0

I'm making a complete login system. The register part works just fine but if I try to login, I just get a white screen. No errors, no redirects,... The php code does execute since my url changes to 'login.php'. I tried multiple ways to make a login, but that dind't work either.

Thanks in advance!

  <?php

session_start();

if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true){
    header("location: index_afterlogin.html");
    exit;
}

require_once "config.php";

$email = $password = "";
$email_err = $password_err = "";

if($_SERVER["REQUEST_METHOD"] == "POST"){
     if(empty(trim($_POST["email"]))){
        $email_err = "Please enter e-mail.";
    } else{
        $email = trim($_POST["email"]);
    }

    if(empty(trim($_POST["password"]))){
        $password_err = "Please enter your password.";
    } else{
        $password = trim($_POST["password"]);
    }

    if(empty($email_err) && empty($password_err)){
        $sql = "SELECT userID, email, password FROM users WHERE email = ?";

        if($stmt = mysqli_prepare($db, $sql)){
            mysqli_stmt_bind_param($stmt, "s", $param_email);

            $param_email = $email;

            if(mysqli_stmt_execute($stmt)){
                mysqli_stmt_store_result($stmt);

                if(mysqli_stmt_num_rows($stmt) == 1){                    
                    mysqli_stmt_bind_result($stmt, $id, $email, $hashed_password);
                    if(mysqli_stmt_fetch($stmt)){
                        if(password_verify($password, $hashed_password)){
                            session_start();

                            // Store data in session variables
                            $_SESSION["loggedin"] = true;
                            $_SESSION["userID"] = $id;
                            $_SESSION["email"] = $email;                            

                            header("location: index_afterlogin.html");
                        } else{
                            $password_err = "The password you entered was not valid.";
                        }
                    }
                } else{
                    $email_err = "No account found with that username.";
                }
            } else{
                echo "Oops! Something went wrong. Please try again later.";
            }
        }

        mysqli_stmt_close($stmt);
    }

    mysqli_close($db);
}
?>
gip
  • 13
  • 6
  • Have you got the MySQLi exception mode switched on? [How to enable MySQLi exception mode?](https://stackoverflow.com/questions/22662488/how-to-get-mysqli-error-information-in-different-environments/22662582#22662582) – Dharman May 12 '19 at 10:49
  • Do I have to implement that in my config.php where I link the database? – gip May 12 '19 at 10:53
  • Yes, that would be probably the best place. Before you make the connection insert that line from the link. – Dharman May 12 '19 at 10:55
  • I've done that, doesn't work.. – gip May 12 '19 at 10:57
  • It was meant to show you any SQL errors if you have any. If you didn't get any errors in your error log then that means the problem is somewhere else. – Dharman May 12 '19 at 11:04
  • 1
    `if($_SERVER["REQUEST_METHOD"] == "POST") { .. }` - And if not, you'll get a "white page". – Paul Spiegel May 12 '19 at 11:44

0 Answers0