Hello again all,
I am still trying to get my head around a login system, and I'm looking to get some second opinion on improving it and getting it to work properly. So here's what I've done so-far. Currently this form code is part of my index.php. When I refresh it, I'm getting hit by undefined index. Now I am thinking I need to move those variables further down the code so they don't get immediately read and flagged as undefined. Or is there more to it then that? See comments.
Any feedback would be valuable and appreciated.
Login.php
<?php
include_once ('assets/configs/db_config.php'); // OK so I included this, does this make the next code line down redundant? Or do I still need $con to pass onto mysqli variables?
$con=mysqli_connect("localhost","db_user","db_pw","db_name");
$user=$_POST['user']; // undefined index error here
$password=$_POST['password']; //undefined index error here
if(isset($_POST['submit'])){
//To ensure that none of the fields are blank when submitting the form if
if(isset($_POST['user']) && isset($_POST['password']))
{
$user = stripslashes($user);
$password = stripslashes($password);
$user = mysqli_real_escape_string($con,$user);
$password = mysqli_real_escape_string($con, $password);
//SQL Injection Ahoy! I know...but future versions aim to be robust!
$sql="SELECT * FROM users WHERE username='users' and password='password'"; //Dodgy query? I have a DB called Test_DB and a table inside called users.
$result=mysqli_query($con, $sql);
$row=mysqli_fetch_array($result);
if($row[0]==1)
{
session_start();
$_SESSION['user'] = $user;
$_SESSION['password'] = $password;
$_SESSION['loggedin'] = "true";
header("location:index.php");
}
else
{
print ('<div id="error">Acess denied, wrong username or password?</div>');
}
}
else
{
print ('<div id="error">Enter something!</div>');
}
}
?>
Based on : http://www.joseblog.netau.net/web_design/simple-php-mysql-login.php
