Login verification in PHP

Question

I can't seem to get the user information to verify. I have a connection to the server as I can dump the info into an array, print_r and see it. Here is the code I am using. I can enter data into the form and when I hit submit, nothing happens. It clears the data out of the fields and that's it. It seems to refresh the page. No success or denial result.

Login:

function login()
{
print '<div class="container">';

print'<form class="form-horizontal"> ';
print'  <div class="control-group">';
print'    <style>margin: 100px,auto;</style>';
print "<form action=\"validation.php\" method=\"POST\" >";
print'    <label class="control-label" for="inputUsername">Username</label>';
print'    <div class="controls">';
print'      <input type="text" id="inputUsername" placeholder="Username">';
print'    </div>';
print'  </div>';
print'  <div class="control-group">';
print'    <label class="control-label" for="inputPassword">Password</label>';
print'    <div class="controls">';
print'      <input type="text" id="inputPassword" placeholder="Password">';
print'    </div>';
print'  </div>';
print'  <div class="control-group">';
print'    <div class="controls">';
print'      <label class="checkbox">';
print'        <input type="checkbox"> Remember me';
print'      </label>';
print'      <button type="submit" class="btn">Sign in</button>';
print'    </div>';
print'  </div>';
print'</form>';
print'  </div>';

}


/*** begin our session ***/
session_start();
include ('includes/common.php');
/*** check if the users is already logged in ***/
if(isset( $_SESSION['user_id'] ))
{
    $message = 'Users is already logged in';
}
/*** check that both the username, password have been submitted ***/
if(!isset( $_POST['inputUsername'], $_POST['inputPassword']))
{
    $message = 'Please enter a valid username and password';
}
/*** check the username is the correct length ***/
elseif (strlen( $_POST['inputUsername']) > 20 || strlen($_POST['inputUsername']) < 4)
{
    $message = 'Incorrect Length for Username';
}
/*** check the password is the correct length ***/
elseif (strlen( $_POST['inputPassword']) > 20 || strlen($_POST['inputPassword']) < 4)
{
    $message = 'Incorrect Length for Password';
}
/*** check the username has only alpha numeric characters ***/
elseif (ctype_alnum($_POST['inputUsername']) != true)
{
    /*** if there is no match ***/
    $message = "Username must be alpha numeric";
}
/*** check the password has only alpha numeric characters ***/
elseif (ctype_alnum($_POST['inputPassword']) != true)
{
        /*** if there is no match ***/
        $message = "Password must be alpha numeric";
}
else
{
    /*** if we are here the data is valid and we can insert it into database ***/
    $inputUsername = filter_var($_POST['inputUsername'], FILTER_SANITIZE_STRING);
    $inputPassword = filter_var($_POST['inputPassword'], FILTER_SANITIZE_STRING);

    /*** now we can encrypt the password ***/
    $inputPassword = sha1( $inputPassword );

//DB Connection



    try
    {
        $dbh=new PDO("mysql:host=$mysql_hostname;dbname=$mysql_dbname", $mysql_username, $mysql_password);
        /*** $message = a message saying we have connected ***/

        /*** set the error mode to excptions ***/
        $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

        /*** prepare the select statement ***/
        $stmt = $dbc->prepare("SELECT middleclik, inputUsername, inputPassword FROM middleclik 
                    WHERE inputUsername = :inputUsername AND inputPassword = :inputPassword");

        /*** bind the parameters ***/
        $stmt->bindParam(':inputUsername', $inputUsername, PDO::PARAM_STR);
        $stmt->bindParam(':inputPassword', $inputPassword, PDO::PARAM_STR, 40);

        /*** execute the prepared statement ***/
        $stmt->execute();

        /*** check for a result ***/
        $user_id = $stmt->fetchColumn();

        /*** if we have no result then fail boat ***/
        if($user_id == false)
        {
                print "Login Failed";
        }
        /*** if we do have a result, all is well ***/
        else
        {
                /*** set the session user_id variable ***/
                $_SESSION['user_id'] = $user_id;

                /*** tell the user we are logged in ***/
                print "You are now logged in";
        }


    }
    catch(Exception $e)
    {
        /*** if we are here, something has gone wrong with the database ***/
        $message = 'We are unable to process your request. Please try again later"';
    }

}

Answer 1

You have two forms in your outputted markup, and it looks like only one ever gets closed. You also aren't giving your inputs any names. With a quick look, I don't see anything wrong with the logic, but I could be wrong. Anyway, your output function should be printing the names:

function login()
{
print '<div class="container">';

print '<form class="form-horizontal"> ';
print '  <div class="control-group">';
print '    <style>margin: 100px,auto;</style>';
print "<form action=\"validation.php\" method=\"POST\" >";
print '    <label class="control-label" for="inputUsername">Username</label>';
print '    <div class="controls">';
print '      <input type="text" name="inputUsername" id="inputUsername" placeholder="Username">';
print '    </div>';
print '  </div>';
print '  <div class="control-group">';
print '    <label class="control-label" for="inputPassword">Password</label>';
print '    <div class="controls">';
print '      <input type="password" name="inputPassword" id="inputPassword" placeholder="Password">';
print '    </div>';
print '  </div>';
print '  <div class="control-group">';
print '    <div class="controls">';
print '      <label class="checkbox">';
print '        <input type="checkbox"> Remember me';
print '      </label>';
print '      <button type="submit" class="btn">Sign in</button>';
print '    </div>';
print '  </div>';
print '</form>';
print '  </div>';
}