Part of your problem comes from a lack of separation of concerns.
Lets see your basic algorithm:
- Check that the needed info to log in a user is there.
- If it is, query the database for that user and password.
- If they match, return a SUCCESS
- Otherwise return a FAILURE: INVALID
- If information is missing, return a FAILURE: MISSING INFO
Let's try and implement that in code.
require 'core.inc.php';
//Takes in a $_POST object and returns a string
function log_in_user($post_object) {//Note that using global variables is problematic, so lets pass it as a param
$username = null;
$password = null;
//One at a time lets get the needed info
if (isset($post_object['email1']) && !empty($post_object['email1'])) {
$username = $post_object['email1']
}
if (isset($post_object['sifre1']) && !empty($post_object['sifre1'])) {
$password = $post_object['sifre1']
}
//Handle the case where we don't have the correct info
if (is_null($username)) {
return "You must enter a username."
}
if (is_null($password){
return "You must enter a password."
}
//If the function hasn't returned by this point, we validate the credentials.
return validate_credentials($username, $password);//pass through the result
}
//Put this in a separate function for cleanliness and so you can handle
//the changes you NEED to make to how you access the db w/o affecting the rest
function validate_credentials($username, password) {
$query="SELECT e-mail,sifre FROM Kullanıcı WHERE e-mail='$username' AND sifre='$password'";
//Get a connection to your database. The details below will change.
//db_username and db_password are the credentials to your database, not the user.
$db = new PDO('mysql:host=localhost;dbname=testdb;charset=utf8', 'db_username', 'db_password');
try {
$stmt = $db->query($query);//Sets up your query
$results = $stmt->fetchAll(PDO::FETCH_ASSOC);
if (count($results) == 1) {
return "OK";
} else {
return "Invalid credentials";
}
} catch(PDOException $ex) {
return "An error occurred trying to reach the database. Try again later.";
}
}
//Now actually execute the login function
echo log_in_user($_POST);
So, as you can see, breaking your code into functions will allow you to clarify the issues you're seeing. The first function validates your inputs: your initial problem is essentially one of validation. Did the user send through a password? The second function handles the concern of actually validating a set of credentials against the database. With the second function you can test different cases:
validate_credentials("good_username","awesome_password");//should exist in db to work. Will return "OK"
validate_credentials("bad_username","terrible_password");//should NOT exist in the db. Will return "Invalid credentials"
Caveat: None of this code is tested, it's merely an example of how you might do this.