LightestDev's login system

1.  <?php
2.  ini_set('display_errors', 1);
3.  ini_set('display_startup_errors', 1);
4.  error_reporting(E_ALL);
5.  
6.  include('includes/functions.php');
7.  if(isset($_POST['login'])) {
8.  
9.   //create variables
10.   //wrap the data with our function
11.   $formUser = validateFormData($_POST['username']);
12.   $formPass = validateFormData($_POST['password']);
13.  
14.   // connect to database
15.   include('includes/connection.php');
16.  
17.   //create SQL query
18.   $query = "SELECT username, email, password FROM users WHERE username='$formUser'";
19.  
20.   // store the result
21.   $result = mysqli_query($conn, $query);
22.  
23.   // verify if result is returned
24.   if (mysqli_num_rows($result) > 0 ) {
25.     // store basic user data in variables
26.     while ($row = mysqli_fetch_assoc($result)) {
27.       $user = $row["username"];
28.       $email = $row["email"];
29.       $hashedPass = $row["password"];
30.   }
31.  
32.   // verify hashed password with the typed password
33.   if (password_verify($formPass, $hashedPass)) {
34.  
35.     // correct login details!
36.     // start the Session
37.     session_start();
38.  
39.     //store data in session variables
40.     $_SESSION['loggedInUser'] = $user;
41.     $_SESSION['loggedInEmail'] = $email;
42.  
43.     //Even though there aren't any errors, we're gonna initialize the variable
44.     $loginError = "";
45.  
46.     header("Location: checker.php");
47.   } else {
48.     // error message
49.     $loginError = "<div class='alert alert-danger'>Please check your username or password.</div>";
50.   }
51.  
52.   }else {
53.     // there are no results in database
54.     $loginError = "<div class='alert alert-danger'>No user in the database. <a class='close' data-dismiss='alert'>&times</a></div>";
55.   }
56.  
57.   // close mysql connection
58.   mysqli_close($conn);
59.  
60.  }
61.  
62.  ?>
63.  
64.  
65.  <!DOCTYPE html>
66.  <html lang="en">
67.  <head>
68.    <title>Login</title>
69.    <meta charset="utf-8">
70.    <meta name="viewport" content="width=device-width, initial-scale=1">
71.    <link rel="stylesheet" href="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
72.    <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"></script>
73.    <script src="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
74.  </head>
75.  <body>
76.  
77.  <div class="container">
78.    <h1>Login</h1>
79.    <p class="lead">Log in to your account!</p>
80.  
81.    <?php echo $loginError ?>
82.  
83.    <form class="" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF'] ); ?>" method="post">
84.  <div class="form-group">
85.      <label>* Username</label>
86.      <input type="text" name="username" value="Username" class="form-control" id="login-username" placeholder="username">
87.  </div>
88.  <div class="form-group">
89.      <label>* Password</label>
90.      <input type="password" name="password" value="Password" class="form-control" id="login-password" placeholder="password">
91.  </div>
92.  <button type="submit" class="btn btn-default" name="login">Login</button>
93.  </form>
94.  </div>
95.  
96.  </body>
97.  </html>