php - Login using username or email -

i trying have login page let users login using either username or email address.

so far, allow users login using email. need fresh eyes, can't find problem. i've tried removing every mention of logging in email still no luck, both username , email field in table unique, tried alternating around. help?

login form:

<?php ini_set('display_errors', '1'); require_once '../includes/conn.php';  if($user->is_loggedin()!=""){     $user->redirect('./index.php'); }  if(isset($_post['login'])){     $username = $_post['username_email'];     $email = $_post['username_email'];     $password = $_post['password'];      if($user->login($usrename,$email,$password)){         $user->redirect('./index.php');     }else{         $error = "login details provided not match out records.<br /><br />";     } } ?> <!doctype html> <html lang="en"> <head>     <title>epicowl uk | cms admin panel login</title>     <meta charset="utf-8">     <link rel="shortcut icon" href="../images/favicon.ico" type="image/x-icon" />     <link rel="stylesheet" type="text/css" href="../css/main.css"> </head> <body> <div id="header">     <a href="index.php"><img id="logo" src="../images/logo.png" /></a>     <div id="navigation">         <ul>             <a href="../index.php"><li>home</li></a>             <a href="../users/profile.php"><li>my profile</li></a>             <a href="./index.php"><li>admin panel</li></a>         </ul>     </div> </div> <div id="content"> <form method="post"><br /><br />     <h2>administrator login</h2>     <?php     if(isset($error)){     ?>     <em><?php echo $error; ?></em>     <?php     }     ?>     <input type="text" name="username_email" placeholder="username/email" required /><br /><br />     <input type="password" name="password" placeholder="password" /><br /><br />     <button type="submit" name="login">login</button><br /><br /><br />     <label>don't have account?  why not register 1 clicking <a href="./register.php">here</a></label><br /><br /><br /><br /> </form> </div> <div id="footer">     <p class="copyright">&copy; epicowl uk. rights reserved.</p> </div> </body> </html> 

class file:

<?php ini_set('display_errors', '1'); class user{     private $db;      function __construct($conn){         $this->db = $conn;     }      public function register($username,$email,$password){        try{            $new_password = password_hash($password, password_default);             $stmt = $this->db->prepare("insert users(username,email,password)values(:username, :email, :password)");             $stmt->bindparam(":username", $username);            $stmt->bindparam(":email", $email);            $stmt->bindparam(":password", $new_password);                        $stmt->execute();              return $stmt;         }        catch(pdoexception $e){            echo $e->getmessage();        }         }      public function login($username,$email,$password){        try{           $stmt = $this->db->prepare("select * users username=:username or email=:email limit 1");           $stmt->execute(array(':username'=>$username, ':email'=>$email));           $userrow=$stmt->fetch(pdo::fetch_assoc);           if($stmt->rowcount() > 0){              if(password_verify($password, $userrow['password'])){                 $_session['session'] = $userrow['id'];                 return true;              }else{                 return false;              }           }        }        catch(pdoexception $e){            echo $e->getmessage();        }    }      public function is_loggedin(){         if(isset($_session['session'])){             return true;         }     }      public function redirect($url){         header("location:$url");     }      public function logout(){         session_destroy();         unset($_session['session']);         return true;     } } ?> 

sql table:

-- phpmyadmin sql dump -- version 4.0.7 -- http://www.phpmyadmin.net -- -- host: localhost -- generation time: jun 19, 2015 @ 11:52 -- server version: 5.5.42 -- php version: 5.3.28  set sql_mode = "no_auto_value_on_zero"; set time_zone = "+00:00";   /*!40101 set @old_character_set_client=@@character_set_client */; /*!40101 set @old_character_set_results=@@character_set_results */; /*!40101 set @old_collation_connection=@@collation_connection */; /*!40101 set names utf8 */;  -- -- database: `cl47-dbuser-1yz` --  -- --------------------------------------------------------  -- -- table structure table `users` --  create table if not exists `users` (   `id` int(11) not null auto_increment,   `username` varchar(25) not null,   `email` varchar(50) not null,   `password` varchar(60) not null,   primary key (`id`),   unique key `username` (`username`),   unique key `email` (`email`),   unique key `id` (`id`) ) engine=myisam  default charset=latin1 auto_increment=2 ; 

registering fine, username, email & password insert. looking.

the problem line:

if($user->login($usrename,$email,$password)){                 ^^^^^^^^^ 

is misspelled , should read $username that's why it's letting use email login.

as per login function:

public function login($username,$email,$password)                       ^^^^^^^^^ 

---

sidenote:

make sure password column long enough accommodate hash. 60 not enough. increase 255 future use, recommended per manual on password_hash()

• http://php.net/manual/en/function.password-hash.php

therefore, recommended store result in database column can expand beyond 60 characters (255 characters choice).

also add error_reporting(e_all); above ini_set('display_errors', 1);

• you're not getting errors because of that, have caught undefined usrename variable notice.

• http://php.net/manual/en/function.error-reporting.php