Login Error

[astonecipher]

I am learning PHP and am using this script:

Code: Select all

<?php

// get DB information
  require_once('scripts/SQLconn.php');

  session_start();
  $error_msg = "";

// If the user isn't logged in log them in
                if (!isset($_COOKIE['username'])) {
                                if (isset($_POST['submit'])) {
   
// Connect to the database
    $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);

// Grab the user-entered log-in data
    $username = mysqli_real_escape_string($dbc, trim($_POST['username']));
    $password = mysqli_real_escape_string($dbc, trim($_POST['password']));

// Look up the username and password in the database
    if (!empty($user_username) && !empty($user_password)) {
                $query = "SELECT username FROM users WHERE username = '$username'";
                $data = mysqli_query($dbc, $query);
       
// The log-in is OK so set the user ID and username session vars (and cookies), and redirect to the home page
    if (mysqli_num_rows($data) == 1) {
                $row = mysqli_fetch_array($data);
                setcookie('user_id', $row['username']);
                $home_url = 'http://www.kempism.com' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/index.php';
                header('Location: ' . $home_url);
    }
    else {
// The username/password are incorrect so set an error message
                $error_msg = 'Sorry, you must enter a valid username and password to log in.';
     }
    }
    else {
// The username/password weren't entered so set an error message
                $error_msg = 'Sorry, you must enter your username and password to log in.';
      }
    }
  }
?>

<!DOCTYPE html>
<html>
<head>
  <meta content="text/html; charset=utf-8" />
  <title>Kempism - Log In</title>
  <link rel="stylesheet" type="text/css" href="style/layout.css" />
</head>
<body>
  <h3>Kempism - Log In</h3>

<?php

//show any error message and the log-in form, otherwise confirm the log-in
  if (empty($_COOKIE['username'])) {
    echo '<p class="error">' . $error_msg . '</p>';
?>

  <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
    <fieldset>
      <legend>Log In</legend>
      <label for="username">Username:</label>
      <input type="text" id="username" name="username" value="<?php if (!empty($username)) echo $username; ?>" /><br />
      <label for="password">Password:</label>
      <input type="password" id="password" name="password" />
    </fieldset>
    <input type="submit" value="Log In" name="submit" />
  </form>

<?php
  }
  else {
//confirm the successful log-in
    echo('<p class="login">You are logged in as ' . $_COOKIE['username'] . '.</p>');
  }
?>

</body>
</html>



I know it is not passing the information from the form to php, I do not know why?

[astonecipher]

[code]
// Look up the username and password in the database
if (!empty($user_username) && !empty($user_password)) {
$query = "SELECT username FROM users WHERE username = '$username'";
$data = mysqli_query($dbc, $query);
[code/]

Figured it out, the database was searching for empty var instead of where the variables were actually being held