Need help with bad login erro display

[MichaelPerdaens]

Hey guys,

i need help with my script i don't find how i can let display an login error

please help.

<?php require_once('../Connections/localhost.php');?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}
mysql_select_db($database_localhost, $localhost);
	$query_User = "SELECT * FROM users";
	$User = mysql_query($query_User) or die(mysql_error());
	


function GetUser($naam, $password)
{

	global $User;

	while($row = mysql_fetch_array($User))
	{
		if($row["username"] == $naam)
		{
			if($row["password"]  == $password)
			{
				return true;
				}
		}
		
	}
	
	return false;
}
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['username'])) {
  $loginUsername=$_POST['username'];
  $password=$_POST['password'];
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "../home/";
  $MM_redirectLoginFailed = "index.php";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_localhost, $localhost);
  
  $LoginRS__query=sprintf("SELECT username, password FROM users WHERE username=%s AND password=%s",
    GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); 
   
  $LoginRS = mysql_query($LoginRS__query, $localhost) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";
    
	if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();}
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;	      

    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];	
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>
<?php
   include '../content/content.php';
   include '../content/menu.php';
?>
			<div class="content">
					<div class="text">
							<div class="contentbox">
 <?php 
if ($_SERVER['REQUEST_METHOD'] == 'POST' ) {

$username = trim(htmlentities(mysql_real_escape_string($_POST['username'])));
$password = trim(htmlentities(mysql_real_escape_string($_POST['password'])));
if (!empty($username) && !empty($password)) {
	if(GetUser($username, $password)){
    	$_SESSION['username'] = $username;
	}
    }  
}
?>
<?php
	if(isset($_SESSION["username"]))
	{
	echo "<center>ur alredy logged in</center><br><br><>";
	}else{
?>
<?php
  if(isset($_SESSION['status']))
  {
    echo $_SESSION['status']; 
    unset($_SESSION['status']);
  } 
?>
<form ACTION="<?php echo $loginFormAction; ?>" METHOD="POST" name="login_form">
<fieldset class="account-info">
<label>Username<br/>
<input type="text" name="username"><br/>
</label>
<label>Password<br/>
<input type="password" name="password"><br/>
</label>
</fieldset>
<fieldset class="account-action">
<input class="btn btn-primary" type="submit" value="Login">
<a class="registerbtn" href="register.php" >Register</a>
</fieldset>
</form>
<?php
}
?>
<?php
	echo "<br/>"."<center>";
   include '../content/copy.php';
   include '../content/bg.php';
	echo "</center>"; 
?>
					</div>
				</div>
			</div>
<video autoplay loop poster="../background/bg.jpg" id="bgvid">
  <source src="../background/bg.webm" type="video/webm">
</video>
<body>
</body>
</html>
<?php
mysql_free_result($User);
?>

[Ch0cu3r]

Try adding

else {
    echo 'Username/Password invalid';
}

After

if(GetUser($username, $password)){
    $_SESSION['username'] = $username;
}

#DreamweaverSpaghettiCode 

[MichaelPerdaens]

Where do i need to add that

[Ch0cu3r]

I just told you what to do. 

[MichaelPerdaens]

I know but I don't know where I should put this or does it have no role?

 

Ow i know srry my english is not good

 

I have put it there but it don`t work

Edited November 16, 2014 by Ch0cu3r

[Ch0cu3r]

Ok. Took a further look at the code. 

 

Delete the following blocks of code. They are not needed at all

 

1)

$query_User = "SELECT * FROM users";
	$User = mysql_query($query_User) or die(mysql_error());
	


function GetUser($naam, $password)
{

	global $User;

	while($row = mysql_fetch_array($User))
	{
		if($row["username"] == $naam)
		{
			if($row["password"]  == $password)
			{
				return true;
				}
		}
		
	}
	
	return false;
}

2)

<?php 
if ($_SERVER['REQUEST_METHOD'] == 'POST' ) {

$username = trim(htmlentities(mysql_real_escape_string($_POST['username'])));
$password = trim(htmlentities(mysql_real_escape_string($_POST['password'])));
if (!empty($username) && !empty($password)) {
	if(GetUser($username, $password)){
    	$_SESSION['username'] = $username;
	}
    }  
}
?>

.

 

Next find this line

header("Location: ". $MM_redirectLoginFailed );

And change it to

echo "Invalid/Username or password. Please try again.";

or if you want to display a message and also redirect the user at the same time change it to this instead

header("Refresh: 5; url=$MM_redirectLoginFailed"); // redirect user after 5 seconds
echo "Invalid/Username or password. Please try again."; 
exit;

[MichaelPerdaens]

It works!

But how can I ensure that a red is invailed input frames

[Ch0cu3r]

Do you mean to say you want the username and password fields to be colored red when the login fails?

[MichaelPerdaens]

Yes

Like this http://getbootstrap.com/css/#forms-control-validation

Edited November 17, 2014 by MichaelPerdaens

[MichaelPerdaens]

Can u help me with that script?

[Ch0cu3r]

To do this you need apply the css selector for styling the fields text and border color red when the login fails

 

Why not have a go yourself? 

[MichaelPerdaens]

I have this:

<form ACTION="<?php echo $loginFormAction; ?>" METHOD="POST" name="login_form">
<fieldset class="account-info">
<label>Username<br/>
<input type="text" style="<?php echo $color ['usercolor']?>" name="username"><br/>
</label>
<label>Password<br/>
<input type="password" style="<?php echo $color ['passcolor']?>" name="password"><br/>
</label>
</fieldset>
<fieldset class="account-action">
<input class="btn btn-primary" type="submit" value="Login">
<a class="registerbtn" href="register.php" >Register</a>
</fieldset>
</form>

But i don't know how to send the color

[MichaelPerdaens]

My code works but not if i use a <fieldset>

[MichaelPerdaens]

Hey thanks for al ur time