Simple login system with php

Question

EDIT: it's working now, thanks folks.
I created a simple login system with php, after creating some users on a MySQL. But when I try to log in, I enter a completely blank page, no matter what my input is. Here's my html...

<body>
    <div class="mainbox">
        <h3 align="center">Log In</h3>
        <hr>
        <form role="form" class="form-horizontal" method="POST" action="connectivity.php">
        <div class="form-group">
            <label for="Username">Username:</label>
            <input type="text" class="form-control" name="username" size="40" placeholder="Enter Username">
        </div>
        <div class="form-group">
            <label for="pwd">Password:</label>
            <input type="password" class="form-control" name="pass" size="40" placeholder="Enter Password">
        </div>
         <button id="Submit" type="submit" name="submit" class="btn btn-default">Submit</button>
        </form>
    </div>
</body>

and here's connectivity.php...

<?php 
define('DB_HOST', 'localhost'); 
define('DB_NAME', 'simplelogin'); 
define('DB_USER','root'); 
define('DB_PASSWORD',''); 

$con=mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or die("Failed to connect to MySQL: " . mysql_error()); 
$db=mysql_select_db(DB_NAME,$con) or die("Failed to connect to MySQL: " . mysql_error()); 

function SignIn() 
{ 
    session_start(); 
    if(!empty($_POST['username']))  
    { 
        $query = mysql_query("SELECT * FROM UserName where userName = '$_POST[username]' AND pass = '$_POST[pass]'") or die(mysql_error()); 
        $row = mysql_fetch_array($query) or die(mysql_error()); 
        if(!empty($row['userName']) AND !empty($row['pass'])) 
        { 
            $_SESSION['userName'] = $row['pass']; 
            echo "Successful login to user profile page!"; 
        } 
        else 
        { 
            echo "Sorry, You have either entered a wrong Username or a wrong password. Please retry"; 
        } 
    } 
}       
if(isset($_POST['submit'])) 
{ 
    SignIn(); 
} 
?>

The function isn't being executed, what do I do?

Answer 1

First, You should always use POST method for login functionality. POST method is safe rather than GET method. POST doesn't expose information via the URL. For more information to get knowledge the difference between GET and POST go to Link.

Second, You should avoid mysql_* methods. For information go to SO LInk.

Third, To submit a form you are using <button tag and no JS for form submit on its click event So your form will not submit. also not defined its type as submit like `type="submit". Better to use input type submit to submit the form.

Fourth, You are getting form data using POST method and in form you are using GET method So your action file is not able to get data due to method conflict So change the method in tag as method="post".

Fifth, Session should be started on the top of page.

Sixth, Better to validate the form with client side validation first then with the server side validation also should be applied.

Now, in your code:

• change <form> tag attribute as method="post".
• Use <input type="submit" name="submit" value="Submit" /> to submit the form. action file will receive data from form using elements name and you are missing that in input type="submit" name="submit"
• Remove mysql_* functions from your code and use mysqli_* for database connectivity and further usage.