actually logging what the error is so you're trying to debug this using sheer luck – DaveyBoy Sep 08 '15 at 13:59
  • " you're not actually logging what the error is so you're trying to debug this using sheer luck" I m not sure what you mean, you wanna say that I am not pointing out whats the problem by the error reporting? – mrwhite Sep 08 '15 at 14:51
  • To aid debugging, you need to know what the error is. The only place that your errors will appear is in the standard PHP error log (assuming that you have set the `error_reporting` configuration variable. If you get an error when accessing a MySQL database, how can you be sure whether the error is in your code or a problem with the database server itself? If you add some debug logging into your code, when an error occurs you can record variables, error messages etc and it will make debugging a lot easier. Always handle errors cleanly and give the user useful information – DaveyBoy Sep 08 '15 at 15:02
  • @DaveyBoy the error is actually quite clear and verbose : `Undefined variable` this is common as it can get bar a `404` error. As for the prepared statements, an endless archive of advice could be given for best practices with databases however outside the scope of the question. – Pogrindis Sep 08 '15 at 15:06
  • I understand now the point,I will work on that as it is my next step to do as suggested and change the mysql_ functions and try my best to add some debug logging but I first have to read about it . Thank you for the advice. Also what is better mysqli or PDO ? – mrwhite Sep 08 '15 at 15:22

1 Answers1

1

You need to add form HTML and action attribute... 

<form action="check_login.php" method="POST">
<input type="text" name="username" id="unu" placeholder="username"> <br /><br>
<input type="password" name="password" id="unu"  placeholder="password"> <br />
<br><input type="submit" value="Log in" id="button"> 
<div class="divider"></div>
<a href="index.php" class="stlying_class">Leave</a>
</form>

This tells the form where to send the $_POST[x] information and what method to use POST.

You can remove the onClick="parent.location='check_login.php'" as this will just change the page without sending any information.

We can leave the Submit up to the HTML input type of submut.

As you rightly pointed out, the "Leave" button will still sumbit the form, so I have changed that to a hyperlink, this can be edited as you like.

Alternatively you could add it as an input with no type and keep the on-click event!

Pogrindis
  • 7,755
  • 5
  • 31
  • 44