in my index.php there is a <p> tag in form. i want to print errors there from login.php file.
in login.php iam checking for 3 errors. is there a way i can print them in index.php in <p> tag?
i was thinking may be i use an array in login.php?

2nd question is that, what else can i do in my login.php so its harder to hack it.

----------------------- index.php ---------------------------------------------------

<?php
session_start();
include("connect.php");

//check, if user is loged in or not
if(isset($_SESSION['username']))
{
    //log in(member)
    echo 
    "
     YOU ARE LOGED IN
     <a href='logout.php'> logout! </a>
    ";
}
else
{
//not loged in(not member)
echo 
"
YOU ARE NOT LOG IN!
<form method='post' action='login.php'>
<strong>Member Login </strong><br/>
<p id = 'error'>Print Errors here</p>
Username:<input name='username' type='text' id='username'><br/>
Password: <input name='password' type='password' id='password'><br/>
<input type='submit' value='Login'>
<a href='register.php'> Register! </a>
</form>
";
}
?>

---------------------------------------------- login.php ----------------------------------------------

<?php
session_start();
include("connect.php");

$post_username = $_POST['username'];
$post_password = $_POST['password'];

if($post_username && $post_password)
{
    if(strlen($post_username) > 20 || strlen($post_password) > 20)
    {
        die("Username or Password character length is too long!");
    }
    else
    {
        //convert password to md5
        $port_password = md5($post_password);

        //query the database
        $login = sprintf("SELECT * FROM user WHERE username='%s' AND password ='%s'", mysql_real_escape_string($post_username),mysql_real_escape_string($post_password));

        $rowcount = mysql_num_rows(mysql_query($login));
        $fieldarray= mysql_fetch_assoc(mysql_query($login));

        $id= $fieldarray['user_id'];

        if($rowcount == 1)
        {       
        //log the user in
        $_SESSION['username'] = $post_username;
        $_SESSION['user_id'] = $id;
        header('Location: index.php');
        //echo $_SESSION['username'].", you hava been logged in! <a href='index.php'>Return</a>";
        }
        else
            die("Incorrect username or password combination!");

    }
}
else
    die("Username and password required");
?>
Member Avatar for diafol

I'm not sure what you need, but if there are errors, you can add an error to the $errors array:

}else{
    $errors[] = "..."; //etc
}

Then:

<?php
    if(isset($errors)){
        foreach($errors as $error){
            echo "<p>$error</p>";
        }
    }else{
?>

<!-- place your usual html content here -->
<!-- or keep it all in php if the content comes from include files -->

<?php
    }
?>

Admittedly, this isn't such a nice solution as it mixes php and html - something that you would try to avoid if possible.

but this is print error in login.php file. i want to print error in index.php file.

Member Avatar for diafol

OK, just pass the error back to the index file as a querystring parameter:

IMO the easiest way is to apply errors in bits:

$error = 0;
if(...){
    $error += 1;
}
if(...){
    $error += 2;
}
if(...){
    $error += 4;
}
if(...){
    $error += 8;
}

$errcode = (!empty($error)) ? "?err=$error" : "";
header("Location: index.php$errcode");

In your index page:

$errorstring = "";
$es = array(1=>'This is a bad error',2='This is a very bad error',4='You could die!',8='See ya!');
if(isset($_GET['err']) && is_int($_GET['err'])){
    foreach($es as $k=>$v){
        $errorstring .= ($k & $_GET['err']) ? "<p>$v</p>\n" : "";
    }
}

This is a poor example really, but works well if you only return to index.php from login.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.