[Solved] Php Login issue [closed]

Question

So many thing are wrong here

Replace

if (isset ( $_POST ['action'] ) && isset ( $_POST ['action'] ) == 'Log In') {

With

if (isset ( $_POST ['action'] ) &&  $_POST ['action'] == 'Log In') {

Too many things to replace .. hold on while i rewrite the script for you

Edit 1

if (isset ( $_POST ['action'] ) && $_POST ['action'] == 'Log In') {
    $uname = prepareStr ( $_POST ['uname'] );
    $pass = prepareStr ( $_POST ['pass'] );
    $shaPass = hash ( 'sha512', $pass );
    $errors = array ();

    include_once ("toplevel/content/manage/dbcon/dbcon.php");

    if (! isset ( $uname ) || empty ( $uname )) {
        $err [] = "Empty Username not allowed";
    }

    if (! isset ( $pass ) || empty ( $pass )) {
        $err [] = "Empty Password not allowed";
    }

    if (count ( $err ) == 0) {
        $mysqli = new mysqli ( "localhost", "root", "", "test" ); // Replace with
                                                                  // DB
                                                                  // Information
        $result = "SELECT uname ,pass FROM members WHERE uname="$uname" AND pass="$shaPass"";

        if ($result->num_rows > 0) {
            $err [] = "Invalid username or Password";
        }

        if (count ( $err ) == 0 && $result) {
            $userInfo = $result->fetch_assoc ();
        /**
         * You can do what every you like here
         */
        }
    }

    if (count ( $err ) > 0) {
        /**
         * Kill the user
         */

        echo "<pre>";

        foreach ( $err as $value ) {
            echo $value . "\n";
        }
        die ( "Die! Die! Die!" );
    }

}

function prepareStr($str) {
    $str = htmlspecialchars ( $str );
    $str = trim ( $str );
    $str = mysql_real_escape_string ( $str );

    return $str;
}

Thanks

Accepted Answer

So many thing are wrong here

Replace

if (isset ( $_POST ['action'] ) && isset ( $_POST ['action'] ) == 'Log In') {

With

if (isset ( $_POST ['action'] ) &&  $_POST ['action'] == 'Log In') {

Too many things to replace .. hold on while i rewrite the script for you

Edit 1

if (isset ( $_POST ['action'] ) && $_POST ['action'] == 'Log In') {
    $uname = prepareStr ( $_POST ['uname'] );
    $pass = prepareStr ( $_POST ['pass'] );
    $shaPass = hash ( 'sha512', $pass );
    $errors = array ();

    include_once ("toplevel/content/manage/dbcon/dbcon.php");

    if (! isset ( $uname ) || empty ( $uname )) {
        $err [] = "Empty Username not allowed";
    }

    if (! isset ( $pass ) || empty ( $pass )) {
        $err [] = "Empty Password not allowed";
    }

    if (count ( $err ) == 0) {
        $mysqli = new mysqli ( "localhost", "root", "", "test" ); // Replace with
                                                                  // DB
                                                                  // Information
        $result = "SELECT uname ,pass FROM members WHERE uname="$uname" AND pass="$shaPass"";

        if ($result->num_rows > 0) {
            $err [] = "Invalid username or Password";
        }

        if (count ( $err ) == 0 && $result) {
            $userInfo = $result->fetch_assoc ();
        /**
         * You can do what every you like here
         */
        }
    }

    if (count ( $err ) > 0) {
        /**
         * Kill the user
         */

        echo "<pre>";

        foreach ( $err as $value ) {
            echo $value . "\n";
        }
        die ( "Die! Die! Die!" );
    }

}

function prepareStr($str) {
    $str = htmlspecialchars ( $str );
    $str = trim ( $str );
    $str = mysql_real_escape_string ( $str );

    return $str;
}

Thanks