I'm not who you would call a "seasoned" PHP programmer (still a student), so go easy on me please.
I'm working on a login system for a group project. We've exhausted all of the other options for a login system using PHP and MySQL, so I pulled code directly from the book we're working from. This worked for about 3 tries of logging in and logging out, it's login.php & login_functions.php processes the login information from the form, and is supposed to redirect to loggedin.php, but now it just hangs on a blank login.php page. db.php is my database connection, and it works fine everywhere else, so I know that's not what's breaking it.
I'm stumped, because it was redirecting successfully the first few times and then just stopped without me touching any code. I'm at a loss.
loginform.php
<?php
// output errors
if (isset($errors) && !empty($errors)) {
echo '<h1>Error!</h1>
<p >The following error(s) occurred:<br>';
foreach ($errors as $msg) {
echo " - $msg<br>\n";
}
echo '</p><p>Please try again.</p>';
}
?>
<form action="login.php" method="post" id="loginform">
<h2> Login </h2>
<p><input type="email" name="email" maxlength="60" placeholder="Enter your Email Address" required> </p>
<p><input type="password" name="pass" maxlength="20" placeholder="Enter Your Password" required></p>
<p id="button"><input type="submit" name="submit" value="Login"></p>
<p id="register">Need an account? <strong><span >Register</span></strong></p>
</form>
login_functions.php
<?php
function redirect_user($page = 'index.php') {
// Start defining the URL...
// URL is http:// plus the host name plus the current directory:
$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
// Remove any trailing slashes:
$url = rtrim($url, '/\\');
// Add the page:
$url .= '/' . $page;
// Redirect the user:
header("Location: $url");
exit(); // Quit the script.
} // End of redirect_user() function.
function check_login($dbc, $email = '', $pass = '') {
$errors = []; // Initialize error array.
// Validate the email address:
if (empty($email)) {
$errors[] = 'You forgot to enter your email address.';
} else {
$e = mysqli_real_escape_string($dbc, trim($email));
}
// Validate the password:
if (empty($pass)) {
$errors[] = 'You forgot to enter your password.';
} else {
$p = mysqli_real_escape_string($dbc, trim($pass));
}
if (empty($errors)) { // If everything's OK.
// Retrieve the user_id and first_name for that email/password combination:
$q = "SELECT user_id, user_name FROM USERS WHERE user_email='$e' AND user_password = '$p'";
$r = @mysqli_query($dbc, $q); // Run the query.
// Check the result:
if (mysqli_num_rows($r) == 1) {
// Fetch the record:
$row = mysqli_fetch_array($r, MYSQLI_ASSOC);
// Return true and the record:
return [true, $row];
} else { // Not a match!
$errors[] = 'The email address and password entered do not match those on file.';
}
} // End of empty($errors) IF.
// Return false and the errors:
return [false, $errors];
} // End of check_login() function.
login.php
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// Need two helper files:
require('login_functions.php');
require('db.php');
// Check the login:
list ($check, $data) = check_login($dbc, $_POST['email'], $_POST['pass']);
if ($check) { // OK!
// Set the session data:
session_start();
session_set_cookie_params(0);
$_SESSION['user_id'] = $data['user_id'];
$_SESSION['user_name'] = $data['user_name'];
// Redirect:
//redirect_user('loggedin.php');
header('Location: loggedin.php');
exit();
} else { // Unsuccessful!
// Assign $data to $errors for login_page.inc.php:
$errors = $data;
}
mysqli_close($dbc); // Close the database connection.
} // End of the main submit conditional.
?>
Thanks so much in advance to those willing to help me out, I really appreciate it!
CodePudding user response:
Try enabling PHP errors in each of your files, for starters. stackify.com/display-php-errors/amp