0

I am facing error in my code. My problem is not allowing signin at the home page. The database is working fine. The validation is fine. The problem is in script of login page. It is showing an error only in the success portion.

Here are my files:

login1.php

<!DOCTYPE html>
<?php 
    include('header.php');
?> 
<html>
<head>
    <title>Login screen</title>
    <script type="text/javascript" src="script/validation.min.js"></script>
    <script type="text/javascript" src="script/login.js"></script>
    <link href="css1/style_log.css" rel="stylesheet" type="text/css" media="screen">
</head>
<body>
    <div class="container">
        <h1 align=center></h1>
        <h2 align=center style="color:purple";> </h2>       
        <form class="form-login" method="post"name="Loginform" action="" id="login-form">
            <h2 class="form-login-heading">User Log In Form</h2>
            <hr />
            <div id="error"></div>
            <div class="form-group">
                <input type="email" class="form-control" placeholder="Email address" name="userEmail" id="user_email" />
                <span id="check-e"></span>
            </div>
            <div class="form-group">
                <input type="password" class="form-control" placeholder="Password" name="password" id="password" />
            </div>
            <hr />
            <div class="form-group">
                <button type="submit" class="btn btn-success" name="submit" id="login_button">
                    <span class="glyphicon glyphicon-log-in"></span> &nbsp; Sign In
                </button> 
            </div> 
            <div class="form-group">
                <button class="btn btn_success"> <a href="reg.php"style="text-decoration: none;">Sign up</a></button>
                <button class="btn btn_success"> <a href="forget_password.php"style="text-decoration: none;" >Forget password?</a></button>
                <button class="btn btn_success"><a href="reset_password.php"style="text-decoration: none;">Reset password</a>  </button>    
        </form>
            </div>
    </div>
</div>
</body>
</html>

login1_action.php

<?php
session_start();
include'connect.php';
if(isset($_POST['submit'])& !empty($_POST)){  //check the input is post or not 
    $email=(strip_tags($_POST['userEmail']));  //post the input.
    $password=md5(strip_tags($_POST['password']));  
    require"connect.php";       
    echo  $q="select password,useremail from users where password='$password' and useremail='$email'"; //select the data from table for validation
    $result=mysqli_query($con,$q);
    $row=mysqli_fetch_assoc($result);
    if($row['password']==$password){                
        echo "ok";
        exit;
        $_SESSION['user_session'] = $row['serialno'];
    } else {                
        echo "email or password does not exist."; // wrong details 
    }                      
}
?>

login.js

$('document').ready(function() { 
    /* handling form validation */
    $("#login-form").validate({
        rules: {
            password: {
                required: true,
            },
            userEmail: {
                required: true,
                email: true
            },
        },
        messages: {
            password:{
                required: "please enter your password"
            },
            userEmail: {required: "please enter your password"},
        },
        submitHandler: submitForm   
    });    
    /* Handling login functionality */
    function submitForm() {     
        var data = $("#login-form").serialize();                
        $.ajax({                
            type : 'POST',
            url  : 'login1_action.php',
            data : data,
            beforeSend: function(){ 
                $("#error").fadeOut();
                $("#login_button").html('<span class="glyphicon glyphicon-transfer"></span> &nbsp; sending ...');
            },
            success : function(response){                       
                if(response=="ok") {                                    
                    $("#login_button").html('<img src="ajax-loader.gif" /> &nbsp; Signing In ...');
                    setTimeout(' window.location.href = "index1.php"; ',4000);
                } else {                                    
                    $("#error").fadeIn(1000, function() {                       
                        $("#error").html('<div class="alert alert-danger"> <span class="glyphicon glyphicon-info-sign"></span> &nbsp; '+response+' !</div>');
                        $("#login_button").html('<span class="glyphicon glyphicon-log-in"></span> &nbsp; Sign In');
                    });
                }
            }
        });
        return false;
    }   
});
mickmackusa
  • 43,625
  • 12
  • 83
  • 136
Amrutha Ammuz
  • 1
  • 3

1 Answers1

0

In login1.php:

  • You have a semicolon outside your style value on <h2>. Pull it inside the double quote.
  • You have one too many </div>'s at the end and your </form> is out of nesting order.

In login1_action.php:

  • Your first condition statement only has one & in the between the two conditions. Change this to &&.
  • You are using exit before you declare the $_SESSION data. Move exit after the declaration.
  • Your query is not injection-safe. I advise you to use a prepared statement.
  • You are not calling the serialno column in your query, but you are asking for the value from the resultset when you are declaring the $_SESSION['user_session'] value.

Here is a new block of code using a prepared statement:

if($stmt=$con->prepare("SELECT `serialno` FROM `users` WHERE `useremail`=? AND `password`=?;")){
    // stripping tags will do nothing to protect you
    $email=$_POST['userEmail'];
    $password=md5($_POST['password']);
    $stmt->bind_param("ss",$email,$password);
    $stmt->execute();
    $stmt->store_result();
    $stmt->bind_result($serialno);
    if($stmt->fetch()){
        $_SESSION['user_session']=$serialno;
        echo "ok";
        $stmt->free_result();
    }else{
        echo "Incorrect Username/Password Combination";  // Query Logic Error
    }
    $stmt->close();
}else{
    echo "Query Syntax Error"; // echo mysqli_error($con);
}

And I recommend that you replace your md5() function. Reading: Why not use MD5 for password hashing?

Community
  • 1
  • 1
mickmackusa
  • 43,625
  • 12
  • 83
  • 136