1

**So, this is my code for a log in page. The problem I have is that when I click the button to log in I get this outcome which does not help me in any way to see my mistake -

here is a picture I do not understand why I get this as an outcome. I have a working sign up page which is capable of sending the sign up data to the database where it is stored. When I try to log in with this data though, it does not recognise the data. I checked a few times the code, I am still new to php and can not find the problem.

I hope it is not a stupid question. Thank you in advance!

PHP Log in

  <?php>
        session_start();

        $error='';//here we store potential errors

        if(isset($_POST['submit'])) {
            if(empty($_POST['username']) || empty($_POST['password'])) {
                $error = "Username or password invalid";
            }
            else
            {
                //define the variables
                $username = $_POST['username'];
                $password = $_POST['password'];

                //connection
                $conn= mysqli_connect("host","***","***","***");

                $query = "SELECT * FROM user WHERE username='$username' AND password='$password'";

                $stmt = $conn->prepare($query);
                $stmt->bind_param("ss",$username,$password);
                $stmt->execute();
                $stmt->bind_result($username,$password);
                $stmt->store_result();

            if($stmt->fetch())
            {
                $_SESSION['username'] = $username;
                 $_SESSION['success'] = "You are now logged in";
                header("location: index.php");
            }
            else{
                $error="Username or Password invalid";
            }
            mysqli_close($conn);
        }
    }




    ?>


?>

Log In form

<?php
include_once 'header.php';
?>

<div class="header">
    <h2>Login</h2>
  </div>

  <form method="post" action="Log.php">
    <?php include('errors.php'); ?>
   <input placeholder="Username" type="text" name="username" >
      <input placeholder="Password" type="password" name="password" >

       <input type="submit" name="submit" >
    <p>
        Not yet a member? <a href="register.php">Sign up</a>
    </p>
  </form>

 <?php
include_once 'footer.php';

?>
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
Ангел Хаджиев
  • 23
  • 5

1 Answers1

0

-- starting php tag is <?php not <?php>.
-- header location is with capital L.
-- you should start_session() to can access your session.
-- only bind_result for the number of columns returned from the query.
-- you should add more customization to your code to handle "invalid logins" and "logged in users" and "logout" .

here is your code after a bit of refactoring
index.php

<?php 
    session_start();

    if( isset( $_GET['success'] ) )
    {
         echo "You are now logged in";
    }
    else if( isset($_GET['logout'] ) )
    {
         session_destroy();
    }
    else if( isset( $_GET['invalid'] ) )
    {
         echo "Invalid username or password";
    }

 ?>

<!DOCTYPE html>
<html> 
    <head>
       <title>Login</title>
    </head>
    <body>
         <div class="header">
             <h2>Login</h2>
         </div>

         <form method="post" action="Log.php">

             <input placeholder="Username" type="text" name="username" >
             <input placeholder="Password" type="password" name="password" >

             <input type="submit" name="submit" >
             <p>
                   Not yet a member? <a href="register.php">Sign up</a>
             </p>
         </form>

     </body>
</html>

Log.php

<?php
    session_start();

    $error='';//here we store potential errors

    if(isset($_POST['submit'])) {
        if(empty($_POST['username']) || empty($_POST['password'])) {
            $error = "Username or password invalid";
        }
        else
        {

            //define the variables
            $username = $_POST['username'];
            $password = $_POST['password'];

            //connection
            $conn= mysqli_connect("localhost","mysql_username","mysql_password","database_name");

            /* check connection */
            if ( mysqli_connect_errno() ) {
                printf("Connect failed: %s\n", mysqli_connect_error());
                exit();
            }

            if( $stmt = $conn->prepare("SELECT username FROM user WHERE username = ? AND password = ? ") ) 
            {
                $stmt->bind_param("ss",$username,$password);
                $stmt->execute();

                $stmt->bind_result($username);                    

                if($stmt->fetch())
                {
                    $_SESSION['username'] = $username;
                    header("Location: index.php?success");
                }
                else{
                    header("Location: index.php?invalid");
                }
                mysqli_close($conn);
            }
    }
}

?>
aa-Ahmed-aa
  • 363
  • 4
  • 14
  • Thank you. I tried it but somehow it still does not shows that user does not exist. Shows me this mistake -Number of variables doesn't match number of parameters in prepared statement in D:\XAMPP\htdocs\PHP_Part\Log.php on line 22 – Ангел Хаджиев Mar 24 '18 at 11:47
  • make sure you have updated the `mysqli_connect` line with your database credential and check the query and make sure you are selecting from the correct table (my database table was `users` not `user` so you need to check that. – aa-Ahmed-aa Mar 24 '18 at 15:56
  • Yes, I did check it. I changed what should have been changed. – Ангел Хаджиев Mar 24 '18 at 16:14
  • the error is in the prepare statement make sure it have two question marks and two variables be passed to the `bind_results` and check this answer too it might help https://stackoverflow.com/questions/14781051/php-mysqi-bind-param-number-of-variables-doesnt-match-number-of-parameters-in-p – aa-Ahmed-aa Mar 24 '18 at 17:10
  • Thank you a lot. Now it works. The only problem is that the echo's for showing that there is no such user do not work. – Ангел Хаджиев Mar 24 '18 at 19:38