<?php
// auth.php
// start session
session_start();
// convert username and password from _POST or _SESSION
if($_POST){
$_SESSION['username']=$_POST["username"];
$_SESSION['password']=$_POST["password"];
}
// query for a user/pass match
$result=mysql_query("select * from users
where username='" . $_SESSION['username'] . "' and password='" . $_SESSION['password'] . "'");
// retrieve number of rows resulted
$num=mysql_num_rows($result);
// print login form and exit if failed.
if($num < 1){
echo "You are not authenticated. Please login.<br><br>
<form method=POST action=admin.php>
username: <input type=text name=\"username\">
password: <input type=password name=\"password\">
<input type=submit>
</form>";
exit;
}
?>
This code prompt out username and password if there is no session found, but if u entered a wrong username, password or even leave in blank, it will just do nothing. How to do user input error checking, like empty username/password, imvalid password.
Please advise.