banana

1. <?php
2.  
3. error_reporting(E_ALL & ~E_NOTICE); // you dont need thisssss
4. session_start();
5.  
6. if(!empty($_POST['username']) && !empty($_POST['password'])) { // $_POST['submit'] who the fuck need that, we need to know if we got the username and password
7.     include_once("connect.php"); // this file doing? db?
8.    
9.     $username = strip_tags($_POST['username']); // yeah like if someone want to break your site it will be html tags. NO
10.     $password = strip_tags($_POST['password']);
11.    
12.     // ?? your password encrypted?
13.  
14.     // ...
15.     $sql = "SELECT id, username, password FROM members WHERE username = '$username' AND activated = '1' LIMIT 1";
16.     $query = mysqli_query($dbCon, $sql);
17.    
18.    
19.     // why? - start
20.     if($query) {
21.         $row = mysqli_fetch_row($query);
22.         $userId = $row[0];
23.         $dbUsername = $row[1];
24.         $dbPassword = $row[2];
25.  
26.     }
27.  
28.     if($username == $dbUsername && $password == $dbPassword) {
29.         $_SESSION['username'] = $username;
30.         $_SESSION['id'] = $userId;
31.         $invalid = "";
32.  
33.     }else {
34.         $invalid =  "incorrect username or password";
35.     }
36.     // why? --end
37.    
38.    
39.     //look you have the username and the password, why you fetching the data of the password and then check it. why not just check it from the start ?
40.     //we have the username and password right? so:
41.     $sql = "SELECT id, username FROM members WHERE username = '$username' AND password =  '$password' AND activated = '1' LIMIT 1";
42.     $query = mysqli_query($dbCon, $sql);
43.     $invalid = ''; // can be global, because you always need him.
44.    
45.     if($query) { // yep, its the man
46.        
47.         $row = mysqli_fetch_row($query);
48.         $userId = $row[0];
49.         $dbUsername = $row[1];
50. //        $dbPassword = $row[2]; never show or use user password. (from DB)
51.        
52.         $_SESSION['username'] = $username;
53.         $_SESSION['id'] = $userId;
54.        
55.     }else { // not the man
56.         $invalid =  "incorrect username or password";
57.     }
58.  
59. }
60.  
61. ?>
62.  
63.  
64. <!DOCTYPE html>
65. <html>
66. <head>
67.     <meta charset="UTF-8">
68.     <title>Login</title>
69.     <link rel="stylesheet" href="css/style.css">
70.  
71. </head>
72.  
73. <body>
74.  
75. <div class="login-page">
76.     <div class="form">
77.         <form action="<?php echo $_SERVER['PHP_SELF']?>" class="register-form" method="post"> <?php //btw, you must have method(post or get) and action(where the logic is, here its the same page) ?>
78.             <input type="text" placeholder="שם" name="regName"/>
79.             <input type="password" placeholder="סיסמה" name="regPass"/>
80.             <button name="register">הרשם</button>
81.             <p class="message">כבר רשום <a href="#">התחבר</a></p>
82.         </form>
83.         <form class="login-form">
84.             <div><?php echo $invalid; ?></div>
85.             <input type="text" placeholder="שם משתמש" name="username">
86.             <input type="password" placeholder="סיסמה" name="password">
87.             <button name="submit">התחבר</button>
88.             <p class="message">לא רשום <a href="#">צור משתמש</a></p>
89.         </form>
90.     </div>
91. </div>
92. <script src='http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script>
93.  
94. <script src="js/index.js"></script>
95. </body>
96. </html>