troubleshooting Question

PHP Login System - Cannot Login User

Avatar of Joseph Longo
Joseph LongoFlag for United States of America asked on
HTMLPHPMySQL Server
1 Comment1 Solution11 ViewsLast Modified:
Hello Experts,
I have a basic PHP login/registration system. I am able to register users without any issue. However, when I try to login as a user, I receive an error message, which I created, stating "Incorrect username." I am stumped as to where the issue/error exists. Would love assistance in troubleshooting the error. Thanks in advance!

LOGIN.INC.PHP
<?php
if(isset($_POST["loginToSite"])){
    $username = $_POST["deputyUsername"];
    $pwd = $_POST["deputyPWD"];

    require_once 'dbh.inc.php';
    require_once 'functions.inc.php';

    if(emptyInputLogin( $username, $pwd)===true){
        header("location:../index.php?error=emptyInput");
        exit();
    }
    loginUser($conn, $username, $pwd); 
}else{
    header("location:../index.php?error=none");
    exit();
}
?>

FUNCTIONS.INC.PHP
<?php
function emptyInputSignup($userRank, $userFirstName, $userLastName, $userID, $userUsername, $userPassword, $userPasswordRepeat, $userAgencyEmail){
    $result;
    if(empty($userRank) || empty($userFirstName) || empty($userLastName) || empty($userID) || empty($userUsername) || empty($userPassword) || empty($userPasswordRepeat)|| empty($userAgencyEmail)){
        $result = true;
    }else{
        $result = false; 
    }
    return $result;
}

function invalidUsername ($userUsername){
    $result;
    if(!preg_match("/^[a-zA-Z0-9]*$/", $userUsername)){
        $result = true;
    }else{
        $result = false; 
    }
    return $result;
}

function invalidEmail($userAgencyEmail){
    $result;
    if(!filter_var($userAgencyEmail, FILTER_VALIDATE_EMAIL)){
        $result = true;
    }else{
        $result = false; 
    }
    return $result;
}

function pwdMatch($userPassword, $userPasswordRepeat){
    $result;
    if($userPassword !== $userPasswordRepeat){
        $result = true;
    }else{
        $result = false; 
    }
    return $result;
}
function usernameExists($conn,  $userUsername){
    $sql ="SELECT * FROM users WHERE  usersUsername = ? OR usersEmail = ?;";
    $stmt = mysqli_stmt_init($conn);
    if(!mysqli_stmt_prepare($stmt, $sql)){
        header("location:../php/signup.php?error=stmtfailed");
        exit();
    }
    mysqli_stmt_bind_param($stmt, "s", $userUsername);
    mysqli_stmt_execute($stmt);

    $resultData = mysqli_stmt_get_result($stmt);

    if($row = mysqli_fetch_assoc($resultData)){
        return $row;
    }else{
        $result = false;
        return $result;
    }
    mysqli_stmt_close($stmt);
}

function registerUser($conn,  $userRank, $userFirstName, $userLastName, $userID, $userUsername, $userPassword, $userAgencyEmail){
    $sql ="INSERT INTO users (usersRank, usersFirstName, usersLastName, usersID, usersUsername, usersPassword, usersEmail) VALUES (?, ?, ?, ?, ?, ?, ?);";
    $stmt = mysqli_stmt_init($conn);
    if(!mysqli_stmt_prepare($stmt, $sql)){
        header("location:../php/signup.php?error=stmtfailed");
        exit();
    }

    $hashedUserPassword = password_hash($userPassword, PASSWORD_DEFAULT);

    mysqli_stmt_bind_param($stmt, "sssssss", $userRank, $userFirstName, $userLastName, $userID, $userUsername, $hashedUserPassword, $userAgencyEmail);
    mysqli_stmt_execute($stmt);
    mysqli_stmt_close($stmt);
    header("location:../php/signup.php?error=none");
    exit();
}

function emptyInputLogin($userUsername, $userPassword){
    $result;
    if(empty($userUsername) || empty($userPassword)){
        $result = true;
    }else{
        $result = false; 
    }
    return $result;
}

function loginUser($conn, $userUsername, $userPassword){
    $usernameExists = usernameExists($conn,  $userUsername);

    if ($usernameExists === false){
        header("location:../index.php?error=incorrectUsername");
        exit();
    }

    $hashedPassword = $usernameExists["usersPassword"];
    $checkPassword = password_verify($userPassword, $hashedPassword);

    if($checkPassword ===false){
        header("location:../index.php?error=incorrectPassword");
        exit();
    }elseif($checkPassword ===true){
        session_start(); 
        $_SESSION["ID"] = $usernameExists["id"];
        $_SESSION["rank"] = $usernameExists["usersRank"];
        $_SESSION["firstName"] = $usernameExists["usersFirstName"];
        $_SESSION["lastName"] = $usernameExists["usersLastName"];
        $_SESSION["payroll"] = $usernameExists["usersID"];
        $_SESSION["ID"] = $usernameExists["usersUsername"];
        $_SESSION["email"] = $usernameExists["usersEmail"];
        header("location:../index.php?error=none");
        exit();
    }

}
?>

LOGIN FORM:

<form action="includes/login.inc.php" method="post">
    <table>
    <tr name="employee">
    <td><b><font color="white">Username:<br><br><input type="text" id="deputyRank" name="deputyUsername"></b></font><br></td>
        <td><b><font color="white">Password:<br><br><input id="resizePWD" type="password" name="deputyPWD"></b></font><br></td>
            <td><br><br><input type="submit" value="Login" id="LoginToSite" name="loginToSite"></td>
            </tr>
            </table>
            <?php
            if (isset($_GET["error"])){
                if ($_GET["error"] == "emptyInput"){
                    echo "<p><font color='white'>Please fill out all fields.</font></p>";
                }else if ($_GET["error"] == "wronglogin"){
                    echo "<p><font color='white'>Incorrect login credentials.</font></p>";
                }else if ($_GET["error"] == "incorrectUsername"){
                    echo "<p><font color='white'>Incorrect username.</font></p>";
                }else if ($_GET["error"] == "incorrectPassword"){
                    echo "<p><font color='white'>Incorrect password.</font></p>";
                }
            }
            ?>
</form>


ASKER CERTIFIED SOLUTION
Join our community to see this answer!
Unlock 1 Answer and 1 Comment.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 1 Comment.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros