<?php

if (isset($_SESSION['uid']) && $_SESSION['uid']) {
    echo "You are already logged in, if you wish to log out, please <a href=\"./logout.php\">click here</a>!\n";
} else {

    if (!$_POST['submit']) {
	?>
		<table border=0 cellspacing=3 cellpadding=3>
		<form method='post' action='login.php'>
		<tr><td>Username</td><td><input type='text' name='username'></td></tr>
		<tr><td>Password</td><td><input type='password' name='password'></td></tr>
		<tr><td colspan=2 align='right'><input type='submit' name='submit' value='Login'></td></tr>
		</form></table>
		
		<?php
    }else {
		$user = $_POST['username'];
		$pass = $_POST['password'];
		
			if($user && $pass){
				$sql = "SELECT id FROM `users` WHERE `username`='".$user."'";
				$res = mysql_query($sql) or die(mysql_error());
				if(mysql_num_rows($res) > 0){
					$sql2 = "SELECT id FROM `users` WHERE `username`='".$user."' AND `password`='".md5($pass)."'";
					$res2 = mysql_query($sql2) or die(mysql_error());
					if(mysql_num_rows($res2) > 0){
						$row = mysql_fetch_assoc($res2);
						$_SESSION['uid'] = $row['id'];
						
						echo "You have successfully logged in as " . $user . "<br><br><a href=\"./index.php\">Proceed to the Forum Index</a>\n";
					}else {
						echo "Username and password combination are incorrect!\n";
					}
				}else {
					echo "The username you supplied does not exist!\n";
				}
			}else {
				echo "You must supply both the username and password field!\n";
			}
	}

}
?>

i have an error on line 8 "undefined index"...I try to use this $submit = $_POST; but there's a complicate between line 19 and 18....

use the following on line 8:

if (isset($_POST['submit']) && !$_POST['submit']) {

I'm sure you know the reason ;)

i already do that code now its fine on line 8...and then another error on

Notice: Undefined index: username in C:\xampp\htdocs\login.php on line 19
Notice: Undefined index: password in C:\xampp\htdocs\login.php on line 20

this minimal code works for me (DB thing removed, assuming they are not the issue)

<?php

if (isset($_SESSION['uid']) && $_SESSION['uid']) {
    echo "You are already logged in, if you wish to log out, please <a href=\"./logout.php\">click here</a>!\n";
} else {

    if (!$_POST['submit']) {
	?>
		<table border=0 cellspacing=3 cellpadding=3>
		<form method='post' action=<?php echo $_SERVER['PHP_SELF'];?>>
		<tr><td>Username</td><td><input type='text' name='username'></td></tr>
		<tr><td>Password</td><td><input type='password' name='password'></td></tr>
		<tr><td colspan=2 align='right'><input type='submit' name='submit' value='Login'></td></tr>
		</form></table>
		
		<?php
    }else {
		$user = $_POST['username'];
		$pass = $_POST['password'];
		print_r($_POST);
		die();
			
	}

}
?>

Try the following:

<?php

if (isset($_SESSION['uid']) && $_SESSION['uid']) {
    echo "You are already logged in, if you wish to log out, please <a href=\"./logout.php\">click here</a>!\n";
} else {

    if (isset($_POST['submit']) && !$_POST['submit']) {
	?>
		<table border=0 cellspacing=3 cellpadding=3>
		<form method='post' action='login.php'>
		<tr><td>Username</td><td><input type='text' name='username'></td></tr>
		<tr><td>Password</td><td><input type='password' name='password'></td></tr>
		<tr><td colspan=2 align='right'><input type='submit' name='submit' value='Login'></td></tr>
		</form></table>
		
		<?php
    }else {
		$user = (isset($_POST['username']))?$_POST['username']:'';
		$pass = (isset($_POST['password']))$_POST['password']'';
		
			if($user && $pass){
				$sql = "SELECT id FROM `users` WHERE `username`='".$user."'";
				$res = mysql_query($sql) or die(mysql_error());
				if(mysql_num_rows($res) > 0){
					$sql2 = "SELECT id FROM `users` WHERE `username`='".$user."' AND `password`='".md5($pass)."'";
					$res2 = mysql_query($sql2) or die(mysql_error());
					if(mysql_num_rows($res2) > 0){
						$row = mysql_fetch_assoc($res2);
						$_SESSION['uid'] = $row['id'];
						
						echo "You have successfully logged in as " . $user . "<br><br><a href=\"./index.php\">Proceed to the Forum Index</a>\n";
					}else {
						echo "Username and password combination are incorrect!\n";
					}
				}else {
					echo "The username you supplied does not exist!\n";
				}
			}else {
				echo "You must supply both the username and password field!\n";
			}
	}

}
?>

i got error on this line

Parse error: syntax error, unexpected T_VARIABLE in C:\xampp\htdocs\forum\login.php on line 27

$user = (isset($_POST['username']))?$_POST['username']:'';
		$pass = (isset($_POST['password']))$_POST['password']'';

i got error on this line

Parse error: syntax error, unexpected T_VARIABLE in C:\xampp\htdocs\forum\login.php on line 27

$user = (isset($_POST['username']))?$_POST['username']:'';
		$pass = (isset($_POST['password']))$_POST['password']'';

Replace that code with the following:

$user = (isset($_POST['username']))?$_POST['username']:'';
$pass = (isset($_POST['password']))?$_POST['password']:'';

why it appears "You MUST supply both the username and password field!" I have not even put into the field of username and password

You may want to change the if statement to the following:

if(!empty($user) && !empty($pass)){

nothings happen...because old version of xampp i use before when i do that. Now the new version of xampp i used so maybe not my code works

Try this:

<?php
if (isset($_SESSION['uid']) && $_SESSION['uid']) {
    echo "You are already logged in, if you wish to log out, please <a href=\"./logout.php\">click here</a>!\n";
} else {
    if (isset($_POST['submit'])) {
		$user = (isset($_POST['username'])) ? $_POST['username'] : '';
		$pass = (isset($_POST['password'])) ? $_POST['password'] : '';
		
			if($user != '' && $pass != ''){
				$user = mysql_real_escape_string(strip_tags($user));
				$pass = mysql_real_escape_string(strip_tags($pass));
				
				$sql = "SELECT id FROM `users` WHERE `username`='".$user."'";
				$res = mysql_query($sql) or die(mysql_error());
				if(mysql_num_rows($res) > 0){
					$sql2 = "SELECT id FROM `users` WHERE `username`='".$user."' AND `password`='".md5($pass)."'";
					$res2 = mysql_query($sql2) or die(mysql_error());
					if(mysql_num_rows($res2) > 0){
						$row = mysql_fetch_assoc($res2);
						$_SESSION['uid'] = $row['id'];
						
						echo "You have successfully logged in as " . $user . "<br><br><a href=\"./index.php\">Proceed to the Forum Index</a>\n";
					}else {
						echo "Username and password combination are incorrect!\n";
					}
				}else {
					echo "The username you supplied does not exist!\n";
				}
			}else {
				echo "You must supply both the username and password field!\n";
			}
	}
	else {
	?>
		<table border=0 cellspacing=3 cellpadding=3>
		<form method='post' action='login.php'>
		<tr><td>Username</td><td><input type='text' name='username'></td></tr>
		<tr><td>Password</td><td><input type='password' name='password'></td></tr>
		<tr><td colspan=2 align='right'><input type='submit' name='submit' value='Login'></td></tr>
		</form></table>	
	<?php
	}

}
?>
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.