PHP MySQL sign in form not working

Question

I'm trying to sign users in. I've already made the sign up form, And the database is properly connected. It keeps on skipping over the first IF statements and going to straight to the "something went wrong error". Does anybody know why it's not working?

<?php  
$pageTitle = "Sign In";

$pageCategory = "Sign In";
$pageCategoryurl = "/signin.php";


//signup.php   

include($_SERVER["DOCUMENT_ROOT"] . "/inc/header.php"); 
include($_SERVER["DOCUMENT_ROOT"] . "/inc/search.php");
?>
<div class="content">

<div id="signinheader"><h2>Sign in</h2></div><div style="clear:both"></div> 

<?php
if(isset($_SESSION['signed_in']) && $_SESSION['signed_in'] == true)  
{  
    echo 'You are already signed in, you can <a href="signout.php">sign out</a> if you     want.';  
}
else
{  
    if($_SERVER['REQUEST_METHOD'] != 'POST')  
    {  
        /*the form hasn't been posted yet, display it 
          note that the action="" will cause the form to post to the same page it is on */  
        echo '<form method="post" action="">  
            <table>
            <tr>
                <th><label for="username" class="signinlabel">Username:</label></th>
                <td><input type="text" name="username" class="signininput"></td>
            </tr>

            <tr>  
            <th><label for="userpass" class="signinlabel">Password:</label></th>
                <td><input type="password" name="userpass" class="signininput"></td>
            </tr> 
            </table>
            <input type="submit" value="Sign In" class="signinbutton">  
         </form>'; 
    } 
    else 
    { 
       /* so, the form has been posted, we'll process the data in three steps:  
            1.  Check the data  
            2.  Let the user refill the wrong fields (if necessary)  
            3.  Save the data   
       */   
       $errors = array(); /* declare the array for later use */  


       if(!isset($_POST['username']) OR empty($_POST['username']))  
      {  
         $errors[] = 'The username field must not be empty.';  
      }  

       if(!isset($_POST['userpass']) OR empty($_POST['userpass']))  
      {  
     $errors[] = 'The password field must not be empty.';  
  }   

   if(!empty($errors)) /*check for an empty array, if there are errors, they're in this array (note the ! operator)*/  
   {  
        echo '<div id="signinerror"><h3>Uh-oh.. a couple of fields are not filled in correctly..</h3>'; 
        echo '<ul>'; 
        foreach($errors as $key => $value) /* walk through the array so all the errors get displayed */ 
        { 
            echo '<li class="signinerrorli">' . $value . '</li>'; /* this generates a nice error list */ 
        } 
        echo '</ul></div><div style="clear:both"></div>'; 
   } 
   else 
   { 
      //the form has been posted without, so save it 
      //notice the use of mysql_real_escape_string, keep everything safe! 
      //also notice the sha1 function which hashes the password 
      $username = $_POST['username'];
     $userpass = sha1($_POST['userpass']);

      $result = mysqli_query($con,"SELECT * FROM users 
        WHERE username = '$username' AND userpass = '$userpass");


      if(!$result)  
      {  
            //something went wrong, display the error  
            echo 'Something went wrong while signing in. Please try again later.'; 
            //echo mysqli_error(); //debugging purposes, uncomment when needed 
      } 
      else 
     { 
        //the query was successfully executed, there are 2 possibilities 
        //1. the query returned data, the user can be signed in 
        //2. the query returned an empty result set, the credentials were wrong 
        if(mysqli_num_rows($result) == 0) 
        { 
                echo 'You have supplied a wrong user/password combination. Please try again.'; 
        } 
        else 
        { 
           $_SESSION['signed_in'] = true; 

           //we also put the user_id and user_name values in the $_SESSION, so we can use it at various pages 
           while($row = mysqli_fetch_assoc($result)) 
           { 
              $_SESSION['user_id']   = $row['user_id']; 
              $_SESSION['username']  = $row['username']; 
              $_SESSION['useremail'] = $row['useremail']; 
           } 

           echo 'Welcome, ' . $_SESSION['username'] . '. <a href="/home.php">Proceed to the homepage</a>.'; 
             } 
          }   
   } 
} 
}

?>
</div> 
<?php
include($_SERVER["DOCUMENT_ROOT"] . "/inc/footer.php");
?> 

Answer 1

Your error is on your query:

$result = mysqli_query($con,"SELECT * FROM users 
    WHERE username = '$username' AND userpass = '$userpass");

You miss a quote at the end.

$result = mysqli_query($con,"SELECT * FROM users 
    WHERE username = '$username' AND userpass = '$userpass' ");
                                                          ^here

Answer 2

Your query to the database is resulting in some sort of database failure, as !$result, as you have it, will only resolve to true when $result is false. In your case, $result would only be false if something went wrong with the query.

The answer? You have a syntax error:

You have this:

$result = mysqli_query($con,"SELECT * FROM users 
        WHERE username = '$username' AND userpass = '$userpass");

Where it should be this

$result = mysqli_query($con,"SELECT * FROM users 
        WHERE username = '$username' AND userpass = '$userpass'");

Do you see it? You were missing that last ' :)

I like to call these "missing semicolon" errors, because they're impossible to find, drive you crazy, and are so simple to fix that it makes you feel dumb.