Search code examples
phpaccount

What's wrong whit this php login page?

I am very new to web development, working on a school project right now. I have a problem with my login code, but I can't figure out what it is. When I submit the form, the page seems to just reload and no session is being set.

My shortened login page:

<?php include "connect.php";

if (isset($POST['login'])) {
    $user_email_username = mysqli_real_escape_string($link, $_POST['email_username']);
    $user_password = mysqli_real_escape_string($link, $_POST['password']);

    $email_username_query = mysqli_query($link, "SELECT * FROM User WHERE email='$user_email_username' OR username='$user_email_username'");

    if (mysqli_num_rows($email_username_query) == 0) {
        $not_registered_error = "It looks like you still don't have an account. <a href=\"signup.php\">Sign up</a>.";
    } else {
        $row = mysqli_fetch_array($email_username_query);
        if (sha1($user_password) != $row['password']) {
            $wrong_password_error = "The password you submitted is wrong.";
        } else {
            $_SESSION['user_id'] = $row['idUser'];
            $_SESSION['user_name'] = $row['name'];
            $_SESSION['user_username'] = $row['username'];
            header("Location: index.php");
        }
    }
}
?>
<!--metadata-->
<div class="container">
    <div class="row">
        <div class="col-md-6 col-md-offset-3">
            <div id="login" class="login-panel panel panel-default">
                <div class="panel-body">
                    <form role="form" method="post" action="login.php">
                        <fieldset>
                            <!--login form-->
                        </fieldset>
                        <?php if (isset($not_registered_error)) {
                            echo "<div class=\"alert alert-danger\" role=\"alert\">" . $not_registered_error . "</div>";
                        }
                        if (isset($wrong_password_error)) {
                            echo "<div class=\"alert alert-danger\" role=\"alert\">" . $wrong_password_error . "</div>";
                        } ?>
                        <p>Haven't joined yet? <a href="signup.php">Sign up</a>.</p>
                    </form>
                </div>
            </div>
        </div>
    </div>
</div>
//...

Unlike most examples I found on the web, what I am trying to accomplish here is to have the program to figure out whether the username (or email) doesn't exists or the password for that username is wrong. The sign up program I wrote works just great. The question itself is already long enough so I didn't add signup.php. Let me know if it can be helpful. Using mysql for a local database and Bootstrap for the styling.

I know that this question won't be helpful for many as it is being asked, but I did't know how to formulate it better.

Thank you all :D

Solution 
  • if (isset($POST['login'])) {

    Needs to be:

    if (isset($_POST['login'])) {