I am trying to right a simple login script. When I execute the "checklogin.php" script (upon being called by the login form) - nothing happens. I stay on index.php, and I still see the form (which should have been removed by some jquery). If I open firebug I see this:
POST http://localhost/~Eamon/checklogin.php 200 OK 2ms jquery.js (line 8724)
GET http://localhost/~Eamon/templates/login_success.php 302 Found 1ms jquery.js (line 8724)
GET http://localhost/~Eamon/index.php 200 OK 1ms
GET http://localhost/~Eamon/reqscripts/jquery.js?_=1371173056318 200 OK 1ms jquery.js (line 8724)
GET http://localhost/~Eamon/js/application.js?_=1371173056319 200 OK 0
There aren't any errors - but I'm wondering if all those "GET" requests are correct. Should any of them be "POST"?
Here is my code:
index.php
<!DOCTYPE html>
<html>
<head>
<title>it IT</title>
<script src="reqscripts/jquery.js"></script>
<script src="js/application.js"></script>
</head>
<body>
<form id="login" method="post" action="checklogin.php">
<h1>Member Login</h1>
<p>Username:<input name="myusername" type="text" id="myusername"></p>
<p>Password:<input name="mypassword" type="password" id="mypassword"></p>
<input type="submit" name="Submit" value="Login">
</form>
</body>
</html>
checklogin.php
<?php
session_start();
$host="localhost"; // Host name
$username="root"; // Mysql username
$password="bonjour3"; // Mysql password
$db_name="itit"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select databse.
$mysqli = new mysqli("$host", "$username", "$password", "$db_name")or die("cannot connect");
// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$sql = $mysqli->prepare("SELECT * FROM $tbl_name WHERE username=? and password=?");
$sql->bind_param('ss',$myusername,$mypassword);
$sql->execute();
$sql->store_result();//apply to prepare statement
$numRows = $sql->num_rows;
if($numRows === 1){
$_SESSION['username'] = $myusername;
}
else {
echo "Wrong Username or Password";
}
session_destroy();
?>
js/application.js
$(document).ready(function() {
$("#login").submit(function(e) {
e.preventDefault();
$.post("checklogin.php", $(this).serialize(), function(){
$("#showuser").load("templates/login_success.php");
$("#login").remove();
});
});
});
templates/login_success.php
<?php
session_start();
if($_SESSION['username'] === null){
header("location: ../index.php");
}
?>
<!DOCTYPE html>
<html>
<body>
<h1>Login Successful</h1>
<h2>Username: <? echo $_SESSION['username']?></h2>
<a href = "logout.php">Log out</a>
</body>
</html>
UPDATE
Here is the source code from after an attempted log in. I will try to show why I think that $_SESSION['username'] is never being set (but why?)
<!DOCTYPE html>
<html>
<head>
<body>
<div id="showuser">
<title>it IT</title>
<script src="reqscripts/jquery.js">
<script src="js/application.js">
<form id="login" action="checklogin.php" method="post">
<h1>Member Login</h1>
<p>
Username: <input id="myusername" type="text" name="myusername">
</p>
<p>
Password: <input id="mypassword" type="password" name="mypassword">
</p>
<input type="submit" value="Login" name="Submit">
</form>
<form id="register" action="checkreglogin.php" method="post">
<h1>Member Registration</h1>
<p>
Username: <input id="rmyusername" type="text" name="rmyusername">
</p>
<p>
Password: <input id="rmypassword" type="password" name="rmypassword">
</p>
<p>
Email: <input id="myemail" type="text" name="myemail">
</p>
<input type="submit" value="Register" name="Submit">
</form>
<div id="showuser"></div>
</div>
</body>
</html>
Notice how the entire page is in the division...but there is also and empty "showuser" div at the bottom. This confuses me. I think that, when checklogin.php is called by the form - something goes wrong, and the user never gets saved in $_SESSION['username']. Therefore...when login_success.php gets called - $_SESSION['username'] is set to null...and index.php (all of it) loads on $.post request...because that is what would happen when $_SESSION['username'] is null according to login_success.php. Essentially...login_success.php becomes index.php somewhere along the way. Enlighten me!