0

I have a basic login / register form. When you select register it goes to my registration form ok. My problem is with the login. I want to check login information in my database and then display a different header section. I am a student and getting confused with all the different information regarding how to do this.

Currently, I am calling a javascript function on clicking login but then I want to call my php file access.php, return to my html page index.php where I want to check if the user is logged in and if so display logged_in.html.php.

login_register_form.html.php

<div id="login_form">
  <form action="access.php" method="POST" name="login_form">
    <label id="label_email">Email<span class ="red">*</span></label>
    <label id="label_password">Password<span class ="red">*</span></label>
    </br>
        <input type="text" name="email" id="email"/>
        <input type="password" name="password" id="password"/>
    <div id="form_buttons">
        <button onclick="loginUser()" Type="button" id="login" name="action" value="login">Login</button>       
        <button onclick="newUser()" Type="button" id="register" name="register">Register</button>
    </div>
  </form>

javascript

function loginUser() {
    $.ajax({
        url: 'access.php',
        dataType: 'php'
    })
    window.location.assign("index.php");
}

access.php

function userIsLoggedIn()
{
    if (isset($_POST['action']) and $_POST['action'] == 'login')
    {
        if (!isset($_POST['email']) or $_POST['email'] == '' or
        !isset($_POST['password']) or $_POST['password'] == '')
        {
            $GLOBALS['loginError'] = 'Please fill in both fields';
            return FALSE;
        }
        if (databaseContainsUser($_POST['email'], $password))
        {
            session_start();
            $_SESSION['loggedIn'] = TRUE;
            $_SESSION['email'] = $_POST['email'];
            $_SESSION['password'] = $password;
            return TRUE;
        }
        else
        {
            session_start();
            unset($_SESSION['loggedIn']);
            unset($_SESSION['email']);
            unset($_SESSION['password']);
            $GLOBALS['loginError'] =
            'The specified email address or password was incorrect.';
            return FALSE;
        }
    }
}
function databaseContainsUser($email, $password)
{
    require_once('mysqli_connect.php');
    $username = $password = "";

    if (isset($_POST["submit"])){
       $username = test_input($_POST["username"]);
       $password = test_input($_POST["password"]);
    }

    $query = "SELECT * FROM users 
        WHERE username='".$_POST['username']."' 
        AND password = '".($_POST['password'])."'";

    $result = mysqli_query($DBConnect, $query) or die();
    if (mysqli_num_rows($result) > 0) {
        while($row = mysqli_fetch_array($result)) {
            echo "<img src={$row["avatar"]} alt='avatar image' />";
        }
        return TRUE;
    }
    else {
        echo "Invalid login";
        return FALSE;
    }
}

and index.php

<?php 
session_start();

if (!isset($_SESSION['loggedIn'])){
    include 'access.php';
}
?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.0/jquery.min.js"></script>
    <script type ="text/javascript" src="functions.js"></script>
</head>

<body>
  <div id="body">
    <div id="container">
        <?php if (!isset($_SESSION['loggedIn'])){
                include 'login_register_form.html.php';
            }
            else {
                include 'logged_in.html.php';
            }
        ?>

Any help at all would be greatly appreciated

Jay Blanchard
  • 34,243
  • 16
  • 77
  • 119
Pamela Keogh
  • 133
  • 1
  • 2
  • 10
  • **Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure that you [don't escape passwords](http://stackoverflow.com/q/36628418/1011527) or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard May 05 '16 at 16:48
  • To get a return via AJAX you have to echo something out in your PHP. – Jay Blanchard May 05 '16 at 16:49
  • [Little Bobby](http://bobby-tables.com/) says [your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard May 05 '16 at 16:49

1 Answers1

0

I can explain you a simple process that you need to follow in order to get it working.

You dont really need javascript and an ajax to get it working. Until and unless you dont need things happening in background and if all goes good go to dashboard page.

You can have a login page where user enters email and password. On submit of the form you go to access.php page. Which does connecting to db and checking if credential are correct and if user exists. If all goes good. Then simply redirect user to a dashboard page with sessions and if things dont go well as planned send user to home page with error shown.

You csn follow any of these two tutorial to get you started.

http://www.codingcage.com/2015/01/user-registration-and-login-script-using-php-mysql.html?m=1. Or

https://htmlcssphptutorial.wordpress.com/2015/07/07/simple-user-registration-login-script-in-php-and-mysql/

Murlidhar Fichadia
  • 2,589
  • 6
  • 43
  • 93
  • Thanks Murlidhar. I could get it working if I could send to new page but I need it to go back to index.php with a different header only and this is where I am having problems. The reason i tried to used ajax is because when I did research, most of the answers to other similar queries said that it was needed. – Pamela Keogh May 05 '16 at 18:55