heshan Posted January 9, 2011 Share Posted January 9, 2011 Hi, I want something this to be done. When a user tries to logged into the site by entering wrong password, the error message like " Invalid username or password" should be displayed in the same page. I tried following coding. But it shows the error message in a different page. $connect=mysql_connect('localhost','root',''); mysql_select_db('bank',$connect); $username= $_POST['username']; $password= $_POST['password']; $result = mysql_query ('select * from users where username = "' . $_POST['username'] . '" and password = "' . $_POST['password'] . '"'); while($row=mysql_fetch_row($result)){ $user_type=$row[4]; } session_start(); session_register("user_type"); $_SESSION["user_type"]=$user_type; if($user_type=='T'){ header('Location:teller_page.php'); }else if($user_type=='AO'){ header('Location:accofficer_page.php'); }else if($user_type=='AS'){ header('Location:accsup_page.php'); }else if($user_type=='LS'){ header('Location:loansup_page.php'); }else if($user_type=='CS'){ header('Location:cashsup_page.php'); }else{ header('Location:try_again.php'); } Quote Link to comment Share on other sites More sharing options...
inversesoft123 Posted January 9, 2011 Share Posted January 9, 2011 why are you redirecting ? Quote Link to comment Share on other sites More sharing options...
Zurev Posted January 9, 2011 Share Posted January 9, 2011 Hi, I want something this to be done. When a user tries to logged into the site by entering wrong password, the error message like " Invalid username or password" should be displayed in the same page. I tried following coding. But it shows the error message in a different page. $connect=mysql_connect('localhost','root',''); mysql_select_db('bank',$connect); $username= $_POST['username']; $password= $_POST['password']; $result = mysql_query ('select * from users where username = "' . $_POST['username'] . '" and password = "' . $_POST['password'] . '"'); while($row=mysql_fetch_row($result)){ $user_type=$row[4]; } session_start(); session_register("user_type"); $_SESSION["user_type"]=$user_type; if($user_type=='T'){ header('Location:teller_page.php'); }else if($user_type=='AO'){ header('Location:accofficer_page.php'); }else if($user_type=='AS'){ header('Location:accsup_page.php'); }else if($user_type=='LS'){ header('Location:loansup_page.php'); }else if($user_type=='CS'){ header('Location:cashsup_page.php'); }else{ header('Location:try_again.php'); } I wouldn't redirect like that, and if you're dead set on it, don't redirect if it's wrong, just echo on the try again header location. session_start should be at the top. I could drop your whole table by entering a single username. Quote Link to comment Share on other sites More sharing options...
Zurev Posted January 9, 2011 Share Posted January 9, 2011 Jeez, I am brutal when I first wake up aren't I? To elaborate, it's good that you want the error displayed on the same page rather than performing a redirect! Have you tried simply replacing your header redirect line with echo'ing your Invalid username or password message? As for the other points, I misspoke about sesssion_start, it only needs to be at the very top for cookie based sessions. Also, you're extremely vulnerable to SQL Injection, read up about it since it's absolutely vital, for now definitely look into: http://php.net/manual/en/function.mysql-real-escape-string.php Quote Link to comment Share on other sites More sharing options...
inversesoft123 Posted January 9, 2011 Share Posted January 9, 2011 Hope this will help to newbies.. http://www.itshacked.com/103/php-function-to-prevent-cross-site-scripting-xss-attacks.html Quote Link to comment Share on other sites More sharing options...
heshan Posted January 10, 2011 Author Share Posted January 10, 2011 Hi, Thank you all for your replies. I will try it by using echo statement. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.