ログインできません。以下のコードで何が間違っていますか？

Question

ウェブからテンプレートを入手し、データベースに従って編集しました。私はxamppを使ってこれをテストしています。私はregister.phpに登録できますが、ログインすることはできません。私はlogin.phpのコードに何か間違っていると思います。誰かが問題を指摘できますか？ ありがとうございます。

register.php

<?php 

require('config.php'); 
$error=""; 

if (isset($_POST['submit'])=="Sign up") { 
    if(!$_POST['name']) $error.="<br/>Please enter your name"; 
if (!$_POST['email']) $error.="<br/>Please enter your email"; 
else if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) $error.=" <br/>Please enter a valid email address" ; 
if (!$_POST['password']) $error.="<br/>Please enter your password"; 
    else{ 
if(strlen($_POST['password'])<8) $error.= "<br/>Please enter a password with atleast 8 charachters"; 
if (!preg_match('`[A-Z]`', $_POST["password"])) $error.="<br/>Please include atleast one capital letter in your password"; 
     } 
if ($error) echo "There were error(s) in your signup details:" .$error; 
else{ 
$query= "SELECT * FROM `members` WHERE email='".mysqli_real_escape_string($link,$_POST['email'])."'"; 
    $match= mysqli_query($link,$query); 
    $results= mysqli_num_rows($match); 
    if ($results) echo "That email address is already registered. Do you want to log in ?"; 
    else { 
    $name = mysqli_real_escape_string($link,$_POST['name']); 
    $email = mysqli_real_escape_string($link,$_POST['email']); 
    $password = password_hash($_POST['password'],PASSWORD_DEFAULT); 

    $query= "INSERT INTO `members`(name,email,password)  VALUES('$name','$email','".$password."')"; 
    $result = mysqli_query($link,$query); 
      if($result){ 
    echo "<div class='form'> 
<h3>You are registered successfully.</h3> 
<br/>Click here to <a href='login.php'>Login</a></div>"; 
    } 



     } 
    } 
} 



else{ 

?> 

<form method="post"> 
<h1>Registration</h1><br> 
<label for="name">Name</label> 
<input type="text" name="name" /><br> 
<label for="email">Email</label> 
<input type="email" name="email" id="email" /><br> 
<label for="password">Password</label> 
<input type="password" name="password" /><br> 
<input type="submit" name="submit" value="Sign up" /><br> 


</form> 

<?php } ?> 

login.php

<?php 


require("config.php"); 

session_start(); 

if (isset($_POST['submit'])=="Login"){ 
    $name = mysqli_real_escape_string($link,$_POST['name']); 
    $password = password_hash($_POST['password'],PASSWORD_DEFAULT); 

$query= "SELECT * FROM `members` WHERE name='$name' AND password='".$password."'"; 

$result= mysqli_query($link,$query) or die(mysql_error()); 
$rows = mysqli_num_rows($result); 
    if ($row = mysqli_fetch_array($result)) { 
    $_SESSION['id'] = $row['id']; 
    $_SESSION['name'] = $row['name']; 

    header("Location: profile.php"); 
     }else{ 
echo "<div class='form'> 
<h3>Username/password is incorrect.</h3> 
<br/>Click here to <a href='login.php'>Login</a></div>"; 
} 


} 
else{ 
?> 
<form method="post"> 
<label for="name">Name</label> 
<input type="name" name="name" /><br> 
<label for="password">Password</label> 
<input type="password" name="password" /><br> 
<input type="submit" name="submit" value="Login" /> 
</form> 
<p>Not registered yet? <a href='register.php'>Register Here</a></p> 
<?php } ?> 

UPDATE

<?php 
session_start(); 

require("config.php"); 


if (isset($_POST['submit'])){ 
    print_r($_POST); 
    $name  = mysqli_real_escape_string($link,$_POST['name']); 
    $password = md5($_POST['password']); 
    echo $password; 
    echo $name; 
    $query  = "SELECT * FROM members WHERE name='shohan' AND password='f50db83c94e1e725476295c6ee97d4b8'";  
    $result  = mysqli_query($link, $query) or die(mysqli_error($link)) ; 
    $rows  = mysqli_num_rows($result); 
    echo($rows); 

    if ($rows) {     
     while ($row = mysqli_fetch_row($result)){ 
      $_SESSION['id']  = $row['id']; 
      $_SESSION['name'] = $row['name']; 
      mysqli_free_result($result); 
      break; 
     }   
     header("Location: profile.php"); 
     exit; 
    }else{ 
     echo "<div class='form'> 
      <h3>Username/password is incorrect.</h3> 
      <br/>Click here to <a href='login.php'>Login</a></div>"; 
    } 
} 

