<?php
session_start();
$_SESSION['message'] = '';
$mysqli = new mysqli('localhost', 'admin', '7777', 'second');
if(isset($_POST['login'])){
if($_POST['username'] != ' ' && $_POST['password'] != ' '){
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT username, password FROM accounts";
$result = $mysqli->query($sql);
$row = $result->fetch_assoc();
if($username == $row['username']){
if($password == $row['password']){
session_start();
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
header("location: welcome.php");
}else{
$_SESSION['message'] = 'Password is not correct!';
}
}else{
$_SESSION['message'] = 'Username is not correct!';
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Register</title>
<meta charset="utf-8">
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<div class="container">
<h1>Log in!</h1>
<form action="login.php" method="post">
<div class="alert-error"><?= $_SESSION['message']; ?></div>
<input type="text" name="username" placeholder="User Name..." required/><br/>
<input type="password" name="password" placeholder="Password..." required/><br/>
<input type="submit" name="login" class="btn"/>
</form>
<hr noshade />
<a href="index.php">Homepage</a>
</div>
</body>
</html>
Страница авторизации.
-----------------------------
<?php
session_start();
$_SESSION['message'] = '';
$mysqli = new mysqli('localhost', 'admin', '7777', 'second');
if($_SERVER['REQUEST_METHOD'] == 'POST'){
if($_POST['password'] == $_POST['confirmpassword']){
$username = $mysqli->real_escape_string($_POST['username']);
$email = $mysqli->real_escape_string($_POST['email']);
// $password = md5($_POST['password']);
$password = $mysqli->real_escape_string($_POST['password']);
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
if( (isset($_POST['username']) === $username) or (isset($_POST['email']) === $email) ){
$_SESSION['message'] = 'User with such login or email is exists! Try another one!';
}else{
$sql = "INSERT INTO accounts (username, email, password)"."VALUES ('$username','$email','$password')";
if($mysqli->query($sql) === true){
$_SESSION['message'] = 'Registration successful!';
header("location: welcome.php");
}
else{
$_SESSION['message'] = 'User could not be added to the database';
}
}
}
else{
$_SESSION['message'] = 'Passwords do not match!';
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Register</title>
<meta charset="utf-8">
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<div class="container">
<h1>Create an account!</h1>
<form action="register.php" method="post">
<div class="alert-error"><?= $_SESSION['message']; ?></div>
<input type="text" name="username" placeholder="User Name..." required/><br/>
<input type="email" name="email" placeholder="Email..." required/><br/>
<input type="password" name="password" placeholder="Password..." required/><br/>
<input type="password" name="confirmpassword" placeholder="Confirm Password..." required/><br/>
<input type="submit" name="register" class="btn"/>
</form>
<hr noshade />
<a href="index.php">Homepage</a>
</div>
</body>
</html>
Страница регистрации.
При регистрации, можно зарегестрироваться и попадаешь в личный кабинет.
Но если выйти и попробовать авторизоваться выдаст ошибку про неправильный логин.
Но на первый по 'id' в базе аккаунт зайти можно.
В чём ошибка?
Простой
