Log in form does not work and i cant find out why

Question

I am trying to make a simple login form but I can not make it work. I have tried different things and searched for answers but nothing seems to be working. When I press the login button nothing happens its like there is no code for it.

here is the code I used:

<?php require 'Connections/Connections.php';?>

  <?php 
        if(isset($_POST['Login'])){
            $EM = $_POST['email'];
            $PW = $_POST['pwd'];

           $result = $con->query("SELECT email, pwd WHERE email=$EM and pwd='$PW'");

           $row = $result->fetch_array(MYSQLI_BOTH);

           session_start();

           $_SESSION["user_id"] = $row['user_id'];

           header('Location: account.php');
        }
?>



<html>
<head>
    <title>Social</title>
    <link rel="stylesheet" href="css/signin.css">
</head>
<body>



<div id="form">
   <form id ="form1">

      <input class="paper" type="email" name="email" id="email" required="required" placeholder="E-mail:"><br>

      <input class="paper1" type="password" name="pwd" id="pwd" required="required" placeholder="Password:">

      <button name="Login" id="login" value="Submit" type="submit">Login</button>

   </form>

   <form id="form2" action="register.php" method="get">

      <button name="register" id="button2" value="submit" type="submit">Register</button>    

   </form>
</div>

<!-- <img id="logo" src="logo1.png">-->

</body>
</html>

and here is what the required file has in it:

<?php

        $con = mysqli_connect("localhost","root","","phplogin");

?>

Please consider using [PDO](http://php.net/manual/en/class.pdo.php) as legacy mysql_* methods are [deprecated](http://stackoverflow.com/a/12860046/1128459). — Sean3z, Feb 01 '16 at 18:16
From which table you are selecting _SELECT email, pwd WHERE email='$EM' and pwd='$PW'_ — Niklesh Raut, Feb 01 '16 at 18:17
Read up on string literals http://dev.mysql.com/doc/en/string-literals.html also. Not to mention an SQL injection. checking for errors would have told you about the errors. Forms default to a GET method if not implied. — Funk Forty Niner, Feb 01 '16 at 18:20
I think is a problem because you have two forms in the same page — Corina Gheorghe, Feb 01 '16 at 18:21
@CorinaGheorghe no, that's not it. One of those form tags are wrong though, but it has nothing to do with their 2nd form. — Funk Forty Niner, Feb 01 '16 at 18:22
Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). — Jay Blanchard, Feb 01 '16 at 18:23
[Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). — Jay Blanchard, Feb 01 '16 at 18:24
@Sean3z Nice advice, but simply wrong. The OP is _not_ using the deprecated `mysql_*` functions. Please read a question before giving advice. Thanks! — arkascha, Feb 01 '16 at 18:27
i dont care about sql injection and password security for now. I am still learning so i will worry about that later — Stavnik, Feb 01 '16 at 18:58
well... the problem remains that the user id still does not show up even it should and i tried removing the action="account.php" from the form (in case that the problem lies there) but it pretty much the user does not exists — Stavnik, Feb 01 '16 at 20:14

Rajdeep Paul · Answer 1 · 2016-02-01T21:21:13.133

4

First of all, start session at the very top of your PHP script, like this:

<?php
    session_start();
?>

Second, add action="post" attribute to your <form> element,

<form id ="form1" method="post">

Third, your SELECT query is also wrong, it should be:

$result = $con->query("SELECT user_id, email, pwd FROM your_table WHERE email='$EM' and pwd='$PW'");

And finally, use ->num_rows to check the number of rows returned by the SELECT query, and use exit() after header() because header() alone is not sufficient to redirect the user to a different page.

Here are the references:

So your code should be like this:

// your code

$result = $con->query("SELECT user_id, email, pwd FROM your_table WHERE email='$EM' and pwd='$PW'");
if($result->num_rows){
    $row = $result->fetch_array(MYSQLI_BOTH);
    $_SESSION["user_id"] = $row['user_id'];
    header('Location: account.php');
    exit();
}else{
    echo "Incorrect user credentials";
}

// your code

edited Feb 01 '16 at 21:21

answered Feb 01 '16 at 18:16

Rajdeep Paul

16,887
3
18
37

1

@Fred-ii- yeah, I was updating that also. – Rajdeep Paul Feb 01 '16 at 18:19
it seems to be working better now but when is redirected it does not show the user id. this is thewhat is in the account.php

This is your user id

– Stavnik Feb 01 '16 at 18:52
also the else statment is showing without pressing the log in button. – Stavnik Feb 01 '16 at 19:02
@Stavnik Like I said, always start session at the top of your PHP scripts. And when you do `echo $_SESSION[user_id]` you'll get *undefined constant user_id* error, do this: `echo $_SESSION['user_id'];`. Which *else* statement? – Rajdeep Paul Feb 01 '16 at 19:05
@Stavnik Perhaps you did this: `if(isset($_POST['Login'])){ ... }else{ echo "Incorrect user credentials"; }`, aren't you? – Rajdeep Paul Feb 01 '16 at 19:15
no its like this: if($result->num_rows){... }else{ echo "Incorrect user credentials"; } – Stavnik Feb 01 '16 at 19:20
@Stavnik *Incorrect user credentials* will be displayed only when the user hits the login button and user credentials are wrong. Paste your code on [pastebin.com](http://pastebin.com/) and give me the link here. – Rajdeep Paul Feb 01 '16 at 19:24
@Stavnik Your code should be like this, [http://pastebin.com/bHD7gNFW](http://pastebin.com/bHD7gNFW). And don't forget to replace `your_table` with your actual table name in `SELECT` query. – Rajdeep Paul Feb 01 '16 at 19:55
well... the problem remains that the user id still does not show up even it should and i tried removing the action="account.php" from the form (in case that the problem lies there) but it pretty much the user does not exists – Stavnik Feb 01 '16 at 20:46
@Stavnik Did you change everything I suggested? Like [this](http://stackoverflow.com/questions/35137442/log-in-form-does-not-work-and-i-cant-find-out-why/35137520?noredirect=1#comment57996621_35137520) and [this](http://stackoverflow.com/questions/35137442/log-in-form-does-not-work-and-i-cant-find-out-why/35137520?noredirect=1#comment57998428_35137520)? – Rajdeep Paul Feb 01 '16 at 20:51
@Stavnik Error reporting should be turned on in all pages. Add these lines `error_reporting(E_ALL); ini_set('display_errors', 1);` at the top of your PHP scripts and see if it yields any error or not. – Rajdeep Paul Feb 01 '16 at 21:06
it gives me this error Notice: Undefined index: user_id in /home/stavros/Documents/projects/loreg/account.php on line 9 – Stavnik Feb 01 '16 at 21:10
this is line 9
This is your user id
this is the whole code

This is your user id

– Stavnik Feb 01 '16 at 21:11
@Stavnik Now I figured out what exactly is the problem. First tell me, what's your table name and is there any attribute named *user_id* is your table? – Rajdeep Paul Feb 01 '16 at 21:14
the table name is user and yes there is an attribute named user_id – Stavnik Feb 01 '16 at 21:17
@Stavnik See your SELECT query, `SELECT email, pwd FROM your_table WHERE ...`, you're getting only the *email* and *pwd* attributes from the table. Change your SELECT query, it should be, `$result = $con->query("SELECT \`user_id\`, \`email\`, \`pwd\` FROM \`user\` WHERE email='$EM' and pwd='$PW'");` – Rajdeep Paul Feb 01 '16 at 21:19
i still get the error but maybe that is because when i login the page it takes me to has the error not the login page itself.There is something else that is wrong aswell. – Stavnik Feb 01 '16 at 21:29
@Stavnik Learn to debug code. Destroy session cookies and run your application again. I don't know the structure of your table, nor do I know what it contains, but try running `SELECT * FROM \`user\` WHERE ...` query, remove `header('Location: account.php'); exit();` just for the debugging purpose and do `echo $_SESSION['user_id'];` and see what are you getting. Good luck. – Rajdeep Paul Feb 01 '16 at 21:39

score 0 · Answer 2 · answered Feb 01 '16 at 18:18

0

You're trying to redirect with the header() function, but because of how you've sectioned off your <?php tags at the top, you're probably getting a suppressed error about headers already being sent. If you clean up the top of your file, the redirect should work:

<?php
require 'Connections/Connections.php';
if (isset($_POST['Login'])){
    ...

answered Feb 01 '16 at 18:18

mopo922

6,293
3
28
31

1

you missed something too and I doubt it's a header issue, but... it could it could. – Funk Forty Niner Feb 01 '16 at 18:19

Log in form does not work and i cant find out why

2 Answers2