-1

I have a problem with my code. when I click the submit button nothing happens. Although I used the code before in another project and it works fine. I don't know where the problem is

html form:

<form role="form" action="login.php" method="POST" class="login-form">
    <div class="form-group">
        <label class="sr-only" for="form-username">Username</label>
        <input type="text" name="username" placeholder="Username..." class="form-username form-control" id="form-username">
   </div>
   <div class="form-group">
       <label class="sr-only" for="form-password">Password</label>
       <input type="password" name="password" placeholder="Password..." class="form-password form-control" id="form-password">
   </div>
   <div class="form-group">
       <input id="check" type="checkbox" class="check" checked>
       <label for="check"><span class="icon"></span> Keep me Signed in</label>
   </div>
       <button type="submit" name="login_submit" class="btn">Sign in!</button>
</form>

config.php file

<?php
define('DBHOST', 'localhost'); 
define('DBNAME', 'projectdb'); 
define('DBUSER', 'root'); 
define('DBPASS', ''); 
define('DBCONNSTRING','mysql:host=localhost;dbname=projectdb'); // the connection string
?>

login.php

<?php
if (isset($_POST['login_submit'])) {
    $id = $_POST["username"];
    $pass = $_POST["password"];

    try {
        require_once('config.php');
        $pdo = new PDO(DBCONNSTRING,DBUSER,DBPASS);
        $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // Exception handling Mode
        $sql="SELECT * FROM login WHERE username='$id' AND password='$pass'";
        $result=$pdo->query($sql);
        $count=$result->rowCount();

        if ($count=="0") {
            echo "invalid username and/or password";
            echo '<p> <a href="index.html"> GO TO HOME PAGE </a> </p>';
        } else {
            setcookie("UserName", $id,time()+60*60*24);
            echo "check cookie " .$_COOKIE["id"];
            session_start();
            $_SESSION["id"] = $id;
            $_SESSION["loginTime"] = time();
            header('Location: StudentHome.html');
        }
    } catch (PDOException $e) {
        echo "Connection Error! <br>".$e->getMessage();
    }
}
?>
Manoj Sharma
  • 1,467
  • 2
  • 13
  • 20
user2950439
  • 19
  • 1
  • 2
  • 8
  • 1
    are storing hashed password in database or plain text? – Nilesh Daldra Jan 04 '17 at 06:09
  • What happens when you click the submit button? Page gets redirected, refreshed or nothing happens at all? – Mohit Bhardwaj Jan 04 '17 at 06:09
  • I'm storing the password as plain text. Nothing at all happens when I click the button. – user2950439 Jan 04 '17 at 06:10
  • did you try to use ? – Saad Suri Jan 04 '17 at 06:11
  • move session_start(); to first line of the page. – Maths RkBala Jan 04 '17 at 06:11
  • If nothing at all happens when you click the button, ie. the form isn't submitted, you probably have a problem in your HTML outside your form that mucks up the form. I pasted your HTML form into a fresh template, and it submits just fine, and PHP receives the data as expected. – Markus AO Jan 04 '17 at 06:12
  • 5
    There are too many warning flags in this question. (1) **NEVER store passwords in plain text** (and it seems like you've got away using it in a previous project), use [`password_hash`](http://php.net/manual/en/function.password-hash.php) to salt and hash it appropriately before storage, use [`password_verify`](http://php.net/manual/en/function.password-verify.php) to verify the retrieved password based on username/login ID. (2) **You're injecting PHP variables directly into your query**, defeating the purpose of prepared statements. – Terry Jan 04 '17 at 06:13
  • how can detect the problem in my html page? – user2950439 Jan 04 '17 at 06:15
  • Additions to @Terry: you `echo` before `header` and header won't work if any output is started. also `session_start();` should be way before output. and btw my password is `';OR ''='` – bansi Jan 04 '17 at 06:17

1 Answers1

0

First Debug your html with FireBug as example. You will see you have alot of wrong stuff.

Some stuff:

session_start() is on wrong place. You need place it on Begin of your File. "All Files needed"

<?php session_start() 

?>

Buttons are great for onclick events and submit with javascript. Use <input type='submit' name='login_submit'> if you dont have javascript checks.

Use input_filter() to make it save. Your code can easy injected at the moment. More you can read here ivorysmoker MySQL injection and some stuff

$id = $_POST["username"];
$pass = $_POST["password"];

The form Attribut role dosnt exist. Correct my when im wrong.

Then is your form action path correct? Is your File in the same directory?

Little Question why you use Cookie and Sessions?

Community
  • 1
  • 1
ivorysmoker
  • 118
  • 10