I have created a basic login and registration process for an e-commerce website. My problem is user can only access home page by going through registration and not with the log in page.
Even though it states that the user has successfully registered without any errors fetched from the error.php file, there is no data found in the database after registration. The name of the registration database is called register and the table is called users. Please advice on my mistakes.
File server.php
<?php
session_start();
//variable declaration.
$username = "";
$email = "";
$errors = array();
$_SESSION['success'] = "";
//connect to database.
$db = mysqli_connect('localhost', 'root', '' , 'register');
//user registration.
if (isset($_POST['reg_user'])){
//receive all input values from the form.
$username = mysqli_real_escape_string($db, $_POST['username']);
$email = mysqli_real_escape_string($db, $_POST['email']);
//input password
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
//re-enter password
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
//form validation: esure that the form is correctly filled
if (empty($username)) { array_push($errors, "Username is required"); }
if (empty($email)) { array_push($errors, "Email is required");}
if (empty($password_1)) {array_push($errors, "Password is required"); }
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match!");
}
//Register users provided the form is error free.
if (count($errors) == 0){
//encrypt the password before saving in the database
$password = md5($password_1);
$query = "INSERT INTO users (username, email, password)
VALUES('$username', '$email', '$password')";
mysqli_query($dbi, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: ../index.php');
}
}
//...
// Login User
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
//if field is empty
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
//if field is not empty
if (count($errors) == 0) {
//fetch data from db
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: ../index.php');
}else {
array_push($errors, "Wrong username/password combination");
}
}
}
?>
File login.php
<?php include_once 'includes\server.php' ?>
<!DOCTYPE html>
<html>
<head>
<title>Log in form</title>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<div class="header">
<h2>Login</h2>
</div>
<form method="post" action="login.php">
<?php include('includes/errors.php'); ?>
<div class="input-group">
<label>Username</label>
<input type="text" name="username" >
</div>
<div class="input-group">
<label>Password</label>
<input type="password" name="password">
</div>
<div class="input-group">
<button type="submit" class="btn" name="login_user">Login</button>
</div>
<p>
Not yet a member? <a href="pages/register.php">Sign up</a>
</p>
</form>
</body>
</html>
Aucun commentaire:
Enregistrer un commentaire