php

Login message doesn't want to show


I have made an login system.

The last block doesn't work and I have tried to figured it out why it doesn't work. And I can't figured it out why it doesn't work.

It should've work, because if I logged in, it's says "You are logged in as". But else I should get a message like "Username or password are wrong".

I don't have session_start() at the beginning of the php file.

If my username or password are wrong it should've show a message below the form like "Username or password are wrong."

Everthing works except the message. You can see always the message "Username or password are wrong" at the last block if you're not logged in.

Het problem is the last snippet. Would somebody explain to me why it doesn't work?

    class login
{
        public function __construct($db){
        $this->db = $db;
    }
    public function show($conn)
    {
        $form = "";
       if (isset($_POST['logout'])) {
            $_SESSION = array();
            // header('Location:http://localhost:8080/php/OOP/OOP-3/index.php?controller=content&action=getContent');
        }
        if (isset($_POST['login']) && isset($_POST['username']) && isset($_POST['password'])){
            $user = $_POST['username'];
            $pass = $_POST['password'];

            $sql = $this->db->select2assoc("SELECT * FROM users");

            foreach ($sql as $row) 
            {
              if ($row['username'] == $user && $row['password'] == $pass)
              {
                $_SESSION['login'] = true;
                $_SESSION['username'] = $row['username'];
                break;
              }
            }
          }

        if (isset($_SESSION['login']) && $_SESSION['login'] == true && isset($_SESSION['username'])) 
        {
            $form .= '<form action= "#" method="post"><br>';
            $form .= '<input type="submit" name="logout" value="logout">';
            $form .= '</form>';
            $form .=  '<p>You are logged in as '.$_SESSION['username'].'</p>';
      }
      else {
           $form .= '<form action="#" method="post">';
           $form .= 'username <input type="text" name="username" size="17"><br>';
           $form .= 'password <input type="password" name="password" size="17"><br>';
           $form .= '<input type="submit" name="login" value="login">';
           $form .= '</form>';
           $form .='Username or password are wrong';
      }



     // if(isset($_POST['login']))
     //  {
     //  $form .="Username or password are wrong";
     //  }

    // public function update(){
    //     return 'update-form for the gallery';
    // }
    // public function delete(){
    //     return 'delete-form for the gallery';
    // }
    return $form;
      }
  }

Solution

  • The reason you always see "Username or password are wrong." is that you append this to the "else" part of your code.

     $form .='Username or password are wrong';
    

    You have 3 cases for this snippet of code:

    • The user has not tried to login. Show the log in form.
    • The user has successfully logged in. Do not show the log in form; show the "log out" button.
    • The user has tried to log in but failed. Show the log in form, with a message saying the credentials were wrong.

    It would be something like:

    if (isset($_SESSION['login']) && $_SESSION['login'] == true && isset($_SESSION['username'])) 
        {
            $form .= '<form action= "#" method="post"><br>';
            $form .= '<input type="submit" name="logout" value="logout">';
            $form .= '</form>';
            $form .=  '<p>You are logged in as '.$_SESSION['username'].'</p>';
      }
      else {
           $form .= '<form action="#" method="post">';
           $form .= 'username <input type="text" name="username" size="17"><br>';
           $form .= 'password <input type="password" name="password" size="17"><br>';
           $form .= '<input type="submit" name="login" value="login">';
           $form .= '</form>';
           if (isset($_SESSION['username']) && $_SESSION['username'] != $_POST['username']){
               $form .='Username or password are wrong';
           }
      }