Fecthing an auto increment value on account page (login-system)

Question

So I'm creating a login section. However, I'm not sure if it actually logs the user in. I have a table with UserID (A_I), email, password and all the usual stuff. So when I log in, I'm trying to fetch and echo the UserID on the account page, just to show that the user is logged in, but still haven't got any success with it.

Login form:

<form method="post" action="">
            <div class="FormElement">
                    <input  name="email" type="text" required="required" class="TField"  placeholder="Email">
            </div>
            <div class="FormElement">
                    <input  type="Password" required="required" class="TField"  placeholder="Password">
            </div>
            <div class="FormElement">
                    <input name="LogIn"  type="submit" class="button" value="LogIn">
            </div>
        </form>

Login php script:

    <?php require 'Connections/Connections.php'; ?>
<?php

    if (isset($_POST['LogIn'])){

            $EM = $_POST['email'];
            $PW = $_POST['password'];
            $result = $con->query("select * from user where Email='$EM' AND Password='$PW'");

            $row = $result->fetch_array(MYSQLI_BOTH);
            session_start();
            $_SESSION["UserID"] = $row['UserID'];
            header('Location: Account.php');
    }
 ?>

As you can see in the script, we're heading to Account.php, where I am basically trying to:

<?php echo $_SESSION["UserID"]; ?>

However, no UserID is being echo'ed. No errors, notices or warnings.

The Connections.php ($con) is just a normal connection to the MYSQLI table, and it connects just fine.

Pretty new around here and any help is appreciated!

Thanks in advance.

Add name="password" at you password field and an action to your form. — Kostas Mitsarakis, Nov 02 '15 at 17:47
Did you do ANY debugging, like `var_dump($_POST)` or `var_dump($row)`? Make sure you have error reporting enabled, since you should be getting a warning about "Undefined index password". — Barmar, Nov 02 '15 at 17:52

score 0 · Answer 1 · answered Nov 02 '15 at 17:48

You are missing name field in your password input, it should be:

<input name="password" type="Password" required="required" class="TField"  placeholder="Password" />

Also don't forget to close all your input tags so they end with />

As the side, do not just pass strings from $_POST array straight to the query, you can be comprisimed by SQL injection. Use something like: quote() http://php.net/manual/en/pdo.quote.php

score 0 · Answer 2 · answered Nov 02 '15 at 17:49

Add name attribute to password input.

    <form method="post" action="">
        <div class="FormElement">
                <input  name="email" type="text" required="required" class="TField"  placeholder="Email">
        </div>
        <div class="FormElement">
                <input  type="Password" required="required" name="password" class="TField"  placeholder="Password">
        </div>
        <div class="FormElement">
                <input name="LogIn"  type="submit" class="button" value="LogIn">
        </div>
    </form>

As you have not provided name it always return undefined index. And it will not match with the password in DB.

rocky · Answer 3 · 2015-11-02T17:54:28.087

Oops you missed name="password" in input form also use single php tags for easy understanding

require_once ('Connections/Connections.php');

if (isset($_POST['LogIn'])) {

    $EM = $_POST['email'];
    $PW = $_POST['password'];
    $result = $con->query("select * from user where Email='$EM' AND Password='$PW'");

    $row = $result->fetch_array(MYSQLI_BOTH);
    if (!empty($row)) {
        session_start();
        $_SESSION["UserID"] = $row['UserID'];
    }
    header('Location: Account.php');
}

score 0 · Accepted Answer · edited May 23 '17 at 12:03

You have to add the atribute name for your password field. Also it's good to use prepared statements and PDO. Finally, when you redirect your page add the exit method Why I have to call 'exit' after redirection through header('Location..') in PHP?.

<form method="post" action="youraction.php">
    <div class="FormElement">
        <input  name="email" type="text" required="required" class="TField"  placeholder="Email">
    </div>
    <div class="FormElement">
        <input name="password" type="Password" required="required" class="TField"  placeholder="Password">
    </div>
    <div class="FormElement">
        <input name="LogIn"  type="submit" class="button" value="LogIn">
    </div>
</form>

<?php

if (isset($_POST['LogIn'])) {
    session_start();

    try {
        //Make your connection handler to your database
        $conn = new PDO("mysql:host=".$servername.";dbname=".$database, $username, $password, array(PDO::ATTR_ERRMODE => PDO::ERRMODE_WARNING));

        $sql = "SELECT * FROM user WHERE Email = :email AND Password = :password";
        $stmt = $conn->prepare($sql);
        //Execute the query
        $stmt->execute(array(':email'=>$email, ':password'=>$password));
        $row = $stmt->fetch();
        if (count($row) > 0) {
            $_SESSION["UserID"] = $row['UserID'];
            header('Location: Account.php');
            exit();
        }

    } catch(PDOException $e) {
        echo $e->getMessage();
        die();
    }

}
?>

Whoops, didn't notice it at all. Works like a charm now, thanks a lot! — Soren Jakobsen, Nov 02 '15 at 18:14

Fecthing an auto increment value on account page (login-system)

4 Answers4