Please download the files here:DOWNLOAD
The login.php file contains the changes.
And here is the explanation:
First, you where checking if $_POST was set. It is better to do $_SERVER['REQUEST_METHOD'] == 'POST'
Next, you did not have all of your code for processing on post inside of that conditional. That was just a simple mistake and it resulted in a couple warnings if your PHP is set up to display warnings. I fixed that for you.
If you are running queries with passed-in data from a form, you should use prepared statements, as it automatically escapes the data. You were doing this one one of the queries but not the others.
If you look at the new code line by line, you can easily see what is being done. Your code was almost there and pretty good, so you obviously have a good understanding of this stuff.
First, we run a query to look for a password XXXXX on the entered username.
That is on line 21. We set the returned password XXXXX the $result variable. If the passed-in password XXXXX the form is equal to the result, then we redirect the user to the todo page and exit. If you do not exit, the page will technically continue to be processed by the server even after it has redirected the user. So it is best practice to always exit after a header redirect. You were having a link display for the user to click and go to the todo page after successful log in. However, you can simply redirect the user to the todo page, as I have done here.
Next, if the password XXXXX not match but there IS a password XXXXX then the user typed in a username that exists in the database but the incorrect password. The page sets a variable for a user message to tell the user that it is the Incorrect Login. This is displayed on the page.
Then there is another else... this time it means that $result is empty. That means that the user name does not exist in the database. So it goes ahead and inserts it in the exact same way that your code was doing. But now, it also creates a message to let the user know that a new user has been created and is displayed on the page.
I think that covers everything that is going on in the script. If you have any questions at all about any of the code, just let me know and I will explain it. I'm here to help!
If you require assistance in the future, please feel free to request me directly by starting your question with **For TheDoctor**.
Please remember to rate my answer. Thank you so much and have a wonderful day!