Silent_Symon

Hi all, I've included some optimized PHP to the loginU.php page, it is now calling itself when the user tries to log on, the error messages are now displaying but if the user enters a correct username and password it still goes back to the LoginU.php page and not to where it should go. It's weird as the same code works when in an external .php file, but then the errors don't work, anyone have this problem before?

Hello, yes I am getting my level through a database where the Admin value is stored for each record, Thank you for your help, much appreciated!

Hello all, my first post after joining this very informative site, unfortunatly I was unable to find the answer to my simple yet frastrating dilemma. I am in the process of building a website that will enable users to log-in through a dedicated loginU.php page, I have all of this working but I would like to display an error message on this page saying if the user has entered a wrong username/password, I have the message displaying on a blank white page, but I would like it to be displayed within the container I have created. the validation code is contained within a different login.php file. At the moment I am using an iframe to display the messages, which I know is not the right way to do it, so am asking for a better way to do it. here is what I have so far: loginU.php <div id = "div-Login"> <form action="login.php" method="POST" target="loginerror"> <center><h2>Login Here</h2> <p> Username: <input type="text" name="username"><p> Password: <input type="password" name="password"><p> <input type="submit" name="submit" value="Login"> </center> <a href="register.html"><pre>need to register? Click Here!</pre></a> </form> <iframe name="loginerror" style="border: 0px; width: 200px; height: 100px; overflow: hidden;" src="login.php"></iframe> </div> login.php if ($username==$dbusername&&$enc_password==$dbpassword) //if the username & encrpyted password matches the records in the database { if($admin !=0) //if the admin flag is true { $_SESSION['level']='ADMIN';//admin is logging in header ("Location: admin.php"); //the user is an admin, direct to admin page } else header ("Location: index.php"); //user is a customer, direct user to index page $_SESSION['username']=$dbusername; //set the session name to the database record username. } else //$nopass='TRUE'; //header ("location: loginU.php"); echo "Incorrect Password, Please try again"; // if incorrect password } else die ("That username doesn't exist"); // if user doesn't exist } else die ("Please enter a username and password"); //if either field is empty ?>