Login form PHP is only returning blank fields

Question

I have a issue with my login form. I'm trying to login with PHP and MySQLi but for some reason every time I press the login button. The fields within the form reset to blank fields. This is my code index.php

<html>

<head>

<title>User Login</title>

</head>

<body>

<form action="" method="post">

<table width="500" align="center" bgcolor="skyblue">

<tr align="center">

<td colspan="3"><h2>User Login</h2></td>

</tr>

<tr>

<td align="right"><b>Email</b></td>

<td><input type="text" name="email" required="required"/></td>

</tr>

<tr>

<td align="right"><b>Password:</b></td>

<td><input type="password" name="pass" required="required"></td>

</tr>

<tr align="center">

<td colspan="3">

<input type="submit" name="login" value="Login">

</td>

</tr>

</table>

</form>

</body>

</html>

<?php

session_start();
$con = mysqli_connect("localhost","root","usbw","login");

if (mysqli_connect_errno())

{

    echo "MySQLi Connection was not established:"  . mysqli_connect_error();

}

// checking the user

if(isset($_POST['login'])){

  $email = mysqli_real_escape_string($con,$_POST['email']);
  $pass = mysqli_real_escape_string($con,$_POST['pass']);
  $sel_user = "SELECT * FROM users WHERE user_email='".$email."' AND user_pass='".$pass."'";
    echo $sel_user;
    $run_user = mysqli_query($con, $sel_user);
    $check_user = mysqli_num_rows($run_user);
    echo $check_user;
    if($check_user == 1){
    $_SESSION['user_email']=$email;
    header('Location: loggedin.html');  }
    else {  header('Location: index.html'); }
}
?>

I hope someone can help me to fix this issue because I really need to build a login form for my website

In your input fields you don't use submitted content. Do sth like ``. Incorrect syntax and not secure but basically it shows what to do - defining the value using PHP — Alexander, Feb 19 '16 at 13:44
It looks like you have an extra closing curly brace at the end of the PHP. "The fields within the form reset to blank fields" What exactly are you expecting to happen? — Patrick Q, Feb 19 '16 at 13:46
@PatrickQ I want the code to go to the loggedin.html file. As you can see at the if($check_user ==1) statement. Am I doing something wrong? I'm a beginner with PHP — Sander Bakker, Feb 19 '16 at 13:49
@AMartinNo1 What do you mean by where do I need to put that? — Sander Bakker, Feb 19 '16 at 13:50
1. Check in php if post[email] is defined. 2. Set $email = escaped(post[email]). 3. In your form in the input field add an attribute value: `value=""` — Alexander, Feb 19 '16 at 13:53
You need tp var dump your post variable as I think that's where your problems lie — Adam Hull, Feb 19 '16 at 14:48
Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). — Jay Blanchard, Feb 22 '16 at 18:23

score 1 · Accepted Answer · edited May 23 '17 at 12:15

There's a few things I'd like to point out about your code, but the primary issue you've been having all along is that you are sending headers before you are calling the session_start(); and header("Location: ..); functions. This causes "Headers already sent" warnings, and will not break your script, but it won't function properly. You should read How to fix "Headers already sent" error in PHP.

The code below has been altered some as well, I've made a few changes to it that you really should include

Using prepared statements, to protect your database against SQL injection (see How can I prevent SQL injection in PHP?) (never, never, never, never ever trust user-input!)
Using exit after calling a header("Location .."); function (see php - Should I call exit() after calling Location: header?)

The altered code is given below, and should be placed above ANY kind of HTML.

<?php
session_start();
$con = mysqli_connect("localhost","root","usbw","login");

if (mysqli_connect_errno()) {
    echo "MySQLi Connection was not established:"  . mysqli_connect_error();
}

if (isset($_POST['login'])) {
    $email = mysqli_real_escape_string($con, $_POST['email']);
    $pass = mysqli_real_escape_string($con, $_POST['pass']);

    $sql = "SELECT user_email FROM users WHERE user_email=? AND user_pass=?";
    if ($stmt = $mysqli_prepare($sql)) {
        mysqli_stmt_bind_param($stmt, "ss", $email, $pass);
        mysqli_stmt_store_result($stmt);

        // Checking if the user was valid
        if (mysqli_stmt_num_rows($stmt) > 0){
            $_SESSION['user_email'] = $email;
            header('Location: loggedin.html');
            exit;
        } else {
            header('Location: index.html');
            exit;
        }
    }
}
?>
<!-- HTML form goes here, nothing(!) before this PHP -->

What you really should do is to hash your passwords - from the looks of it, your passwords are stored in clean text in the database, this is a BIG no-no!

You should use password_hash() and password_verify() for that. It's really important to protect your user should your database be breached.

To troubleshoot further, you should enable error-reporting:

When you have enabled this, PHP will tell you what's wrong if you just check your logs.

