ok, now i am getting the error:
"Sorry, you must enter a valid username and password to log in1"
so i think i am getting close... here is all of the new code....
//***************START login.php
<?php
require_once('connectvars.php');
// Start the session
session_start();
// Clear the error message
// $error_msg = "";
// If the user isn't logged in, try to log them in
if (!isset($_SESSION['user_id'])) {
if (isset($_POST['submit'])) {
// Connect to the database
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
if (!$dbc) {
die('Could not connect: ' . mysqli_error());
}
echo 'Connected successfully';
// Grab the user-entered log-in data
$user_email = mysqli_real_escape_string($dbc, trim($_POST['email']));
$user_pass = mysqli_real_escape_string($dbc, trim($_POST['password']));
if (!empty($user_email) && !empty($user_pass)) {
// Look up the username and password in the database
$query = "SELECT tb_user_id, tb_user_email FROM tb_users WHERE tb_user_email = '$user_email' AND tb_user_password = SHA('$user_pass')";
$data = mysqli_query($dbc, $query);
if (mysqli_num_rows($data) > 0) {
// The log-in is OK so set the user ID and username session vars (and cookies), and redirect to the home page
$row = mysqli_fetch_array($data);
$_SESSION['user_id'] = $row['tb_user_id'];
$_SESSION['email'] = $row['tb_user_email'];
setcookie('user_id', $row['tb_user_id'], time() + (60 * 60 * 24 * 30)); // expires in 30 days
setcookie('email', $row['tb_user_email'], time() + (60 * 60 * 24 * 30)); // expires in 30 days
$home_url = 'http://' . $_SERVER['HTTP_HOST'] . '/scripts/' . 'index.php';
header('Location: ' . $home_url);
}
else {
// The username/password are incorrect so set an error message
$error_msg = 'Sorry, you must enter a valid username and password to log in1.';
}
}
else {
// The username/password weren't entered so set an error message
$error_msg = 'Sorry, you must enter your username and password to log in2.';
}
}
}
// Insert the page header
$page_title = 'Log In';
require_once('header.php');
// If the session var is empty, show any error message and the log-in form; otherwise confirm the log-in
if (empty($_SESSION['user_id'])) {
echo '<p class="error">' . $error_msg . '</p>';
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<fieldset>
<legend>Log In</legend>
<label for="email">Email Address:</label>
<input type="text" name="email" value="<?php if (!empty($user_email)) echo $user_email; ?>" /><br />
<label for="password">Password:</label>
<input type="password" name="password"/>
</fieldset>
<input type="submit" value="Log In" name="submit" />
</form>
<?php
}
else {
// Confirm the successful log-in
echo('<p class="login">You are logged in as ' . $_SESSION['email'] . '.</p>');
}
?>
<?php
// Insert the page footer
require_once('footer.php');
?>