Simple login returning blank page

Question

I\'m learning PHP and I have made a simple login script but the problem is that it only redirects me to a blank page. It\'s meant to redirect to index.php if user credentials ar

Answer 1

What happens when you change if(isset($_POST['login'])) to if(isset($_POST['submit']))?

Answer 2

$row = mysql_fetch_array should be $row = mysqli_fetch_array

and as the others have already mentioned, use

if(isset($_POST['user']) && isset($_POST['password'])) {


// your code here


}

and btw: using a session where you only say "loggedin = true", or "login = yes", etc. is anything but secure

EDIT (security discussion):

passwords should always be saved encrypted (registration):

function login($email, $password)   {
    $email = mysql_real_escape_string($email);
    $q = "SELECT id, email, password, salt FROM members WHERE email='" . $email . "'";
    $result = mysql_query($q, $this->connection);
        $output = mysql_fetch_assoc($result);
        $user_id = $output['id'];
        $database_username = $output['username'];
        $database_email = $output['email'];
        $database_password = $output['password'];


        $password = hash('sha512', $password);

            if($database_password == $password) {
                $user_browser = $_SERVER['HTTP_USER_AGENT']; 
                $user_id = preg_replace("/[^0-9]+/", "", $user_id);
                $_SESSION['user_id'] = $user_id;
                $_SESSION['username'] = $email;
                $login_hash = hash('sha512', $password.$user_browser);
                $_SESSION['login_hash'] = $login_hash;
        }   else    {
            return false;
        }
} // function

function login_check()  {
    $user_id = $_SESSION["user_id"];
    $login_hash = $_SESSION["login_hash"];
    $email = $_SESSION["username"];
    $user_browser = $_SERVER['HTTP_USER_AGENT'];

    $q = "SELECT password FROM members WHERE id ='" . $user_id . "'";
    $result = mysql_query($q, $this->connection);
    $output = mysql_fetch_assoc($result);
    $database_password = $output['password'];

    if(mysql_num_rows($result) == 1)    {

        $login_check = hash('sha512', $database_password.$user_browser);
        if($login_check == $login_hash) {
                return true;
            } else { 
                return false; 
        }
    } else  {
        return false; 
    }
}

In addition you could create a random salt (registration) for each user, to set your security level even a bit higher (Note: hash(hash(hash(...))) lowers your security level since you lose information during a hash process)

NOTE: This is just a (working) example login/-check script with a high security level. Still this script can be improved (bruteforce,mysqli/prepared statements,hashing passwords directly in forms,secure session, ...)

Answer 3

The problem is if(isset($_POST['login']))

You never set a "login" entry in your form.

You can do:

if(isset($_POSt["user"]) && isset($_POST["password"])) {
$user=$_POST['user']; 
$password=$_POST['password'];
//To ensure that none of the fields are blank when submitting the form if
if($user && $password) {

Answer 4

First of all the name of your submit button is "submit". And you are checking if the "login" is post or not.

if(isset($_POST['login']))
{

it should have been:

if(isset($_POST['submit']))
{

You have written :

if($user || $password != NULL)
{

it should have been:

if($user != NULL || $password != NULL)
{

You have used mysqli and mysql command which is not a good practice

$result=mysqli_query($sql);

    $row=mysql_fetch_array($result);

Instead of

if($row['user'] == $user && $row['password'] == $password)
    {
//this code again check for condition which is already checked in the sql statement

it is better practice to write :

if($row->num_rows==1)
    {

in index.php you have written

if(!isset($_SESSION["loggedIn"])){

it should have been

if(!isset($_SESSION["loggedin"])){

since you have stored the lowercase index while storing into session.