echo "Sorry, wrong password.";

[ilikephp]

hello!!

I have this form below: when I type a wrong password, it does not display "sorry, wrong password" can you help please!

Thx..

 

 

<?php

// Include the database connection file.

include("connection.php");

// Check if a person has clicked on submit.

if(isset($_POST['submit'])) {

// Check if a person has filled every form.

if(empty($_POST['username']) || empty($_POST['password']) || empty($_POST['password2']) || empty($_POST['email'])) {

echo "You have to fill in everything in the form."; // Display the error message.

header("Location: register.php"); // Redirect to the form.

exit; // Stop the code to prevent the code running after redirecting.

}

// Create variables from each $_POST.

$username = $_POST['username'];

$password = $_POST['password'];

$password2 = $_POST['password2'];

$email = $_POST['email'];

 

// Now, compare passwords and check if they're the same.

 

if($password != $password2) {

// If the passwords are NOT the same. Again display an error message and redirect.

echo "Sorry, wrong password.";

header("Location: register.php");

exit;

}

// Secure the password using an md5 hash.

$password = md5($password);

 

// Create a variable containing the SQL query.

$query = "INSERT INTO `users` (username, password, email) VALUES ('$username', '$password', '$email')";

// Perform the SQL query on the database.

$result = mysql_query($query);

// If the query failed, display an error.

if(!$result) {

echo "Your query failed. " . mysql_error(); // The dot seperates PHP code and plain text.

} else {

// Display a success message!

echo "Welcome " . $username . " You are now registered";

}

}

?>

[gevans]

That's your register function, not a login function

[ilikephp]

sry, this is my login function:

 

<?php

// login2.php

 

// Start a session. Session is explained below.

session_start();

include("connection.php");

 

// Same checking stuff all over again.

if(isset($_POST['submit'])) {

if(empty($_POST['username']) || empty($_POST['password'])) {

echo "Sorry, you have to fill in all forms";

header("Location: login.php");

exit;

}

// Create the variables again.

$username = $_POST['username'];

$password = $_POST['password'];

// Encrypt the password again with the md5 hash.

// This way the password is now the same as the password inside the database.

$password = md5($password);

 

// Store the SQL query inside a variable.

// ONLY the username you have filled in is retrieved from the database.

$query = "SELECT username,password

  FROM `users`

  WHERE username='$username'";

 

$result = mysql_query($query);

if(!$result) {

// Gives an error if the username given does not exist.

// or if something else is wrong.

echo "The query failed " . mysql_error();

} else {

// Now create an object from the data you've retrieved.

$row = mysql_fetch_object($result);

// You've now created an object containing the data.

// You can call data by using -> after $row.

// For example now the password is checked if they're equal.

if($row->password != $password) {

echo "I am sorry, but the passwords are not equal.";

header("Location: login.php");

exit;

}

// By storing data inside the $_SESSION superglobal,

// you stay logged in until you close your browser.

$_SESSION['username'] = $username;

$_SESSION['sid'] = session_id();

// Make it more secure by storing the user's IP address.

$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];

// Now give the success message.

// $_SESSION['username'] should print out your username.

echo "Success! You are now logged in " . $_SESSION['username'];

echo "<a href=\"access.php\">Go here!</a>";

}

}

[gevans]

Did you write the code yourself? If so check the following query;

 

$query = "SELECT username,password

          FROM    `users`

          WHERE    username='$username'";

 

It's not checking your password against the database. And as standard you'll get an error saying the the login failed, the query should check for a username and password couple like this;

 

$query = "SELECT username

FROM `users`

WHERE `username`='$username' AND `password`='$password'";

 

If this query fails you can tell the user that the login details are incorrect. To differentiate between which they put in wrong (username/password) you'd need to do further work.

[ilikephp]

I did a research to get this code, the problem is that everything is working, but when I enter a wrong username or password, I recieve again the same log in page that is to enter user and password again without prompting the user that he did smthg wrong.

[gevans]

      if($row->password != $password) {

        echo "I am sorry, but the passwords are not equal.";

        header("Location: login.php");

        exit;

      }

 

The problem is you're redirecting the page straight after attempting to display an error message. You should be getting an error here as you're trying send headers out after printing to the screen. Do you have an online version to see?

[ilikephp]

I'm doing it on my pc, that contains server,

 

is there a way to display this echo? "sorry, the password is wrong"

[gevans]

A couple of options, one is to set up a session that control errors.

 

So (not proper code)...

 

if(the password is wrong){

$_SESSION['error boolean'] = TRUE;

$_SESSION['the error message'] = 'whatever message you want to display';

}

 

On the next page, have a standard error 'area'

 

if($_SESSION['error boolean'){

echo $_SESSION['the error message']

$_SESSION['error boolean'] = FALSE;

}

 

Another option is to do it with the header re-direct...

 

if(password wrong){

header('Location: your-page.php?set an error=true');

}

 

on the your-page.php....

 

if($_GET['set an error'])

echo 'an error message';

 

I hope this makes sense, I've just done it very roughly for you