Hi everyone!
I know this problem has already been discussed but I use MYSQLI so I have different issue here.

My problem is:
I have coded a login page (my testing page) för a forum that I am creating.
But it doesn't work.
I have spent 4 days going through everything and have now scratched off all of my hair from my head ;)
Could anyone take a look and se what the problem is
Thank you very much.

<?php
// This section processes submissions from the login form
// Check if the form has been submitted:
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
//connect to database
require('dbconnection.php');
// Validate the email address
if (!empty($_POST['email'])) {
$e = mysqli_real_escape_string($dbcon, $_POST['email']);
} else {
$e = FALSE;
echo '<p class="error">You forgot to enter your email address.</p>';
}
// Validate the password
if (!empty($_POST['psword'])) {
$p = mysqli_real_escape_string($dbcon, $_POST['psword']);
} else {
$p = FALSE;
echo '<p class="error">You forgot to enter your password.</p>';
}
if ($e && $p){//if no problems
// Retrieve the user_id, first_name and user_level for that email/password combination
$q = "SELECT user_id, fname, user_level FROM members WHERE (email='$e' AND psword=SHA1('$p'))";
// Run the query and assign it to the variable $result
$result = mysqli_query ($dbcon, $q);
// Count the number of rows that match the email/password combination
if (@mysqli_num_rows($result) == 1) {//if one database row (record) matches the input:-
// Start the session, fetch the record and insert the three values in an array
session_start();
$_SESSION = mysqli_fetch_array ($result, MYSQLI_ASSOC);
// Ensure that the user level is an integer.
$_SESSION['user_level'] = (int) $_SESSION['user_level'];
// Use a ternary operation to set the URL
$url = ($_SESSION['user_level'] === 1) ? 'home.php' : 'member.php';
header('Location: ' . $url); // Make the browser load either the members’ or the admin page
exit(); // Cancel the rest of the script
mysqli_free_result($result);
mysqli_close($dbcon);
} else { // No match was made.
echo '<p class="error">The e-mail address and password entered do not match our records 
<br>Perhaps you need to register, just click the Register button on the header menu</p>';
}
} else { // If there was a problem.
echo '<p class="error">Please try again.</p>';
}
mysqli_close($dbcon);
} // End of SUBMIT conditional.
?>

And here is the login fields' table

<?php require ('dbconnection.php'); ?>
<form action="index.php" method="post">
<table cellpadding="1" cellspacing="1">
    <tr>
        <td>
            <label class="under_title">
        Your e-mail address 
            </label>
        </td>
        <td>
            <label class="under_title">
        Password
            </label>
        </td>
    </tr>
    <tr>
        <td>
            <input class="login_fields" type="text" id="email" name="email" value="<?php if(isset($_SESSION['email'])); echo $_POST['email']; ?>"
        </td>
        <td>
            <input class="login_fields" type="password" name="psword" value=""
        </td>
    </tr>
    <tr>
        <td colspan="2">
            <input class="login_button" name="login" id="login" type="submit" value="Login now">
        </td>
    </tr>
    <tr>
        <td>
            <a href="index.php" target="_self"> Forgot password?</a>
        </td>
        <td>
            <a href="register.php" target="_self"> Create account.</a>
        </td>
    </tr>
</table>
</form>
Member Avatar for diafol

any chance you can indent yur php code. That is almost impossible to read.

Do you get any php/db/js error? You can switch it on by adding this to the php file you're using -> error_reporting(E_ALL); ini_set('display_errors', '0');

I have now cleaned up the code and hop it's readable, if that is what you meant!

<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
require('dbconnection.php');
if (!empty($_POST['email']))
{
$e = mysqli_real_escape_string($dbcon, $_POST['email']);
} else {
$e = FALSE;
echo '<p class="error">You forgot to enter your email address.</p>';
}
if (!empty($_POST['psword'])) {
$p = mysqli_real_escape_string($dbcon, $_POST['psword']);
} else {
$p = FALSE;
echo '<p class="error">You forgot to enter your password.</p>';
}
if ($e && $p)
{
$q = "SELECT user_id, fname, user_level FROM members WHERE (email='$e' AND psword=SHA1('$p'))";
$result = mysqli_query ($dbcon, $q);
if (@mysqli_num_rows($result) == 1)
{
session_start();
$_SESSION = mysqli_fetch_array ($result, MYSQLI_ASSOC);
$_SESSION['user_level'] = (int) $_SESSION['user_level'];
$url = ($_SESSION['user_level'] === 1) ? 'home.php' : 'member.php';
header('Location: ' . $url);
exit();
mysqli_free_result($result);
mysqli_close($dbcon);
} else {
echo '<p class="error">The e-mail address and password entered do not match our records ?
<br>Perhaps you need to register, just click the Register button on the header menu</p>';
}
}else{
echo '<p class="error">Please try again.</p>';
}
mysqli_close($dbcon);
}
?>

What is the real error you are having? and If not a real error echo your sessions out and see whether they are working.

I added the string you gave and no error shows up.
The main problems is these:

(The e-mail address and password entered do not match our records
Perhaps you need to register, just click the Register button on the header menu)

{
session_start();
$_SESSION = mysqli_fetch_array ($result, MYSQLI_ASSOC);
$_SESSION['user_level'] = (int) $_SESSION['user_level'];
$url = ($_SESSION['user_level'] === 1) ? 'home.php' : 'member.php';
header('Location: ' . $url);
exit();
mysqli_free_result($result);
mysqli_close($dbcon);
} else {
echo '<p class="error">The e-mail address and password entered do not match our records ?
<br>Perhaps you need to register, just click the Register button on the header menu</p>';
}
}else{
echo '<p class="error">Please try again.</p>';
}

This error show up even if I use the correct login data!

This error show up even if I use the correct login data!

Well, to be fair, that really isn't an error message.
It's a message that you're echoing when @mysqli_num_rows($result) does not return a value of 1.

So you know that it is at least making it up to that point. The next thing I would do is output the data in the query that is being sent to the DB, and also the data that the query is returning. Looking at the session at this point won't do anything for you, because we know it isn't even making it to setting the session.

Edit: Also make sure you're not just copying and pasting the code from that book and expecting it to work, without understanding what each piece of the code is doing. It would completely defeat the purpose for the book altogether.

Member Avatar for diafol

I have now cleaned up the code and hop it's readable, if that is what you meant!

Well look at what you posted. Is it indented? No. You just took out the comments. This is indented:

<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
    require('dbconnection.php');
    if (!empty($_POST['email']))
    {
        $e = mysqli_real_escape_string($dbcon, $_POST['email']);
    } else {
        $e = FALSE;
        echo '<p class="error">You forgot to enter your email address.</p>';
    }
    if (!empty($_POST['psword'])) {
        $p = mysqli_real_escape_string($dbcon, $_POST['psword']);
    } else {
        $p = FALSE;
        echo '<p class="error">You forgot to enter your password.</p>';
    }

$q = "SELECT user_id, fname, user_level FROM members WHERE (email='$e' AND psword=SHA1('$p'))";

Why don't you hash psword separately and try again.

so
$psword = SHA1($p);

before

$q = "SELECT user_id, fname, user_level FROM members WHERE (email='$e' AND psword=$psword";

Hej guys!
Thank you very much that you took your time and looked through my code.
I managed to detect the error and corrected it and now I can login to.
It was just one letter too many. ;)

Thank you anyway for your effort guys!

Hey, please i got thesane problem,
Can u tell me where the problem is ?

Thanks in advance

Member Avatar for diafol

You post your code and state your problem clearly. I doubt very much that your markup and code is identical to luk.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.