Login Form: Using PHP and MYSQL

Acceptable Email: chris11@maracentral.com

Acceptable Password: Oldsmobile54

Email: Password:

The code used for index.php is below:

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <link rel="stylesheet" href="../styles.css">
    <title>PHP Login Page</title>
</head>
<body>

<h1 class="lesson-h1">Login Form: Using PHP and MYSQL</h1>
<p>Acceptable Email: chris11@maracentral.com</p>
<p>Acceptable Password: Oldsmobile54</p>
<div id="errors-div"><?php  echo $errors;  ?></div>

<?php

include('../connection.php');

// $user = ['chris11@maracentral.com', md5('Oldsmobile54')];

if(isset($_POST['login'])){
    $errors = array();
    $email = htmlentities($_POST['user-email']);
    $password = htmlentities($_POST['user-password']);
    $login_user = [];
    $hashed_password = md5(md5($password));

    if(!$email || !$password){
        $errors[] = "Email and Password are Required";
    } else if(strlen($email) > 30){
        $errors[] = "Email Too Long - Max 30 Characters";
    } else if(strlen($password) > 12){
        $errors[] = "Password Too Long - Max 12 Characters";
    } else {
        array_push($login_user, $email, $hashed_password);
    }

  if(!empty($errors)){
      foreach($errors as $error){
        echo "<h3>$error</h3>";
      }
  } else {
    $sql = "SELECT * FROM `users` WHERE email = '$login_user[0]' ORDER BY id ASC";
    $result = mysqli_query($link, $sql); 
    $result = mysqli_fetch_assoc($result);
    // echo var_dump($result);

    if($login_user[1] !== $result['pass']){
        echo "<h3>Email or Password Do Not Match</h3>";
    }else {
        echo "<h3>Email and Password match. You are about to log in</h3>";
        header("location: loggedin.php");
      }
  }
}
?>

<form action="index.php" method="post" style="display: flex; flex-flow: column wrap; justify-content: center;">
    Email: <input type="email" name="user-email" id="user-email" placeholder="Email">
    Password: <input type="password" name="user-password" id="user-password" placeholder="Password">
    <input type="submit" value="Login" name="login">
</form>
<hr>
<?php
    include('../show_code.php');
    show_code('index.php');
    show_code('loggedin.php');
?>

</body>
</html>

The code used for loggedin.php is below:


<?php
echo "<h1>You are logged in</h1><a href='index.php'>Go Back</a>";

?>