-1

i have a website for users to login and register, the website was working fine when login and register was in 2 different pages, now i have made them both in the same page, the html code is like below:

<h2>Login</h2>
  </div>

  <form method="post" class="form-detail" action="index.php">
   <?php include('errors.php'); ?>
   <div style="padding-right: 20px; margin-left: -40px;" class="input-group">
    <label>Username</label>
    <input type="text" name="username" >
   </div>
   <div style="padding-right: 20px; margin-left: -40px;" class="input-group">
    <label>Password</label>
    <input type="password" name="password">
   </div>
   <div class="input-group">
    <button type="submit" class="btn" name="login_user">Login</button>
   </div>
   
  </form>
   </div>
 


  

  <form class="form-detail" method="post" action="index.php">
    <div class="header">
   <h2>Register Now</h2>
  </div>
   <?php include('errors.php'); ?>
   <div class="input-group">
     <label>Username</label>
     <input type="text" name="username" value="<?php echo $username; ?>">
   </div>
   <div class="input-group">
     <label>Email</label>
     <input type="email" name="email" value="<?php echo $email; ?>">
   </div>
   <div class="input-group">
     <label>Password</label>
     <input type="password" name="password_1">
   </div>
   <div class="input-group">
     <label>Confirm password</label>
     <input type="password" name="password_2">
   </div>
   <div class="input-group">
     <button type="submit" class="btn" name="reg_user">Register</button>
   </div>

the server.php file which does the functionality is like:

<?php
session_start();

// initializing variables
$username = "";
$email    = "";
$errors = array();

// connect to the database
$db = mysqli_connect('localhost', 'root', '', 'teia');

// REGISTER USER
if (isset($_POST['reg_user'])) {
  // receive all input values from the form
  $username = mysqli_real_escape_string($db, $_POST['username']);
  $email = mysqli_real_escape_string($db, $_POST['email']);
  $password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
  $password_2 = mysqli_real_escape_string($db, $_POST['password_2']);

  // form validation: ensure that the form is correctly filled ...
  // by adding (array_push()) corresponding error unto $errors array
  if (empty($username)) { array_push($errors, "Username is required"); }
  if (empty($email)) { array_push($errors, "Email is required"); }
  if (empty($password_1)) { array_push($errors, "Password is required"); }
  if ($password_1 != $password_2) {
 array_push($errors, "The two passwords do not match");
  }

  // first check the database to make sure
  // a user does not already exist with the same username and/or email
  $user_check_query = "SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1";
  $result = mysqli_query($db, $user_check_query);
  $user = mysqli_fetch_assoc($result);

  if ($user) { // if user exists
    if ($user['username'] === $username) {
      array_push($errors, "Username already exists");
    }

    if ($user['email'] === $email) {
      array_push($errors, "email already exists");
    }
  }

  // Finally, register user if there are no errors in the form
  if (count($errors) == 0) {
   $password = md5($password_1);//encrypt the password before saving in the database

   $query = "INSERT INTO users (username, email, password)
       VALUES('$username', '$email', '$password')";
   mysqli_query($db, $query);
   $_SESSION['username'] = $username;
   $_SESSION['success'] = "You are now logged in";
   header('location: index.php');
  }
}


if (isset($_POST['login_user'])) {
  $username = mysqli_real_escape_string($db, $_POST['username']);
  $password = mysqli_real_escape_string($db, $_POST['password']);

  if (empty($username)) {
   array_push($errors, "Username is required");
  }
  if (empty($password)) {
   array_push($errors, "Password is required");
  }

  if (count($errors) == 0) {
   $password = md5($password);
   $query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
   $results = mysqli_query($db, $query);
   if (mysqli_num_rows($results) == 1) {
     $_SESSION['username'] = $username;
     $_SESSION['success'] = "You are now logged in";
     header('location: profile.php');
   }else {
    array_push($errors, "Wrong username/password combination");
   }
  }
}

?>

and finally the error.php is below

<?php  if (count($errors) > 0) : ?>
  <div class="error">
   <?php foreach ($errors as $error) : ?>
     <p><?php echo $error ?></p>
   <?php endforeach ?>
  </div>
<?php  endif ?>

earlier it was working completely fine, now when i added both login and register in same pages, both login and register not working, instead simply loading the page, as i am new to php, can anyone please tell me whats wrong with my code

s king
  • 7
  • 1
  • What about index.php? What's in there? Also, what's the specific error you get? – Etin Aug 27 '19 at 08:00
  • index.php is the same page where login nd register is there – s king Aug 27 '19 at 08:01
  • errors are like undefine variable errors,username,email and count(): Parameter must be an array or an object that implements Countable – s king Aug 27 '19 at 08:02
  • 1
    **Never store passwords in clear text or using MD5/SHA1!** Only store password hashes created using PHP's [`password_hash()`](https://php.net/manual/en/function.password-hash.php), which you can then verify using [`password_verify()`](https://php.net/manual/en/function.password-verify.php). Take a look at this post: [How to use password_hash](https://stackoverflow.com/q/30279321/1839439) and learn more about [bcrypt & password hashing in PHP](https://stackoverflow.com/a/6337021/1839439) – Dharman Aug 27 '19 at 08:22
  • 1
    Always `exit()` after `header('Location: ...');` – Dharman Aug 27 '19 at 08:22

3 Answers3

0

The problem is that both your form actions point to index.php which isn't where the functionality is.


    <form method="post" class="form-detail" action="server.php">

Change both forms to this. That should solve your problem.

Edit: To display the errors, you'll need access to the $errors variable you defined. One way to do this is to move the code in error.php like so:


    if (count($errors) == 0) {


        $password = md5($password_1);//encrypt the password before saving in the database

        $query = "INSERT INTO users (username, email, password)
                  VALUES('$username', '$email', '$password')";
        mysqli_query($db, $query);
        $_SESSION['username'] = $username;
        $_SESSION['success'] = "You are now logged in";
        header('location: index.php');
      } else {
           include('errors.php');
      }
Etin
  • 365
  • 1
  • 9
  • as you said i changed in both, login is working fine, but the register button is displaying server.php and idle – s king Aug 27 '19 at 08:06
  • In server.php Kindly add ```echo "Test";``` just below ```if (isset($_POST['reg_user'])) {``` and try it again. I'd like to make sure it gets to that block. – Etin Aug 27 '19 at 08:21
  • if the username or email is already exist in database, the button displays server.php, if username and email is not there in database then it registers the user – s king Aug 27 '19 at 08:24
  • There are errors in the registration, however, those errors don't show up because you aren't displaying the content of your ```$errors``` array – Etin Aug 27 '19 at 08:27
  • i am including the errors file and displaying it, but its no being displayed – s king Aug 27 '19 at 08:29
  • Yes, but errors.php has no way to access the variables in server.php. Try moving the code in errors.php to server.php – Etin Aug 27 '19 at 08:31
  • yes, errors are not displaying, can you pleasse help me with this, i did as you said moving it to server.php but still nothing happened – s king Aug 27 '19 at 08:35
0

You can use switch statement for your solutions with different submit button value like below

  <button type="submit" class="btn" value="login">Login</button>
  <button type="submit" class="btn" value="register">Register</button>

  <?php
    switch($_POST['submit']) {
        case 'login': 
        //...
        break;
        case 'register':
        //...
        break;
    }
  ?>
Rajdip Chauhan
  • 345
  • 2
  • 11
0

Are you sure; you are adding this <?php include('server.php'); ?> at the top of the index.php page?

Muhammad Aftab
  • 1,098
  • 8
  • 19