Why isn't this PHP Login form working?

Question

I am trying to create a login form, however it is not working.

here is the code of the login.php file

<?php
session_start();
if(isset($_SESSION['user'])) {
    header('location: index.php');
}
?>
<html>
<head>
    <title>Basic CMS - Login Area</title>
</head>
<body>
<form action="dologin.php" method="post">
    <table>
        <tr>
            <td><span>Username:</span></td>
            <td><input type="text" name="username" /></td>
        </tr>
        <tr>
            <td><span>Password:</span></td>
            <td><input type="password" name="password" /></td>
        </tr>
        <?php
        if (isset($message)) {
        echo "<tr><td colspan='2'>" . $message . "</td></tr>";
        }
        ?>
        <tr>
            <td colspan="2" align='right'><input type="submit" name="login" 
 value="login" /></td>
        </tr>
    </table>
</form>
</body>
</html>

And here is the code of the dologin.php file

<?php
include('includes/functions.php');
session_start();

if (isset($_POST['login'])) {
    if (isset($_POST['username']) {
        if (isset($_POST['password'])) {
            $username = $_POST['username'];
            $query = mysql_query("SELECT * FROM users WHERE Username = '$username'") or die(mysql_error());
            $user = mysql_fetch_array($query);

            if (md5($_POST['password']) == $user['Password'] {
                $message = "Login succesful";
                $_SESSION['user'] = $user['Username'];
                header('location: index.php');
            }
            else {
                $message = "Please check your login details";
                include('login.php');
            }
        }
        else {
            $message =  "Please check your password!";
                include('login.php');
        }
    }
    else {
        $message =  "Please check your username!";
                include('login.php');
    }
}
else {
    $message =  "Please check that you filled out the login form!";
                include('login.php');
}

?>

When I submit the form on login.php it redirects to dologin.php however then nothing shows up there, no error or the form itself. Just a blank page, doesn't matter what I fill in in the form.

Please help is appeciated.

Answer 1

You also have an error here:

if (md5($_POST['password']) == $user['Password'] {

you are missing a closing bracket. It should be like this:

if (md5($_POST['password']) == $user['Password']) {

Answer 2

Well you didn't close your brackets properly on this line for a start:

if (isset($_POST['username']) {

In future, please check your error logs before posting questions here. Or better still, put error_reporting(E_ALL); at the top of all your scripts until you're satisfied they're working properly.

And just to reiterate @Quentin's comment — you absolutely should not be using the old mysql commands any more, and putting user-supplied data straight into your database queries is really asking for trouble.

Answer 3

You need to either close php tags or echo that. Here is one example:

<?php
if (isset($message)) {
    echo '<tr><td colspan="2">'. $message .'</td></tr>';
}
?>