PHP login script not “doing anything”

Question

I've recently started resuming my "hobby" of web development and returned to PHP. I've managed to get ahead pretty far even though I still feel like my (previously non existent) skills are a bit rusty. I've looked at this code for quite a while and cannot figure out why this isn't working. This code used to work so I'm pretty sure I must have deleted something or I am not noticing something important.

Either way this is my current PHP code The result is that when I login, I stay on the same page and it basically seems like nothing happens. Except the page just refreshes:

function login($db){ 
if(!isset($_SESSION['user']) || !isset($_SESSION['user']['username'])){
    echo "
        <form  method='post' class='logform'>
            <input type='text' class='textlog' placeholder='Username' name='formLoginUser' id='formLoginUser' onkeypress='validateboth(event)' REQUIRED><br><br>
            <input type='password' class='textlog' placeholder='Password' id='formLoginPassword' name='formLoginPassword' REQUIRED><br><br>
            <div class='logcheck'>
                <input type='submit' class='login_bot transparent' value='Login' name='formLoginSubmit' style='float:left;'>
                <a class='login_bot transparent' href='index.php?page=createuser' style='float:left; margin-left:5px;'>Create account</a>
                <a class='login_bot transparent' href='index.php?page=forgotpassword' style='float:left; margin-left:5px;'>Forgotten password</a>
            </div>
        </form>
    ";
    if(isset($_POST['formLoginSubmit'])){
        if(empty($_POST['formLoginUser'])){
            $_SESSION['msg']['warning'][] = "Fill in!!"; 
        if(empty($_POST['formLoginPassword'])){
            $_SESSION['msg']['warning'][] = "Password missing!!"; 
        }
        if(empty($_SESSION['msg']['warning'])){
            $username = $db->real_escape_string($_POST['formLoginUser']);
            $password = encrypt(md5($_POST['formLoginPassword']));
            $sql = "select * from users
                                    where 
                                        username = '{$username}' 
                                    and 
                                        password = '{$password}'
                                    ";
            $sqlQuery = $db->query($sql) or die($db->error);
            $intQuery = $sqlQuery->num_rows;
            if($intQuery == true){
                $sqlFetch = $sqlQuery->fetch_object();
                $_SESSION['user']['username'] = $sqlFetch->username;
                $_SESSION['user']['id'] = $sqlFetch->user_id;
                $_SESSION['user']['level'] = $sqlFetch->user_level;
                header('location: index.php?page=home');
                $_SESSION['msg']['warning'][] = "logged in";
            }
        }else{
            header('location: index.php?page=home');
            $_SESSION['msg']['warning'][] = "wrong details";

        }
    }
}

}
}

I know it's not a problem with the DB, I can successfully register an account and have it appear in the DB.

Edit: Yes, I am redirecting to the same page how ever - on that page I'm calling a function to display a message depending on whether the login was successful or not. The point is, I'm not logged in at all.

The function to call the login is:

<div id="login-content">
    <?php login($db); ?>
    </div>      

Answer 1

change if($intQuery == true) with if($intQuery >0) because num_rows returns integer as name of the function defines it. also your query is vulnerable to sql injection and real_escape_string is not secure method for escaping injection. there is a good article here for preventing sql injection.

Tip: you can jump in an out of your php code with ?><?php and type your desired html in between to prevent wired bugs and have a clear code.