PHP mysql loginreturns Email not found error even though it's in the database

Question

I get this error when i try to login

however the login email and password is already in the MySql database and they have been entered correctly. I am trying to make a website to calculate the odds of winning different types of gambling games and I am going to store the data on the database for each individual user so that they can view it later. Thanks

login.php

<?php 
include('header.html');
if (isset($errors)&& !empty($errors))
{
    echo ' <p id="err_msg">Oops! there was a problem:<br>';
    foreach ($errors as $msg )
    {
        echo " - $msg <br>";
    }
    echo 'Please try again or register <a href="register.php">here</a></p>';
}

?>
<form action="login_action.php" method="POST">
<dl>
<dt>Email   :     <input type="text" name="email"><dd>
<dt>Password: <input type="password" name="pass"><dd>
</dl>
<button type="submit">Login</button>
</form>

register.php

<?php
$page_title = 'GambCalc - Register';
include('header.html');
if ( $_SERVER['REQUEST_METHOD']=='POST')
{
    require ('db_connection.php');
    $errors = array();

    if (empty($_POST['email']))
    {$errors[] = 'Enter your first name.' ; }
    else 
    {$e = mysqli_real_escape_string($dbc,trim($_POST['email']));}

    if (empty($_POST['pass']))
    {$errors[] = 'Enter your password.' ; }
    else 
    {$p = mysqli_real_escape_string($dbc,trim($_POST['pass']));}

    if (empty($errors))
    {
        $q = "SELECT user_id FROM users WHERE email='$e'";
        $r = mysqli_query($dbc,$q);
        if (mysqli_num_rows($r) != 0)
         $errors[] = 'Email address already registered. <a href="login.php">Login</a>';
    }

    if (empty($errors))
    {
        $q = "INSERT INTO users (email, pass) VALUES ('$e',SHA1('$p'))";
        $r = mysqli_query($dbc,$q);

        if($r)
        {
            echo '<h1>Registered!</h1> 
            <p><a href="login.php">Login</a></p>';
        }

        mysqli_close($dbc);
        exit();    

    }

    else
    {
        echo '<h1>Error!</h1>
        <p id="err_msg">The folloiwng error(s) occurred:<br>';
        foreach($errors as $msg )
        {
            echo " - $msg<br>";

        }
        echo 'Please try again </p>';
        mysqli_close($dbc);

    }

}
?>

<h1>Register</h1>
<form action="register.php" method="POST">
<p>
Email address : <input type="text" name="email"
value="<?php if ( isset($_POST['email']))
    echo $_POST['email'];?>">
</p>
<p>Password : <input type="password" name="pass" value="<?php if(isset($_POST['pass'])) echo $_POST['pass'];?>"></p>
<p><input type="submit" value="Register"></p>
</form>

login_tools.php

    <?php # LOGIN HELPER FUNCTIONS.

# Function to load specified or default URL.
function load( $page = 'login.php' )
{
  # Begin URL with protocol, domain, and current directory.
  $url = 'http://' . $_SERVER[ 'HTTP_HOST' ] . dirname( $_SERVER[ 'PHP_SELF' ] ) ;

  # Remove trailing slashes then append page name to URL.
  $url = rtrim( $url, '/\\' ) ;
  $url .= '/' . $page ;

  # Execute redirect then quit. 
  header( "Location: $url" ) ; 
  exit() ;
}

# Function to check email address and password. 
function validate( $dbc, $email = '', $pwd = '')
{
  # Initialize errors array.
  $errors = array() ; 

  # Check email field.
  if ( empty( $email ) ) 
  { $errors[] = 'Enter your email address.' ; } 
  else  { $e = mysqli_real_escape_string( $dbc, trim( $email ) ) ; }

  # Check password field.
  if ( empty( $pwd ) ) 
  { $errors[] = 'Enter your password.' ; } 
  else { $p = mysqli_real_escape_string( $dbc, trim( $pwd ) ) ; }

  # On success retrieve user_id, first_name, and last name from 'users' database.
  if ( empty( $errors ) ) 
  {
    $q = "SELECT user_id FROM users WHERE email='$e' AND pass=SHA1('$p')" ;  
    $r = mysqli_query ( $dbc, $q ) ;
    if ( mysqli_num_rows( $r ) == 1 ) 
    {
      $row = mysqli_fetch_array ( $r, MYSQLI_ASSOC ) ;
      return array( true, $row ) ; 
    }
    # Or on failure set error message.
    else { $errors[] = 'Email address and password not found.' ; }
  }
  # On failure retrieve error message/s.
  return array( false, $errors ) ; 
}

login_action.php

if ( $_SERVER[ 'REQUEST_METHOD' ] == 'POST' )
{
  require ( 'db_connection.php' ) ;
  require ( 'login_tools.php' ) ;
  list ( $check, $data ) = validate ( $dbc, $_POST[ 'email' ], $_POST[ 'pass' ] ) ;
  if ( $check )  
  {
    session_start();
    $_SESSION[ 'user_id' ] = $data[ 'user_id' ] ;
    load('home.php');
  }
  else { $errors = $data; } 
  mysqli_close( $dbc ) ; 
}
include ( 'login.php' ) ;
?>

Answer 1

Because in your query, it filtered the email with '$e' values. I think you should change it into something like this...

$q = "SELECT user_id FROM users WHERE email='".$e."'";

for checking, you can use var_dump or print_r

You should also update your other queries with the same format.

$q = "INSERT INTO users (email, pass) VALUES ('".$e."',SHA1('".$p."'))";

Answer 2

将您的查询更改为$q = "SELECT user_id FROM users WHERE email='".$e."'";