I'm new to PHP and am attempting to create a login system within a HTML website. I have created a staff database with StaffID
and Password
columns. When the incorrect details are entered, the page should reload the login page with the relevant error in the header and when the correct details are entered it should redirect to a new php page.
But when the correct details are entered, the page is reloaded as if the login details were incorrect with login=error
in the header. I believe there may be a problem with the password verification but I am not sure. Can anyone help?
<?php
session_start();
if (isset($_POST['submit'])) {
include 'dbh.php';
$uid = $conn->real_escape_string($_POST['uid']);
$pwd = $conn->real_escape_string($_POST['pwd']);
//Error handlers
//Check for input empty
if (empty($uid) || empty($pwd)) {
header("Location: ../Website/loginpage.html?login=empty");
exit();
} else {
$sql = "SELECT * FROM staff WHERE StaffID='$uid'";
$result = $conn->query($sql);
$resultCheck = $result->num_rows;
if ($resultCheck < 1) {
header("Location: ../Website/loginpage.html?login=error");
exit();
} else {
if ($row = $result->fetch_assoc()) {
$PwdCheck = password_verify($pwd, $row['Password']);
if ($PwdCheck == false) {
header("Location: ../Website/loginpage.html?login=error");
exit();
} elseif ($PwdCheck == true) {
//Log in user here
$_SESSION['u_id'] =$row['StaffID'];
$_SESSION['u_name'] =$row['Name'];
$_SESSION['u_email'] =$row['Email_address'];
header("Location: ../Website/index2.php?login=success");
exit();
}
}
}
}
} else {
header("Location: ../Website/loginpage.html?login=error");
exit();
}
?>
<form action="login.php" method="POST">
<label>Username :</label><input type="text" name="uid" placeholder="Username/e-mail" class="box"><br /><br />
<label>Password :</label><input type="password" name="pwd" placeholder="password" class="box"><br/><br />
<button type="submit" name="submit" value="submit">Login</button><br />
</form>
My connection file dbh.php
:
<?php
session_start();
$server = "localhost";
$username = "root";
$passwd = "";
$dbname = "custom pc central";
$conn = mysqli_connect($server, $username, $passwd, $dbname) or die ('connection is not established'.mysqli_error($conn));
My table data:
Create table Staff
(StaffID varchar(100),
Password varchar(1000),
Name varchar(100),
Email_address varchar(1000),
constraint pk_StaffID primary key(StaffID));
insert into Staff values
('14567','123','james',
'james@custompccentral.co.uk');
insert into Staff values
('24567','123','alex',
'alex@custompccentral.co.uk');
insert into Staff values
('34567','123','kate',
'kate@custompccentral.co.uk');
insert into Staff values
('44567','123','megan',
'megan@custompccentral.co.uk');
insert into Staff values
('54567','123','syed',
'syed@custompccentral.co.uk');
insert into Staff values
('64567','123','akif',
'akif@custompccentral.co.uk');