Login system

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
marvela
Forum Newbie
Posts: 7
Joined: Wed Feb 18, 2015 9:18 pm

Login system

Post by marvela »

I'm creating a a login system for my website and up until now it was working fine. Below is the code for the page i am developing:

Code: Select all

<?php

$mysqli = new mysqli("localhost", "root", "root", "login") or die ("Couldn't connect to the server!");

error_reporting(0);

if ($_POST['login']) {
   if ($_POST['username'] && $_POST['password']){
      $username = $mysqli->real_escape_string($_POST['username']);
      $password = $mysqli->real_escape_string(hash("sha512", $_POST['password']));
      $userQuery = $mysqli->query("SELECT * FROM 'users' WHERE 'Username'='$username'"); 
      $user = $userQuery->fetch_array(MYSQLI_BOTH); 
      if (empty($user)) {
         die("That username doesn't exist! Try making <i>$username</i> today! <a href='index.php'>&larr; Back</a>");
      }
      if ($user['Password'] != $password) {
         die("Incorrect password! <a href='index.php'>&larr; Back</a>");
      }
      $salt = hash("sha512", rand() . rand() . rand());
      setcookie("c_user", hash("sha512", $username), time() +24 * 60 * 60, "/");
      setcookie("c_salt", $salt, $time() +24 * 60 * 60, "/");
      $userID = $user['ID'];
      $mysqli->query("UPDATE 'users' SET 'Salt'='$salt' WHERE 'ID'='$userID'");
      die("You are now logged in as $username!");   
   }
}

echo "

   <body style='font-family: verdana, sans-serif;'>
      <div style='width: 80%; padding: 5px 15px 5px; border: 1px solid #e3e3e3; background-color: #fff; color: #000;'
         <h1>Login</h1>
         <br />
         <form action='' method='post'>
            <table>
               <tr>
                 <td>
                    <b>Username:</b>
                 </td>
                 <td>
                    <input type='text' name='username' style='padding: 4px;' />
                 </td>
                </tr>
                <tr>
                   <td>
                      <b>Password:</b>
                   </td>
                   <td>
                      <input type='password' name='password' style='padding: 4px;' />
                   </td>
                </tr>
                <tr>
                   <td>
                      <input type='submit' value='Login' name='Login' />
                   </td>
                </tr>           
            </table>
         </form>
         <br />
         <h6>
            No account? <a href='register.php'>Register!</a>
         </h6>              
      </div>
   </body>   

";
?>
The code which i need help on is this line

Code: Select all

      if (empty($user)) {
         die("That username doesn't exist! Try making <i>$username</i> today! <a href='index.php'>&larr; Back</a>");
      }
If i type in a random user name into the usernae field it should come up with an error message which is stated above, instead the page just refreshes and there is no change taking place or any error message showing up. I have tried this line too but its not working; if ($user == '0'))

Please help, thank you
Quick Edit
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: Login system

Post by Christopher »

marvela wrote:I'm creating a a login system for my website and up until now it was working fine.
What changed?

Have you echoed what is contained in $user to know what you are getting (using print_r() or var_dump())? Also you should have backticks around table and field names, not single quotes.

Code: Select all

      $userQuery = $mysqli->query("SELECT * FROM 'users' WHERE 'Username'='$username'"); 
      $user = $userQuery->fetch_array(MYSQLI_BOTH); 
      if (empty($user)) {
         die("That username doesn't exist! Try making <i>$username</i> today! <a href='index.php'>&larr; Back</a>");
      }
(#10850)
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: Login system

Post by Celauran »

Code: Select all

error_reporting(0);
Stop doing this in development. Hiding errors from your users is great. Hiding them from yourself is counterproductive.
marvela
Forum Newbie
Posts: 7
Joined: Wed Feb 18, 2015 9:18 pm

Re: Login system

Post by marvela »

The code which i need help on is this line

Code: Select all

      if (empty($user)) {
         die("That username doesn't exist! Try making <i>$username</i> today! <a href='index.php'>&larr; Back</a>");
      }

If i type in a random user name into the usernae field it should come up with an error message which is:

Code: Select all

"That username doesn't exist! Try making <i>$username</i> today! <a href='index.php'>&larr; Back</a>"
, instead the page just refreshes and there is no change taking place or any error message showing up. I have tried this line too but its not working;

Code: Select all

if ($user == '0'))die("That username doesn't exist! Try making <i>$username</i> today! <a href='index.php'>&larr; Back</a>");
      }
I don't have any users stored in the database for testing purposes, i am simply trying to create a function from which a user will get a notification that a particular username doesn't exist, i have inputted a random name into the username field and when i click log in the page just refreshes and no change is taken place. I need that error message to show up on the page when a user types in a username that doesn't exist.
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: Login system

Post by Celauran »

Have you turned on error reporting like I suggested? Have you removed the quotes around column names? Checked the value of $user with var_dump?
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: Login system

Post by Christopher »

marvela wrote:The code which i need help on is this line
You just repeated what you said in your initial post and ignored our comments and requests! It seems pretty clear that they problem is with $user, so you need to backtrack through the code from that point and find out why that value is not being set right. Or if empty($user) is the wrong condition.
(#10850)
Post Reply