My current login form doesn't work correctly. It always logs me in no matter what is entered into the login form. Since the first question, I decided to change my code up lots.
Here is the up to date code:
<?php
session_start();
include_once("db_connect.php");
if(isset($_POST['loginSub'])) {
//Connect to DB
include_once("db_connect.php");
//Gets whatever is inside input box and prevents sql injection
$username=($_POST['user']);
$password=($_POST['password']);
$query = "SELECT * FROM user WHERE user= 'kent' AND password = 'password'";
$rows = mysqli_query($conn, $query);
if ($rows->num_rows == 1) {
$_SESSION['user']=$username; // Initializing Session
header("location: loginAuth.php"); // Redirecting To Other Page
} else {
$error = "Username or Password is invalid!!!!";
}
mysql_close($conn); // Closing Connection
}
?>
Here is the HTML form:
<form id="login" method="POST" action="loginAuth.php">
<label for="user"><strong>Login:</strong></label>
<input type="text"size=20 autocorrect=off autocapitalize=words name="user">
<!--<label for="loginPassword" name="password"> <strong>Password:</strong></label>
<input type="password" name="Password"> -->
<label for="password" > <strong>Password:</strong></label>
<input type="password" name="password">
<input name="loginSub" type="submit" value="login">
</form>
The form action loginAuth.php
basically takes you to the editor page and has no php in it yet.
Each snippet of code comes from the same php page. My question is, how can I make it so it doesn't log you in when the credentials are incorrect?