<?php

		$db=mysql_connect('localhost','root','') or die('Cannot connect to MySQL!');			
		@mysql_select_db('dbriomra')or die('Cannot connect to database');
		
		
		// Retrieve username and password from database according to user's input
		
		$login = mysql_query("SELECT * FROM login WHERE (username = '" . mysql_real_escape_string($_POST['compid']) . "') and (password = '" . mysql_real_escape_string($_POST['pword']) . "')");

		// Check username and password match
		if (mysql_num_rows($login) == 1) {
        // Set username session variable
        $_SESSION['username'] = $_POST['compid'];
        // Jump to secured page
        header('Location: employee.php'); // kung anong file.php mag ffall ung user pag valid ung log in procedures nya.
}
else {
       
        // Jump to secured page
        //header('Location: index.php'); //homepage mo pag invalid
}

?>

i want to put a restriction, like, invalid username and password, but i don't know how, im new in php. thank you :)

Member Avatar for diafol

That's goes in your 'else' part.
You can send back to index.php with a querystring like:

index.php?login=fail

or something similar. The index page picks up the $_GET value if set.

As ardav said you can use the $_GET method...
If you do not want to use this method, use the other method.
In this method, you will have to place the above code on the login page and use the request type method i.e.

if($_SERVER['REQUEST_METHOD'] == 'POST')
{

}

...

Try this...

<?php
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
		$db=mysql_connect('localhost','root','') or die('Cannot connect to MySQL!');
		@mysql_select_db('dbriomra')or die('Cannot connect to database');
 
 
		// Retrieve username and password from database according to user's input
 
		$login = mysql_query("SELECT * FROM login WHERE (username = '" . mysql_real_escape_string($_POST['compid']) . "') and (password = '" . mysql_real_escape_string($_POST['pword']) . "')");
 
		// Check username and password match
		if (mysql_num_rows($login) == 1) {
        // Set username session variable
        $_SESSION['username'] = $_POST['compid'];
        // Jump to secured page
        header('Location: employee.php'); // kung anong file.php mag ffall ung user pag valid ung log in procedures nya.
}
else {
$message = "Invalid username or password"; 
}
} else {
$message = "";
}
echo "$message";
?>

Well, Thank you very much, you help me a lot :) my problem was solve :))))))

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.