Invalid username and password

Question

shielaolid -3 Light Poster

12 Years Ago

<?php

		$db=mysql_connect('localhost','root','') or die('Cannot connect to MySQL!');			
		@mysql_select_db('dbriomra')or die('Cannot connect to database');
		
		
		// Retrieve username and password from database according to user's input
		
		$login = mysql_query("SELECT * FROM login WHERE (username = '" . mysql_real_escape_string($_POST['compid']) . "') and (password = '" . mysql_real_escape_string($_POST['pword']) . "')");

		// Check username and password match
		if (mysql_num_rows($login) == 1) {
        // Set username session variable
        $_SESSION['username'] = $_POST['compid'];
        // Jump to secured page
        header('Location: employee.php'); // kung anong file.php mag ffall ung user pag valid ung log in procedures nya.
}
else {
       
        // Jump to secured page
        //header('Location: index.php'); //homepage mo pag invalid
}

?>

i want to put a restriction, like, invalid username and password, but i don't know how, im new in php. thank you :)

php

3 Contributors
3 Replies
205 Views
2 Days Discussion Span
Latest Post 12 Years Ago Latest Post by shielaolid

diafol

12 Years Ago

That's goes in your 'else' part.
You can send back to index.php with a querystring like:

index.php?login=fail

or something similar. The index page picks up the $_GET value if set.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

shahbaz13 0 Light Poster · Answer 1 · 2012-01-02T18:53:34+00:00

As ardav said you can use the $_GET method...
If you do not want to use this method, use the other method.
In this method, you will have to place the above code on the login page and use the request type method i.e.

if($_SERVER['REQUEST_METHOD'] == 'POST')
{

}

...

Try this...

<?php
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
		$db=mysql_connect('localhost','root','') or die('Cannot connect to MySQL!');
		@mysql_select_db('dbriomra')or die('Cannot connect to database');
 
 
		// Retrieve username and password from database according to user's input
 
		$login = mysql_query("SELECT * FROM login WHERE (username = '" . mysql_real_escape_string($_POST['compid']) . "') and (password = '" . mysql_real_escape_string($_POST['pword']) . "')");
 
		// Check username and password match
		if (mysql_num_rows($login) == 1) {
        // Set username session variable
        $_SESSION['username'] = $_POST['compid'];
        // Jump to secured page
        header('Location: employee.php'); // kung anong file.php mag ffall ung user pag valid ung log in procedures nya.
}
else {
$message = "Invalid username or password"; 
}
} else {
$message = "";
}
echo "$message";
?>

shielaolid -3 Light Poster · Answer 2 · 2012-01-03T23:25:35+00:00

Well, Thank you very much, you help me a lot :) my problem was solve :))))))