Login system
Posted: Wed Feb 18, 2015 9:22 pm
I'm creating a a login system for my website and up until now it was working fine. Below is the code for the page i am developing:
The code which i need help on is this line
If i type in a random user name into the usernae field it should come up with an error message which is stated above, instead the page just refreshes and there is no change taking place or any error message showing up. I have tried this line too but its not working; if ($user == '0'))
Please help, thank you
Quick Edit
Code: Select all
<?php
$mysqli = new mysqli("localhost", "root", "root", "login") or die ("Couldn't connect to the server!");
error_reporting(0);
if ($_POST['login']) {
if ($_POST['username'] && $_POST['password']){
$username = $mysqli->real_escape_string($_POST['username']);
$password = $mysqli->real_escape_string(hash("sha512", $_POST['password']));
$userQuery = $mysqli->query("SELECT * FROM 'users' WHERE 'Username'='$username'");
$user = $userQuery->fetch_array(MYSQLI_BOTH);
if (empty($user)) {
die("That username doesn't exist! Try making <i>$username</i> today! <a href='index.php'>← Back</a>");
}
if ($user['Password'] != $password) {
die("Incorrect password! <a href='index.php'>← Back</a>");
}
$salt = hash("sha512", rand() . rand() . rand());
setcookie("c_user", hash("sha512", $username), time() +24 * 60 * 60, "/");
setcookie("c_salt", $salt, $time() +24 * 60 * 60, "/");
$userID = $user['ID'];
$mysqli->query("UPDATE 'users' SET 'Salt'='$salt' WHERE 'ID'='$userID'");
die("You are now logged in as $username!");
}
}
echo "
<body style='font-family: verdana, sans-serif;'>
<div style='width: 80%; padding: 5px 15px 5px; border: 1px solid #e3e3e3; background-color: #fff; color: #000;'
<h1>Login</h1>
<br />
<form action='' method='post'>
<table>
<tr>
<td>
<b>Username:</b>
</td>
<td>
<input type='text' name='username' style='padding: 4px;' />
</td>
</tr>
<tr>
<td>
<b>Password:</b>
</td>
<td>
<input type='password' name='password' style='padding: 4px;' />
</td>
</tr>
<tr>
<td>
<input type='submit' value='Login' name='Login' />
</td>
</tr>
</table>
</form>
<br />
<h6>
No account? <a href='register.php'>Register!</a>
</h6>
</div>
</body>
";
?>Code: Select all
if (empty($user)) {
die("That username doesn't exist! Try making <i>$username</i> today! <a href='index.php'>← Back</a>");
}Please help, thank you
Quick Edit