0

I need a login script in PHP and wrote this (see script below) but the form is not sending the variables from the inputfiedls to the same file through the URL (with GET or POST)

<?php
session_start();
$admin=true;

function controle($uname, $pword, $admin){

$datatable = "my_table";
$servername = 'localhost';
$username = 'admin';
$password = '1234';
$database = 'myDB';

//Create connection
$con = mysqli_connect($servername, $username, 
$password, $database);

if ($con == false){
die("STATUS: Error: ".mysqli_error_connect());
}

if ($admin == true){
    $sql = "SELECT * FROM ".$datatable; 
}
$result = mysqli_query($con,$sql);
$rows=mysqli_fetch_assoc($result);

$sql2 = "SELECT COUNT(*) AS total FROM ".$datatable;
$result = mysqli_query($con,$sql2);

$row2 = $result->fetch_row();
$total_records = $row2[0];

if ($total_records > 0){

    $gebruikersnaam = $rows['username'];
    $wachtwoord = $rows['password'];
    if ($pword != $wachtwoord){
        return false;
    } else {
        return $gebruikersnaam;
    }
} else {
    return false;
}
}

// Check name and password
if (isset($_POST['verzonden'])){
$username = $_POST['username'];
$password = md5($_POST['wachtwoord']);
$login_ok = controle($username, $password, $admin);
if (login_ok != false){
    //correct
    $_SESSION['username'] = $username;
    $_SESSION['password'] = $password;
}
}
if (controle($_SESSION['username'], 
$_SESSION['wachtwoord'], $admin) == false) {
echo "<form method='post' 
action='".$_SERVER['PHP_SELF']."?";
reset($_GET); // put the array pointer to 0 when 
starting
// Send the variables again
while($getvar = each($_GET)){
    $varName = $getvar['key'];
    $varValue = $getvar['value'];
    echo "$varName=$varValue&";
}

echo "'><br><br>";
echo "Name: ";
echo "<input type='text' name='username'>";
echo "<br>";
echo "Password: ";
echo "<input type='text' name='wachtwoord'>";
echo "<br>";
echo "<input type='submit' value='log in' 
name='verzonden'>";
echo "</form>";
if ($admin == "true"){
    echo "<p>-- ADMIN status is vereist!";
}
exit;
}
?>

But it seems that the form does not sending anything.. I was expecting something like : 

authentication.php?username=MYNAME&wachtwoord=4321

The connection with my database is ok, I can read the variables from there. I have no id why my form is not sending the variables I got just "authentication.php?"

Improve this question
3
  • Either use GET or REQUEST instead POST Commented Aug 26, 2018 at 7:10
  • I assume you ment in the “// Check name and password” section? This give me the same result Commented Aug 26, 2018 at 7:18
  • You should use $_GET or $_REQUEST. $_POST send data in body of the header not in url parameter. Commented Aug 26, 2018 at 7:33

1 Answer 1

Reset to default
2

You are mixing up $_GET and $_POST. Your form is using $_POST but you are looking for $_GET variables.

I have changed your code so that it works properly. I have left some var_dump lines in if you would like to debug and see what is going on throughout the process

I have set your database connection to be global so that you only connect once and you can access it again whenever you need to. I have changed your GET to POST. I have made it show when you are logged in or when you need to log in. I have built a log out section for you as well.

<?php
session_start();
$admin=true;

$datatable = "my_table";
$servername = 'localhost';
$username = 'nick';
$password = 'nickd18';
$database = 'test';

// show session variables for debuggin;
var_dump($_SESSION);

// you may want to destroy session variables at some point when debugging (should be a log out but we can use this line for now)
// 
if (isset($_GET) && $_GET['logout'] == '1') {
    session_destroy();
    $login = "http://".$_SERVER[HTTP_HOST].$_SERVER['PHP_SELF'];
    die(header('Location: '.$login));
}


//Create connection
global $con;
$con = mysqli_connect($servername, $username, $password, $database);

if ($con == false){
    die("STATUS: Error: ".mysqli_error_connect());
}


function check_login($uname, $pword, $admin){
    global $con;
    $sql = "SELECT * FROM `my_table` WHERE `username` = '$uname' AND `password` = '$pword' LIMIT 1";
    //var_dump($sql);
    $result = mysqli_query($con,$sql);
    //var_dump($result);
    $rows=mysqli_fetch_assoc($result);
    if ($rows) {
        /* successful login */
        return true;
    }  else {
        /* failed login */
        return false;
    }


}

// Check name and password
if (isset($_POST['verzonden'])){
    //var_dump($_POST);
    $username = $_POST['username'];
    $password = md5($_POST['wachtwoord']);
    $login_ok = check_login($username, $password, $admin);
    if ($login_ok != false){
        //correct
        $_SESSION['username'] = $username;
        $_SESSION['password'] = $password;
    }
}
if (!$_SESSION['username']) {
    echo "<h2>You are not logged in</h2>";
    echo "<form method='post' action='".$_SERVER['PHP_SELF']."?";

    echo "'><br><br>";
    echo "Name: ";
    echo "<input type='text' name='username'>";
    echo "<br>";
    echo "Password: ";
    echo "<input type='text' name='wachtwoord'>";
    echo "<br>";
    echo "<input type='submit' value='log in' 
    name='verzonden'>";
    echo "</form>";
    if ($admin == "true"){
        echo "<p>-- ADMIN status is vereist!";
    }
    exit;
} else {
    echo "<h1>You are logged in as ".$_SESSION['username']."</h1>";
    echo "<p><a href='?logout=1'>Log out</a>";
}
?>
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

There's still a lot that needs to be done with this (sanitization, better db handling, etc) before it is ready to go live on a site but this is a good start.
Can you help me with that (sanitization, db handling,..)? No id what you mean or what I have to do
See stackoverflow.com/questions/60174/… for one. Avoid the use of global variables (pass them as an argument to the function instead). Usage of $_SERVER['PHP_SELF'] is not recommended to send the form's action.
I was planned to use a global variable on another page to see if you are logged in (something like if $admin == true), but if you say that’s not a great id, how should I chech on another page if you are logged in?
Qirel, I gave him a base to work off. The code works and he can move forward now.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.