?> 
<form method="post"> 
<label for="name">Name</label> 
<input type="name" name="name" /><br> 
<label for="password">Password</label> 
<input type="password" name="password" /><br> 
<input type="submit" name="submit" value="Login" /> 
</form> 
<p>Not registered yet? <a href='register.php'>Register Here</a></p> 

Answer 1

主要な問題は、このコード行である：基本的にこのラインisset($_POST['submit'])=="Login"言う：場合（ true ==「ログイン」）またはif（false == "Login"）。これは、isset($_POST['submit'])がブール値TRUEまたはFALSEと評価されるためです。だから、一部：=="Login"だけであなたを残して、削除する必要があります：isset($_POST['submit'])

On the other hand; there are a few things you might need to note: First, You should be careful, using Raw Passwords in your Applications. Passwords are far much secure when encrypted. Second, using variables from form directly in your SQL Queries is so much of a risk (after all you are using mysqli). Third: whenever you are dealing with sessions, always make sure you session_start() comes first. The Code Snippet in this Code is similar to yours with just minor tweaks. The Query is the same (however, you should looki into it yourself based on the points mentioned above).

LOGIN.PHP

<?php 
    session_start(); 

    require("config.php"); 



    if (isset($_POST['submit'])) { 
     $name = isset($_POST['name'])  ? htmlspecialchars(trim(strip_tags($_POST['name'])))  : ""; 
     $rawPass = isset($_POST['password']) ? htmlspecialchars(trim(strip_tags($_POST['password']))) : ""; 

     // BAD PRACTICE: WHERE name='$name' 
     $query = "SELECT * FROM `members` WHERE name='$name'"; 
     $res  = mysqli_query($link, $query1); 

     while ($row = mysqli_fetch_assoc($result)) { 
      // GET THE STORED PASSWORD FOR EACH USER WITH NAME = $name 
      $pass = $row['password']; 

      // VERIFY THAT THE PASSWORD IS CORRECT 
      // AND THEN SIMPLY STORED HIS DATA TO THE SESSION AND BREAK OFF THE LOOP: 
      if (password_verify($rawPass, $pass)) { 
       $_SESSION['id'] = $row['id']; 
       $_SESSION['name'] = $row['name']; 

       // REDIRECT TO PROFILE PAGE AND EXIT; 
       header("Location: profile.php"); 
       exit; 
      } 
     } 

     echo "<div class='form'> 
       <h3>Username/password is incorrect.</h3> 
       <br/>Click here to <a href='login.php'>Login</a></div>"; 
    } 

?> 
<form method="post"> 
    <label for="name">Name</label> 
    <input type="name" name="name" /><br> 
    <label for="password">Password</label> 
    <input type="password" name="password" /><br> 
    <input type="submit" name="submit" value="Login" /> 
</form> 
<p>Not registered yet? <a href='register.php'>Register Here</a></p> 

UPDATE ::

あなたは機能を追加する必要があります以下のようにパスワードを確認してsqlを変更します。

<?php 

    if (isset($_POST['submit'])) { 
     $name = isset($_POST['name'])  ? htmlspecialchars(trim(strip_tags($_POST['name'])))  : ""; 
     $rawPass = isset($_POST['password']) ? htmlspecialchars(trim(strip_tags($_POST['password']))) : ""; 
     $query = "SELECT * FROM `members` WHERE name='$name'"; 
     $result = mysqli_query($link, $query); 


     while ($row = mysqli_fetch_assoc($result)) { 
      // GET THE STORED PASSWORD FOR EACH USER WITH NAME = $name 
      $pass = $row['password']; 

      // VERIFY THAT THE PASSWORD IS CORRECT 
      // AND THEN SIMPLY STORED HIS DATA TO THE SESSION AND BREAK OFF THE LOOP: 
      if(password_verify($rawPass, $pass)) { 
       $_SESSION['id'] = $row['id']; 
       $_SESSION['name'] = $row['name']; 

       // REDIRECT TO PROFILE PAGE AND EXIT; 
       header("Location: profile.php"); 
       exit; 
      } 
     } 

     echo "<div class='form'> 
       <h3>Username/password is incorrect.</h3> 
       <br/>Click here to <a href='login.php'>Login</a></div>"; 
    }