Trying to create a small forum by following a tutorial

Question

If anyone would be able to point me in the right direction it would make my day!

I'm trying to create a forum by following this tutorial: "https://code.tutsplus.com/tutorials/how-to-create-a-phpmysql-powered-forum-from-scratch--net-10188".

I've created the pages with some modifications but the problem I'm getting is at the sign-in, first of all when I add the connect.php page to the sign-in page, the code doesn't echo the form, it's blank. Also when I don't use the connect page, the error messages get printed out at the start when I would like them to come after hitting submit.

I have managed to get a connection to my database and get out data with other code, but I can't seem to get this working.

<?php
session_start();

//signin.php
include 'forumHeader.php';
include 'connect.php';
echo '<h3>Sign in</h3>';



if(isset($_SESSION['signed_in']) && $_SESSION['signed_in'] == true)
{
    echo 'You are already signed in, you can <a href="forumSignout.php">sign out</a> if you want.</br></br>';
    echo 'Welcome, ' . $_SESSION['user_name'] . '. <a href="forumIndex.php">Proceed to the forum overview</a>.';

}

else
{




  if($_SERVER['REQUEST_METHOD'] != 'POST')
  {
      /*the form hasn't been posted yet, display it
        note that the action="" will cause the form to post to the same page it is on */
      echo '<form method="post" action="">
          Username: <input type="text" name="user_name" />
          Password: <input type="password" name="user_pass"/>
          <input type="submit" value="Sign in" />
       </form>';
  }
    /* so, the form has been posted, we'll process the data in three steps:
        1.  Check the data
        2.  Let the user refill the wrong fields (if necessary)
        3.  Varify if the data is correct and return the correct response
    */
    $errors = array(); /* declare the array for later use */


    if(!isset($_POST['user_name'])) //NOT + FALSE + POST FROM INPUT  //ISSET RETURNS FALSE WHEN CHECKING THAT HAS BEEN ASSIGNED TO NULL
    {
        $errors[] = 'The username field must not be empty.';
    }

    if(!isset($_POST['user_pass']))
    {
        $errors[] = 'The password field must not be empty.';
    }

    if(!empty($errors)) /*check for an empty array, if there are errors, they're in this array (note the ! operator)*/ //Detta betyder, om ERRORS INTE är TOM
    {
        echo 'Uh-oh.. a couple of fields are not filled in correctly..';
        echo '<ul>';
        foreach($errors as $key => $value) /* walk through the array so all the errors get displayed */
        {
            echo '<li>' . $value . '</li>'; /* this generates a nice error list */
        }
        echo '</ul>';


    }



    else
    {
        //the form has been posted without errors, so save it
        //notice the use of mysql_real_escape_string, keep everything safe!
        //also notice the sha1 function which hashes the password
        $sql = "SELECT
                    user_id,
                    user_name,
                    user_level
                FROM
                    forum_Users
                WHERE
                    user_name = '" . mysql_real_escape_string($_POST['user_name']) . "'
                AND
                    user_pass = '" . sha1($_POST['user_pass']) . "'";

        $result = mysql_query($sql);
        if(!$result)
        {
            //something went wrong, display the error
            echo 'Something went wrong while signing in. Please try again later.';
            //echo mysql_error(); //debugging purposes, uncomment when needed
        }
        else
        {
            //the query was successfully executed, there are 2 possibilities
            //1. the query returned data, the user can be signed in
            //2. the query returned an empty result set, the credentials were wrong
            if(mysql_num_rows($result) == 0)
            {
                echo 'You have supplied a wrong user/password combination. Please try again.';
            }
            else
            {
                //set the $_SESSION['signed_in'] variable to TRUE
                $_SESSION['signed_in'] = true;

                //we also put the user_id and user_name values in the $_SESSION, so we can use it at various pages
                while($row = mysql_fetch_assoc($result))
                {
                    $_SESSION['user_id']    = $row['user_id'];
                    $_SESSION['user_name']  = $row['user_name'];
                    $_SESSION['user_level'] = $row['user_level'];
                }

                echo 'Welcome, ' . $_SESSION['user_name'] . '. <a href="forumIndex.php">Proceed to the forum overview</a>.';
            }
        }
    }
}


include 'forumFooter.php';
?>

This is pretty much the code I use for the sign-in page. The code I have at the connect.php page is:

<?php
//connect.php


$server = 'server';
$username   = 'user';
$password   = 'pass';
$database   = 'database';

if(!mysql_connect($server, $username, $password))
{
    exit('Error: could not establish database connection');
}
if(!mysql_select_db($database)
{
    exit('Error: could not select the database');
}

?>

Answer 1

Where you are echoing out the form you should be elseing into the form being processed if there is $_POST, atm you are going to it whether there is $_POST or not and trying to process empty $_POSTs will throw errors.

Side note: set your error reporting to all using this method error_reporting(E_ALL), that will let you know whats going wrong in future, it is normally set where you set session_start()