Simple login returning blank page

Question

I\'m learning PHP and I have made a simple login script but the problem is that it only redirects me to a blank page. It\'s meant to redirect to index.php if user credentials ar

Answer 1

$row = mysql_fetch_array should be $row = mysqli_fetch_array

and as the others have already mentioned, use

if(isset($_POST['user']) && isset($_POST['password'])) {


// your code here


}

and btw: using a session where you only say "loggedin = true", or "login = yes", etc. is anything but secure

EDIT (security discussion):

passwords should always be saved encrypted (registration):

function login($email, $password)   {
    $email = mysql_real_escape_string($email);
    $q = "SELECT id, email, password, salt FROM members WHERE email='" . $email . "'";
    $result = mysql_query($q, $this->connection);
        $output = mysql_fetch_assoc($result);
        $user_id = $output['id'];
        $database_username = $output['username'];
        $database_email = $output['email'];
        $database_password = $output['password'];


        $password = hash('sha512', $password);

            if($database_password == $password) {
                $user_browser = $_SERVER['HTTP_USER_AGENT']; 
                $user_id = preg_replace("/[^0-9]+/", "", $user_id);
                $_SESSION['user_id'] = $user_id;
                $_SESSION['username'] = $email;
                $login_hash = hash('sha512', $password.$user_browser);
                $_SESSION['login_hash'] = $login_hash;
        }   else    {
            return false;
        }
} // function

function login_check()  {
    $user_id = $_SESSION["user_id"];
    $login_hash = $_SESSION["login_hash"];
    $email = $_SESSION["username"];
    $user_browser = $_SERVER['HTTP_USER_AGENT'];

    $q = "SELECT password FROM members WHERE id ='" . $user_id . "'";
    $result = mysql_query($q, $this->connection);
    $output = mysql_fetch_assoc($result);
    $database_password = $output['password'];

    if(mysql_num_rows($result) == 1)    {

        $login_check = hash('sha512', $database_password.$user_browser);
        if($login_check == $login_hash) {
                return true;
            } else { 
                return false; 
        }
    } else  {
        return false; 
    }
}

In addition you could create a random salt (registration) for each user, to set your security level even a bit higher (Note: hash(hash(hash(...))) lowers your security level since you lose information during a hash process)

NOTE: This is just a (working) example login/-check script with a high security level. Still this script can be improved (bruteforce,mysqli/prepared statements,hashing passwords directly in forms,secure session, ...)