#4 >if(isset($_POST['submit-login'])){
dette skulle gerne modsvare den variabel du sender her
ref #7 >[submit] => Login
så du kommer aldrig til din sql!!,
du har i din sql også en fejl, med AND user_password=:password";, du binder ikke password, men det skal heller ikke bruges i din nuværende sql.
du har ikke helt styr på hvad du kalder dine felter i db / html form
jeg prøvet at omskrive den lidt, så den virker
<?php
ini_set('display_errors', 1);
error_reporting(E_ALL);
session_start();
include_once ('dbh.php');
//If the POST var "login" exists (our submit button), then we can
//assume that the user has submitted the login form.
if (isset($_POST['submit-login'])) {
//Retrieve the field values from our login form.
$username = !empty($_POST['uid']) ? trim($_POST['uid']) : null;
$passwordAttempt = !empty($_POST['password']) ? trim($_POST['password']) : null;
//Retrieve the user account information for the given username.
$sql = "SELECT user_password FROM users WHERE user_uid=:uid";
$stmt = $pdoConnect->prepare($sql);
//Bind value.
$stmt->bindValue(':uid', $username);
//Execute.
$stmt->execute();
//Fetch row.
$user = $stmt->fetch(PDO::FETCH_ASSOC);
//If $row is FALSE.
if ($user === false) {
//Could not find a user with that username!
//PS: You might want to handle this error in a more user-friendly manner!
die('Incorrect username / password combination!');
} else {
//User account found. Check to see if the given password matches the
//password hash that we stored in our users table.
//Compare the passwords.
$validPassword = password_verify($passwordAttempt, $user['user_password']);
//If $validPassword is TRUE, the login has been successful.
if ($validPassword) {
//Provide the user with a login session.
$_SESSION['user_id'] = $user['id'];
$_SESSION['logged_in'] = time();
//Redirect to our protected page, which we called home.php
header('Location: ../index.php');
exit;
} else {
//$validPassword was FALSE. Passwords do not match.
die('Incorrect username / password combination!');
}
}
}
?>
test form
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<label><b>Username</b></label>
<input type="text" placeholder="Enter Username" name="uid" required>
<label><b>Password</b></label>
<input type="password" placeholder="Enter Password" name="password" required>
<button type="submit" name="submit-login" >Login</button>
</form>
test tabel
CREATE TABLE `users` (
`id` int(11) NOT NULL,
`firstname` varchar(255) COLLATE utf8_danish_ci NOT NULL,
`lastname` varchar(255) COLLATE utf8_danish_ci NOT NULL,
`user_uid` varchar(255) COLLATE utf8_danish_ci NOT NULL,
`user_password` varchar(255) COLLATE utf8_danish_ci NOT NULL COMMENT '1234'
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_danish_ci;
INSERT INTO `users` (`id`, `firstname`, `lastname`, `user_uid`, `user_password`) VALUES
(1, 'rip', 'andemad', 'rip', '$2y$11$J1klMqKG9H4YQ1Tc.nRwROOvh7fqh0j2M3uR.LB1frNGNRwp.nmhK'),
(3, 'rap', 'and', 'rap', '$2y$11$IDHlfC86DWb9QeJF8oX8oebt7h1nFtU8EFmxuPRq5i6m5JB8r35H6'),
(4, 'rup', 'and', 'rup', '$2y$11$dR4Hh1ohiRilHKtncuhRYOIh4bxaDkEekp70KVgu1ymmNadB2Ji2y'),
(5, 'mickey', 'mouse', 'mickey', '$2y$11$3M2aXkLJdsbLhTN1pLpkvO0UtvgZ6Sy9Ohl5b8t2RCPBdxa2F8OK.'),
(7, 'bimmer', 'vildmand', 'bimmer', '$2y$11$lmBBjwPfC.QSBcENr3e8I.ryzxxvvZsSvM6ooH4O3v.7X0LYM8/GK'),
(8, 'jule', 'mand', 'jule', '$2y$11$GplmOAAdCLzzWoRTEXrzf.GqS8TvRk77eKZkr2bPN2i7LA8j3njRm');
ALTER TABLE `users`
ADD PRIMARY KEY (`id`),
ADD KEY `idx_lastname` (`lastname`);
ALTER TABLE `users`
MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=12;
log ind med feks
rap og password
1234