0){ $_SESSION['user_email'] = $email; header('Location: loggedin.html'); exit; } else { header('Location: index.html'); exit; } } } ?> This line appears above the form. It looks like the file doesn't work from the " > 0 " like it cuts the code in half and stops there.. — Sander Bakker, Feb 19 '16 at 17:06
I'm on mobile atm, but enable error reporting as I said above. And that's weird, it shouldn't cut the code. — Qirel, Feb 19 '16 at 21:48
I don"t know how to enable error reporting, tried it with the links you've sent — Sander Bakker, Feb 19 '16 at 22:21
To enable general PHP err-reporting, at the top of your file, directly after ``). @SanderBakker — Qirel, Feb 20 '16 at 11:47

score 0 · Answer 2 · answered Feb 19 '16 at 14:05

0

dude try this

<html>

<head>

<title>User Login</title>

</head>

<body>

<form action="" method="post">

<table width="500" align="center" bgcolor="skyblue">

<tr align="center">

<td colspan="3"><h2>User Login</h2></td>

</tr>

<tr>

<td align="right"><b>Email</b></td>

<td><input type="text" name="email" required="required"/></td>

</tr>

<tr>

<td align="right"><b>Password:</b></td>

<td><input type="password" name="pass" required="required"></td>

</tr>

<tr align="center">

<td colspan="3">

<input type="submit" name="login" value="Login">

</td>

</tr>

</table>

</form>

</body>

</html>

<?php

session_start();
$con = mysqli_connect("localhost","root","usbw","users");

if (mysqli_connect_errno())

{

    echo "MySQLi Connection was not established:"  . mysqli_connect_error();

}

// checking the user

if(isset($_POST['login'])){

    $email = mysqli_real_escape_string($con,$_POST['email']);

    $pass = mysqli_real_escape_string($con,$_POST['pass']);

    $sel_user = "SELECT * FROM users WHERE user_email='".$email."' AND user_pass='".$pass."'";

    $run_user = mysqli_query($con, $sel_user);

    $check_user = mysqli_num_rows($run_user);

    if($check_user == 1){

        $_SESSION['user_email']=$email;

        header('Location: loggedin.html');

    }

    else {
        header('Location: index.html');

    }

}

?>

answered Feb 19 '16 at 14:05

Sudhakar Annadurai

156
1
11

Thanks, I did what you said, after that it still didn't work but now I changed == 1 to > 0. Then the form returns this '0){ $_SESSION['user_email']=$email; header('Location: loggedin.html'); } else { header('Location: index.html'); } } ?>' Why does it returns this and to what I want it to return? – Sander Bakker Feb 19 '16 at 14:08
copy and paste what tell me more what you got the error – Sudhakar Annadurai Feb 19 '16 at 14:11
In my localhost it is working properly, is it redirecting to any one of the page? – Sudhakar Annadurai Feb 19 '16 at 14:11
That is the error. Under the form that line appears. It is not redirecting to a page. It does nothing. – Sander Bakker Feb 19 '16 at 14:14
posted a new code in the first post, please take a look at it. – Sander Bakker Feb 19 '16 at 14:19
check line by line add `echo` statement and comment the redirects and tell me what you get in `$check_user;` – Sudhakar Annadurai Feb 19 '16 at 14:20
There are no redirects. The page does return the form with this line under it 0){ $_SESSION['user_email']=$email; header('Location: loggedin.html'); } else { header('Location: index.html'); } } ?> – Sander Bakker Feb 19 '16 at 14:22
You cannot redirect if you send a header (data) already, redirection has to be sent before any header is sent. Try placing php code earlier in top than that of html code. – shashikant_ Feb 19 '16 at 14:24
This code generate "*Headers already sent*" warnings, because both `session_start();` and `header("Location ...");` are called *after* output is sent to the browser. – Qirel Feb 19 '16 at 14:27
if(isset($_POST['login'])){ $email = mysqli_real_escape_string($con,$_POST['email']); $pass = mysqli_real_escape_string($con,$_POST['pass']); $sel_user = "SELECT * FROM users WHERE user_email='".$email."' AND user_pass='".$pass."'"; echo $sel_user; $run_user = mysqli_query($con, $sel_user); $check_user = mysqli_num_rows($run_user); echo $check_user; // if($check_user == 1){ // $_SESSION['user_email']=$email; // header('Location: loggedin.html'); // } // else { // header('Location: index.html'); // } } – Sudhakar Annadurai Feb 19 '16 at 14:27
paste this code and tell me what you get in the same page – Sudhakar Annadurai Feb 19 '16 at 14:28
Still nothing, look at the first post, changed the code for you – Sander Bakker Feb 19 '16 at 14:35
1

@SanderBakker If this answer has not resolved your problem, you should not mark it as accepted. – Patrick Q Feb 19 '16 at 15:07

Login form PHP is only returning blank fields

2 Answers2