0

PHP noob here. I'm trying to create a login file. Here's my code:

HTML:

<body>
<div class="login">
    <h2 class="login-header">Log in</h2>
    <form action="practice.php" method="POST" class="login-container">
        <p>
            <label>Username: </label>
            <input type="text" id="user" name="user" placeholder="Enter Username" required/>
        </p>
        <p>
            <label>Password:</label>
            <input type="password" id="pass" name="pass" placeholder="Enter Password" required/>
        </p>
        <p>
            <input type="submit" id="btn" value="Login" />
        </p>

    </form>
</div>

PHP:

<?php

    $usernameIn = $_POST['user'];
    $passwordIn = $_POST['pass'];

    $usernameIn = stripcslashes($usernameIn);
    $passwordIn = stripcslashes($passwordIn);
    $usernameIn = mysql_real_escape_string($usernameIn);
    $passwordIn = mysql_real_escape_string($passwordIn);

    $host = 'localhost';
    $user = 'root';
    $password = '';
    $db ='practice';

    $connection = mysqli_connect($host,$user,$password,$db);// you can select db separately as you did already
    if($connection){
        $ret = mysqli_query($connection,"SELECT `userName`, `password`, `clearacne` FROM 
            `users_table` WHERE `userName`='$usernameIn' AND `password`='$passwordIn'");
        global $to_encode = array();
        while($row = mysqli_fetch_assoc($ret)) {
            $to_encode[] = $row;
        }

        //user doesn't exist redirect to error page
        if(empty($to_encode)) header("Location: http://localhost/practiceLogin/loginErrorIndex.html");

        //user exist continue
        else{ 
            $to_encode = json_encode($to_encode);
            header("Location: http://localhost/practiceLogin/loginOkIndex.php");
        }


    }else{
        echo "db connection error because of".mysqli_connect_error();
    }
  ?>

Two questions: 1)Is there a way to process the info the user puts in and redirect him to a new file ONLY if the info exists in the database? 2)How can I pass the variable $to_encode from the practice.php to other .php files without including/requiring the practice.php file?

Basically what I'm trying to do is to not allow access if the user isn't registered, and if he is then allow access to another file and use a JSON object that represents different parameters associated with the user.

Thank you!

Alex Schwartzman
  • 13
  • 3
  • You should probably throw this away and start over using only `mysqli_*`, prepared statements and a securely hashed password. See for example http://stackoverflow.com/questions/401656/secure-hash-and-salt-for-php-passwords – jeroen May 18 '17 at 18:35

1 Answers1

0

First question: You are already making redirects:

 header("Location: http://localhost/practiceLogin/loginOkIndex.php");

Second question: Yes, there is a way. It is called session. You can read more here: http://php.net/manual/en/book.session.php

The basic explanation - once you check if username/password match you start a session, put some temp variables in it, a file has been written in your server's HDD and a cookie has been sent to your user's browser. Next time the user sends request to some of your pages, you check for the cookie, check if session is still active an not expired and you can get your temp variables from the session's file.

The heavy stuff is already written and automated. Just put some time on reading the link I gave you and also I am sure you will find many example resources over the Internet.

Todor Simeonov
  • 806
  • 1
  • 6
  • 11