I am currently in the process of creating a website with PHP and MySQL for the login/signup system. However, when trying to log in, I get redirected to a blank page (where MySQL would normally put an error) and cannot log in. The weird thing is -- this doesn't happen when signing up. I can sign up as normal, and I am redirected to the "dashboard" (the place I set to direct after a successful signup). I'm not completely sure what happened and how the login system broke, since I don't remember changing anything with it since it worked before.
This was marked as a duplicate of another question, however when removing die(mysqli_error()); from my code, the white screen goes away and I just get an error message telling me my credentials are incorrect (not a PHP/MySQL error message, the $error message I defined).
My code is below.
login.php
<?php
include("connection.php");
session_start();
if ($_GET["logout"]==1 AND $_SESSION['id']) {
session_destroy();
// $message="You have been logged out. Have a nice day!";
session_start();
}
if(isset($_SESSION['id'])){ // if id in session is set
header("Location: /developer/dashboard");
}
if ($_POST['submit']=="Sign Up") {
if (!$_POST['username']) $error.="<br />Please enter a username";
if (!$_POST['email']) $error.="<br />Please enter your email";
else if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) $error.="<br />Please enter a valid email";
if (!$_POST['password']) $error.="<br />Please enter your password";
else {
if (strlen($_POST['password'])<8) $error.="<br />Please enter at least 8 characters";
if(!preg_match('/[A-Z]/', $_POST['password'])) $error.= "<br />Please include at least 1 capital letter";
}
if ($error) $error = "Your account could not be created due to the following:".$error;
else {
$query= "SELECT * FROM `users` WHERE email ='".mysqli_real_escape_string($link, $_POST['email'])."'";
$result = mysqli_query($link, $query);
$results = mysqli_num_rows($result);
if ($results) $error = "That email is already registered. Did you mean to log in?";
else {
$query = "INSERT INTO `users` (`username`, `email`, `password`) VALUES ('".mysqli_real_escape_string($link, $_POST['username'])."', '".mysqli_real_escape_string($link, $_POST['email'])."', '".md5(md5($_POST['username']).$_POST['password'])."')";
mysqli_query($link, $query);
$success="Successfully signed up.";
$_SESSION['id']= mysqli_insert_id($link);
header("Location:../dashboard");
}
}
}
if ($_POST['submit'] == "Log In") {
$query = "SELECT * FROM users WHERE email='".mysqli_real_escape_string($link, $_POST['loginemail'])."'AND
password='" .md5(md5($_POST['loginemail']) .$_POST['loginpassword']). "'LIMIT 1";
$result = mysqli_query($link, $query);
$row = mysqli_fetch_array($result);
if($row){
$_SESSION['id']=$row['id'];
header("Location:../dashboard");
} else {
$error = "That email and password combination did not return any results. Please try again.";
die(mysqli_error());
}
}
loginpage.php (the login page HTML)
<body>
<div class="container">
<form class="form-signin" method="post">
<h3 class="form-signin-heading">Welcome back!</h3>
<label for="inputEmail" class="sr-only">Email address</label>
<input type="email" name="loginemail" id="inputEmail" placeholder="Email address" class="form-control" value="<?php echo addslashes($_POST['loginemail']); ?>" required autofocus />
<label for="inputPassword" class="sr-only">Password</label>
<input type="password" name="loginpassword" id="inputPassword" placeholder="Password" class="form-control" value="<?php echo addslashes($_POST['loginpassword']); ?>" required />
<button class="btn btn-lg btn-primary btn-block" type="submit" name="submit" value="Log In">Log In</button>
<br />
<div class="alternateAcc" style="font-weight:lighter;"><p>Don't have an account? <a href="../create">Register</a></p>
<a href="/developer/">« Back</a></div>
</form>
</div> <!-- /container -->
signuppage.php (the signup page HTML)
<body>
<div class="container">
<form class="form-signin" method="post">
<h3 class="form-signin-heading">Create an Account</h3>
<label for="inputUsername" class="sr-only">Username</label>
<input type="username" name="username" id="inputUsername" class="form-control" placeholder="Username" value="<? echo addslashes($_POST['username']); ?>" required autofocus />
<label for="inputEmail" class="sr-only">Email address</label>
<input type="email" name="email" id="inputEmail" class="form-control" placeholder="Email address" value="<? echo addslashes($_POST['email']); ?>" required />
<label for="inputPassword" class="sr-only">Password</label>
<input type="password" name="password" id="inputPassword" class="form-control" placeholder="Password" value="<? echo addslashes($_POST['password']); ?>" required />
<button class="btn btn-lg btn-primary btn-block" type="submit" name="submit" value="Sign Up">Continue</button>
<br />
<div class="alternateAcc" style="font-weight:lighter;"><p>Already have an account? <a href="../login">Log In</a></p>
<a href="/developer/">« Back</a></div>
</form>
</div> <!-- /container -->
Does anyone have any pointers on how to potentially fix this? Thank you very much!
Aucun commentaire:
Enregistrer un commentaire