PHP Login-System mit PDO

Question

Ich habe 1 Seite (index.php) mit 2 Formen, Login n Anmeldung. Alles, was ich will ist, wenn ich auf den Login-Button klicke, ich bleibe auf dieser Seite mit den Formularen gegangen! Nur index.php mit Willkommensnachricht.

Ich habe 2 Dateien: 1. index.php enthält 2 Formulare. 2. user.php (Benutzerklasse) mit 2 Funktionen, login n addNewUser.

Das ist meine Indexdatei

<?php 
    $user = new User(); 
    if (isset($_POST['login'])) { 
     $username = $_POST['username']; 
     $password = $_POST['password']; 

     $user->login($username, $password); 
    } 
    if (isset($_POST['signup'])) { 
     $username = $_POST['username']; 
     $password = $_POST['password']; 
     $email = $_POST['email']; 

     $user->add($username, $password, $email); 
    } 
?> 
<form action='' method='post' accept-charset='utf-8'> 
    <input type='text' name='username' placeholder='Username' autofocus=''> 
    <input type='password' name='password' placeholder='Password'> 
    <input type='submit' name='login' value='Login' /> 
</form> 

<form action='' method='post' accept-charset='utf-8'> 
    <input type='text' name='username' placeholder='Username'></br> 
    <input type='email' name='email' placeholder='Email'></br> 
    <input type='password' name='password' placeholder='Password'></br></br> 
    <input type='submit' name='signup' value='Sign Up' /> 
</form> 

Und das ist meine Login-Funktion in User.php

public function login($username, $password){ 
    session_start(); 
    if (!empty($username) && !empty($password)) { 
     $stmt = $this->db->prepare("SELECT * FROM user WHERE username=? and password=?"); 
     $stmt->bindParam(1, $username); 
     $stmt->bindParam(2, $password); 
     $stmt->execute(); 
     if ($stmt->rowCount() == 1) { 
      $_SESSION['login'] = true; 
      $_SESSION['username'] = $username; 
     } else { 
      echo "Wrong username or password"; 
     } 
    } else { 
     echo "Please enter username and password"; 
    } 
} 

Pls mir dies getan helfen!

Answer 1

warum setzen also nicht so etwas wie

<?php if (!$_SESSION['login']) { ?> 
    ... show forms .. 
<?php } ?> 

so die Formen zeigen nur, wenn kein Login durchgeführt wurde?

Answer 2

All dies in index.php:

<?php 
function login($username, $password){ 
    session_start(); 
    if (!empty($username) && !empty($password)) { 
     $stmt = $this->db->prepare("SELECT * FROM user WHERE username=? and password=?"); 
     $stmt->bindParam(1, $username); 
     $stmt->bindParam(2, $password); 
     $stmt->execute(); 
     if ($stmt->rowCount() == 1) { 
      $_SESSION['login'] = true; 
      $_SESSION['username'] = $username; 
     } else { 
      echo "Wrong username or password"; 
     } 
    } else { 
     echo "Please enter username and password"; 
    } 
} 

$user = new User(); 
if (isset($_POST['login'])) { 
    $username = $_POST['username']; 
    $password = $_POST['password']; 

    $user->login($username, $password); 
} 
elseif (isset($_POST['signup'])) { 
    $username = $_POST['username']; 
    $password = $_POST['password']; 
    $email = $_POST['email']; 

    $user->add($username, $password, $email); 
} 
else 
{ 
?> 
<form action='index.php' method='post' accept-charset='utf-8'> 
    <input type='text' name='username' placeholder='Username' autofocus=''> 
    <input type='password' name='password' placeholder='Password'> 
    <input type='submit' name='login' value='Login' /> 
</form> 

<form action='index.php' method='post' accept-charset='utf-8'> 
    <input type='text' name='username' placeholder='Username'></br> 
    <input type='email' name='email' placeholder='Email'></br> 
    <input type='password' name='password' placeholder='Password'></br></br> 
    <input type='submit' name='signup' value='Sign Up' /> 
</form> 
<?php 
} 
?>