Hello, I am having issues with the login system that i am currently working on, it is showing login failed on the page when the login details for the user are correct.
Login.php
<?php
require('./includes/connect.php');
error_reporting(E_ALL | E_NOTICE);
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$username = $_POST['username'];
$username = htmlentities($username);
$password = $_POST['password'];
$password = password_hash($password, PASSWORD_BCRYPT);
$query = "SELECT username, password FROM apna_users WHERE username='$username' AND password='$password'";
$result = mysqli_query($mysqli, $query);
$row = $result->fetch_array();
if (password_verify($password, $row['password']) && $result->num_rows() > 0) {
?>
<html>
<h2>Login Successful</h2>
</html>
<?php
} else {
?>
<html>
<h2>Login Failed</h2>
</html>
<?php
}
}
?>
<html>
<title>Apna Bhaiii - Login</title>
<body>
<center>
<div id="login">
<h1>Login to your account</h1><br>
<form action="" method="POST">
<h3>Username:</h3>
<input type="text" name="username" placeholder="Enter your username" /> <br>
<h3>Password:</h3>
<input type="password" name="password" placeholder="Enter your password" /> <br><br>
<input type="submit" name="loginbtn" value="Log In" /> <br>
</form>
<h3>Don't have an account? <a href="register.php">Create one today</a></h3>
</div>
</center>
</body>
</html>
Register.php (The register script works perfectly)
<?php
require('./includes/connect.php');
if($_SERVER['REQUEST_METHOD'] == "POST") {
$email = $_POST['email'];
$email= filter_var($email, FILTER_VALIDATE_EMAIL);
$username = $_POST['username'];
$username = htmlentities($username);
$password = $_POST['password'];
$cpassword = $_POST['cpassword'];
if (!filter_var($email) || empty($username)) {
echo "<b>Email address is invalid.</b>";
}
if (empty($username)) {
echo PHP_EOL . "<b>Username is empty</b>";
}
if (empty($password)) {
echo PHP_EOL . "<b>Password is empty or invalid</b>";
}
if($cpassword != $password) {
die("The passwords do not match!");
}
$enc_password = password_hash($password, PASSWORD_BCRYPT);
if (mysqli_query($mysqli, "INSERT INTO apna_users (email, username, password) VALUES ('$email', '$username', '$enc_password')")) {
echo "Your account has been successfully created.";
echo '<meta http-equiv="refresh" content="1;login.php">';
exit();
} else {
echo "An error has occured whilst creating your account, please try again later." . PHP_EOL . "If the problem persists please contact support.";
}
}
?>
<html>
<title>Apna Bhaiii - Register</title>
<style>
input {padding: 10px; border-radius: 20px; }
#registerbtn1 input {width: 400px;}
</style>
<body>
<center>
<div id="register">
<h1>Create your account</h1><br>
<form action="" method="POST">
<h3>E-mail Address:</h3>
<input type="text" name="email" placeholder="Enter your E-Mail Address" required /> <br>
<h3>Username:</h3>
<input type="text" name="username" placeholder="Enter your username" required /> <br>
<h3>Password:</h3>
<input type="password" name="password" placeholder="Enter your password" required /> <br>
<h3>Confirm Password:</h3>
<input type="password" name="cpassword" placeholder="Confirm your password" required /> <br><br>
<input type="submit" name="registerbtn" id="registerbtn1" value="Create" /> <br>
</form>
</div>
</center>
</body>
</html>
Does anyone know why it is doing this?,
Thanks