Invalid username and password

Question

shielaolid -3 Light Poster

12 Years Ago

Hello there, anyone can help me about my problem, i want to display an error message when the user inputs invalid username and incorrect password. and i want to display it in the same form. im new in php.

These are my codes:

<?php
	if($_SERVER['REQUEST_METHOD'] == 'POST')
	{
						$db=mysql_connect('localhost','root','') or die('Cannot connect to MySQL!');
@mysql_select_db('dbriomra')or die('Cannot connect to database');
 
// Retrieve username and password from database according to user's input
 
$login = mysql_query("SELECT * FROM login WHERE (username = '" . mysql_real_escape_string($_POST['compid']) . "') and (password = '" . mysql_real_escape_string($_POST['pword']) . "')");
 
// Check username and password match

if (mysql_num_rows($login) == 1) {
// Set username session variable

$_SESSION['username'] = $_POST['compid'];
// Jump to secured page
header('Location: employee.php'); 

// kung anong file.php mag ffall ung user pag valid ung log in procedures nya.
}
else {
$message = "Invalid username or password"; 
}
} else {
$message = "";
}
echo "$message";
?>
                
<?PHP print $message;?>

php

3 Contributors
4 Replies
7K Views
22 Hours Discussion Span
Latest Post 12 Years Ago Latest Post by shielaolid

vaultdweller123 32 Posting Pro

12 Years Ago

put this above html

$user = $_POST['compid'];
$pass = $_POST['pword'];

$db=mysql_connect('localhost','root','') or die('Cannot connect to MySQL!');
@mysql_select_db('dbriomra')or die('Cannot connect to database');
session_start();

$sql = mysql_query("SELECT * FROM login WHERE username = '".$user."'");

if(mysql_num_rows($sql)>0){

	// login
	while($row=mysql_fetch_array($sql)){

		if($pass==$row['password']){
			// store id as session
			$_SESSION['id'] = $row['id'];
			echo "<script>window.location='/employee.php'</script>";
		}else{
		// password incorrect
			echo 'password incorrect';
		}

	}
}else{
	// fail
	echo "username doesn't exist";
}

then remove the action attribute in your form

Edited 12 Years Ago by vaultdweller123 because: n/a

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

shielaolid -3 Light Poster · Answer 1 · 2012-02-20T14:34:22+00:00

vaultdweller123, Undefined compid and pword (that's the name of my textboxes).

and if when i input the correct username and password this is the error that i get

"The requested URL /employee.php was not found on this server."

employee.php is the page where the user go directly when they input correct username and password.

baig772 19 Web Application Architect · Answer 2 · 2012-02-20T16:25:19+00:00

baig772 19 Web Application Architect

12 Years Ago

share your form also

shielaolid -3 Light Poster · Answer 3 · 2012-02-20T16:45:53+00:00

It's working.

<?php

error_reporting (E_ALL ^ E_NOTICE);
	
session_start();

$user = $_POST['txtcompid'];
$pass = $_POST['txtpword'];

$_SESSION['myusername'] = $user;
$_SESSION['mypassword'] = $pass;
 
$db=mysql_connect('localhost','root','') or die('Cannot connect to MySQL!');
@mysql_select_db('dbriomra')or die('Cannot connect to database');
session_start();
 
$sql = mysql_query("SELECT * FROM login WHERE username = '".$user."'");
 
if(mysql_num_rows($sql)>0){
 
	// login
	while($row=mysql_fetch_array($sql)){
 
		if($pass==$row['password']){
			// store id as session
			$_SESSION['id'] = $row['id'];
			header("location:employee.php");
			$_SESSION['username']=$user;
			
		}else{
		// password incorrect
			echo 'password incorrect';
		}
 
	}
}else{
	// fail
	echo "username doesn't exist";
}
?>

i just put a

$_SESSION['myusername'] = $user;
$_SESSION['mypassword'] = $pass;

to call my textboxes. and that's it. Thanks :) Have a nice day!