0

Im trying a write a login page that would only log a user in if they have activated their account.If they havent activated yet they should be redirected to the activation page. I dont see why my script isnt working, it just displays the "username is required " error message. I think my if statement might be wrong? user.php is the user profile that should be accessed after successful login activation.php is the where they activate their account. 

    <body>
<?php

if ($_POST['submit']){
 $getuser=$_POST['uname'];
 $getpass=$_POST['pword'];

if($getuser){
    if($getpass){
            require("./mysql.php");
            $query=mysqli_query($conn,"SELECT * FROM userdet WHERE username='$getuser'&& password='$getpass'");
            $numrows = mysqli_num_rows($query);
            if($numrows==1){
                $row =mysqli_fetch_assoc($query);
                $dbactive=$row['status'];
                if ($dbactive==1){
                    $query=mysqli_query($conn,"SELECT * FROM userdet WHERE username='$getuser'&& password='$getpass' && status='1'");
                    $_SESSION['username']=$getuser;
                    header("Location:user.php");
                }
                else
                    //$errormsg = "Your account has not been activated";
                    header("Location:Activation.php")

            }
            else
                $errormsg="Username not found";
            mysqli_close($conn);
        }
        else
            $errormsg="Password is required";
    }           
    else
        $errormsg="Username is required";
}
else 

    $errormsg="";
echo "<form action='./login.php' method='post' >

<table>
<tr>
    <td> </td>
    <td> $errormsg</td>
</tr>
<tr>
    <td> Username:* </td>
    <td> <input type='text' id='uname' name='username'  value='$getuser' /></td>
</tr>
<tr> 
    <td> Password:* </td>
    <td><input type='password' name='pword' id='code'  value='$getpass' /></td>
<tr> 
    <td></td>
    <td><input type='submit' name='submit' value='Log in' /></td>
</tr>
</tr>
</table>
</form>";


?>
</body>
emka
  • 19
  • 2
  • it seems that the `if($getpass)` condition returns false, hence it displays "Username is required". Can you dump your $_POST variable to see what's in there after you submit the login form? use this `var_dump($_POST);` just below `if ($_POST['submit']){` line – Eduardo Escobar Nov 28 '15 at 04:20
  • there is no `session_start();` in your page, you need to put it on top of your page – Shehary Nov 28 '15 at 04:21
  • Ive added the below at the top of my page. just above my html, does it make it a difference where it is? – emka Nov 28 '15 at 16:20

1 Answers1

1

There is error in what you are accessing. When you are posting a form the value reference is name not id.

 $getuser=$_POST['uname'];

Should be

$getuser=$_POST['username'];

As you can see in here name='username', you can also define the id with same name to avoid confusion.

<input type='text' id='username' name='username'  value='$getuser' />
Shameem Ahmed Mulla
  • 656
  • 4
  • 13