mardi 27 septembre 2016

PHP and MYSQLI login unsuccessful

Please help! :( Even though I am using the post method, the data is being sentthe browser ! (very bad of course), On top of that, the if-else statements dont seem to be working at all/echoing what i want them too. side note: ( i have been web developing for about six months now, and am eager to learn). please let me know any additional info you may need to answer !

<?php
session_start();
error_reporting (E_ALL ^ E_notice);
?>



<?php


    @mysql_connect ('fdb14.biz.nf', 'xxxxxxx', 'xxxxxxx') or die ('sorry, could not connect to server, please try again');
@mysql_select_db ('2112200_qastore') or die ('NO DATABSE');
$db = mysqli_connect('fdb14.biz.nf', 'xxxxxxxxxx', 'xxxxxxx', '2112200_qastore');

if( mysqli_connect_errno()){

echo ' databse connection failed with following errors' . mysqli_connect_error();
die();
}

?>
<div class="cartmenu">
<div id="my-cart"><span>My Cart</span><br/><img src=../"images-2/cart2.png"/></div>
<div id="shopping"><span>Go Shopping</span></div>
<?php


    $form = "<form action='cartbar.php' 'method='POST' id='signin_form' name='signin_form'>
            <input type='text' name='user_name' id='user_name' placeholder='Enter Username'/> <br>
    <input type='password' name='user_pass' id='user_pass' placeholder='Enter Password'/><br>
    <input type='submit' name='login_submit' id='login_submit' value='Sign in!' method='post'/>
</form>";

    ?>
<form action='#' method='GET' id='form1'>
    <input id='search1'type='text' name='search' placeholder='Search'/><br>
    <input id='search2'type='submit' name= 'search' value='Search!'/>
</form></div>

    <?php
    if(!empty($_POST['login_submit'])){
    var_dump();
    $user_name = $_POST['user_name'];
    $pass = $_POST['user_pass']; 

        if($user_name){
            if($pass){
            $pass = md5(md5("gjlfkgjl".$pass."fbfgbg"));

                                        //make sure login info is correct                     
                   $query = mysqli_query($db,"SELECT * FROM users WHERE name='$user_name'");
                   $numrows = mysqli_num_rows($query);

                 if ($numrows == 1){
                                    $row = mysqli_fetch_assoc($query);
                                    $dbid = $row['id'];
                                    $dbuser = $row['name'];
                                    $dbpass = $row['pass'];
                                    $dbactive = $row['active'];

                                if ($pass == $dbpass){

                                          if($dbactive == 1){
                                           $_SESSION['id'] = $dbid;
                                             $_SESSION['name'] = $dbuser;
                                              echo " Welcome <b> $user_name </b>. <a href='member.php'>Click here</a> to go to the member page";
                                               mysql_close();
                                        }

                                           else{
                                           echo "You must activate your account to login. <a href='member.php'>Click here to sign up</a>";
                                                              }

                                        }
                            else{
                            echo " You did not enter the correct password, please try again $form";
                            }
                        }     
                   else{
                   echo " The username you have eneter was not found" . $form ;

                   }
                    mysql_close();
            }    
            else{
            echo "Please enter a password<br>" . $form;
            }

        }
        else{
            echo "Please enter a user name" . $form;
            }
    }

    else{
    echo $form;
    }



  ?>
Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)