Display error message on a login page

[Silent_Symon]

Hello all, my first post after joining this very informative site, unfortunatly I was unable to find the answer to my simple yet frastrating dilemma.

 

I am in the process of building a website that will enable users to log-in through a dedicated loginU.php page, I have all of this working but I would like to display an error message on this page saying if the user has entered a wrong username/password, I have the message displaying on a blank white page, but I would like it to be displayed within the container I have created. the validation code is contained within a different login.php file.

 

At the moment I am using an iframe to display the messages, which I know is not the right way to do it, so am asking for a better way to do it. here is what I have so far:

 

loginU.php

<div id = "div-Login">
<form action="login.php"  method="POST" target="loginerror">
<center><h2>Login Here</h2> <p>
Username:  <input type="text" name="username"><p>
Password:  <input type="password" name="password"><p>
<input type="submit" name="submit" value="Login">
</center>
<a href="register.html"><pre>need to register? Click Here!</pre></a>
</form>

<iframe name="loginerror" style="border: 0px; width: 200px; height: 100px; overflow: hidden;" src="login.php"></iframe>
</div>

 

login.php

if ($username==$dbusername&&$enc_password==$dbpassword) //if the username & encrpyted password matches the records in the database
{
if($admin !=0) //if the admin flag is true
{
$_SESSION['level']='ADMIN';//admin is logging in
header ("Location: admin.php"); //the user is an admin, direct to admin page
}
else
header ("Location: index.php"); //user is a customer, direct user to index page
$_SESSION['username']=$dbusername; //set the session name to the database record username.
}
else 
//$nopass='TRUE'; 
//header ("location: loginU.php"); 
echo "Incorrect Password, Please try again"; // if incorrect password
}
else
die ("That username doesn't exist"); // if user doesn't exist
}
else
die ("Please enter a username and password"); //if either field is empty

?>

[Psycho]

One solution, that I typically use, is to have form pages post to themselves. Then if there are any errors I dimply re-display the form with the previously submitted data and include the error message on the page. If validation passes, then I include the script to process the data.

[chriscloyd]

There are a couple things I was not clear about like how are you getting your level and validating the information.... Are you going through a database If you are let me know and I can tweak the code I just did for you if not hopefully you can tweak it the way you need.

<?php
session_start();
//First off let me state you should not make yours errors say that the username does not exist
//I Would just say Incorrect Username/Password

//Create Error Array 
$LErrors = array();
//Create Array With User Info
$UserInfo = array(
"Username" => $_GET['username'],
"Password" => $_GET['password']
);
if (isset($_POST['submit'])) {
foreach ($UserInfo as $key => $val) {
	$val = mysql_real_escape_string($val);
	if ($key == "Password") {
		//encrypt your password if you like
		//I like to use hash
		//${$key} = hash("SHA256",$val);
	}
	if ($val == '') {
		$LErrors[] = "{$key}: is not allowed to be empty!"
	} else {
		${$key} = $val;
	}
}
//check if there are errors
if (empty($LErrors)) {
	//check if user information is correct
	if ($Username == $dbusername && $Password == $dbpassword) {
		//check if user is an admin
		$_SESSION['Username'] = $Username;
		if ($admin != 0) {
			$_SESSION['Level'] = "ADMIN";
			header("Location: admin.php");
		}
		header("Location: index.php"); 
	} else {
		$LErrors[] = "Incorrect Username/Password!";
	}
} else {
	foreach ($LErrors as $val) {
		echo "<li>{$val}</li>";
	}
	echo "<div id=\"div-Login\">
	<form action=\"\"  method=\"post\" target=\"loginerror\">
	<center><h2>Login Here</h2> <p>
	Username:  <input type=\"text\" name=\"username\"><p>
	Password:  <input type=\"password\" name=\"password\"><p>
	<input type=\"submit\" name=\"submit\" value=\"Login\">
	</center>
	<a href=\"register.html\"><pre>need to register? Click Here!</pre></a>
	</form>
	</div>";
}
} else {
echo "<div id=\"div-Login\">
<form action=\"\"  method=\"post\" target=\"loginerror\">
<center><h2>Login Here</h2> <p>
Username:  <input type=\"text\" name=\"username\"><p>
Password:  <input type=\"password\" name=\"password\"><p>
<input type=\"submit\" name=\"submit\" value=\"Login\">
</center>
<a href=\"register.html\"><pre>need to register? Click Here!</pre></a>
</form>
</div>";
}

[Silent_Symon]

Hello, yes I am getting my level through a database where the Admin value is stored for each record, Thank you for your help, much appreciated!

[Silent_Symon]

Hi all, I've included some optimized PHP to the loginU.php page, it is now calling itself when the user tries to log on, the error messages are now displaying but if the user enters a correct username and password it still goes back to the LoginU.php page and not to where it should go.

 

It's weird as the same code works when in an external .php file, but then the errors don't work, anyone have this problem before?

[Psycho]

Where is your current code?

 

After all validations pass and you perform any login tasks (e.g. set session variable) I would then use a header() to redirect the user to whatever page you want them to be on.