mallen Posted August 4, 2011 Share Posted August 4, 2011 I have this simple log in form. I can't figure how to display the form again on the same page if the username or password are wrong. If you hit submit with no values or you use the wrong values the form disappears. <?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ( (!empty($_POST['user'])) && (!empty($_POST['password']))) { if(($_POST['user']) == 'me' && ($_POST['password'] == 'test')) { //correct print '<p> You are logged in</p>'; } } } else { //incorrect! //display form print '<form action="login.php" method="post"> <p>Sign in:</p> <table width="200" border="0"> <tr> <td width="71">User:</td> <td width="113"><label for="user"></label> <input type="text" name="user" id="user" /></td> </tr> <tr> <td>Password</td> <td><label for="password"></label> <input type="password" name="password" id="password" /></td> </tr> <tr> <td> </td> <td><input type="submit" name="submit" value="Log in" /></td> </tr> </table> </form>'; } ?> Quote Link to comment Share on other sites More sharing options...
phpSensei Posted August 4, 2011 Share Posted August 4, 2011 Just remove the else. Quote Link to comment Share on other sites More sharing options...
mallen Posted August 4, 2011 Author Share Posted August 4, 2011 I tried that and it keeps the form on the screen, but doesn't show error message. Not sure where to place that. Quote Link to comment Share on other sites More sharing options...
phpSensei Posted August 4, 2011 Share Posted August 4, 2011 try this <?php if(!empty($_POST['submit'])){ $username = mysql_real_escape_string(trim($_POST['username'])); $password = mysql_real_escape_string(trim($_POST['password'])); if($username == ""){ print "Please enter your username"; }elseif($password == ""){ print "Please enter your password"; }else{ // Username and password havebeen submitted } } ?><form action="login.php" method="post"> <p>Sign in:</p> <table width="200" border="0"> <tr> <td width="71">User:</td> <td width="113"><label for="user"></label> <input type="text" name="user" id="user" /></td> </tr> <tr> <td>Password</td> <td><label for="password"></label> <input type="password" name="password" id="password" /></td> </tr> <tr> <td> </td> <td><input type="submit" name="submit" value="Log in" /></td> </tr> </table> </form> Quote Link to comment Share on other sites More sharing options...
mallen Posted August 4, 2011 Author Share Posted August 4, 2011 Thanks. Its not checking a value of the correct user or password. Quote Link to comment Share on other sites More sharing options...
phpSensei Posted August 4, 2011 Share Posted August 4, 2011 Its just an example, sorry, just change the variables around. Quote Link to comment Share on other sites More sharing options...
mallen Posted August 4, 2011 Author Share Posted August 4, 2011 I tried something like this but still getting errors. <?php if(!empty($_POST['submit'])){ $username = mysql_real_escape_string(trim($_POST['user'])); $password = mysql_real_escape_string(trim($_POST['password'])); if(($username == "") || ($username !== "me")) { print "Please enter your username"; }elseif(($password == "") || ($password !== "test")){ print "Please enter your password"; }else{ // Username and password havebeen submitted print '<p>You are logged in</p>'; } } ?> Quote Link to comment Share on other sites More sharing options...
phpSensei Posted August 4, 2011 Share Posted August 4, 2011 Your operators are wrong, !== should !=, and you need to check if username is empty, then password, and THEN check if the username and password match. Like this <?php if(!empty($_POST['submit'])){ $username = mysql_real_escape_string(trim($_POST['user'])); $password = mysql_real_escape_string(trim($_POST['password'])); if($username == "") { print "Please enter your username"; }elseif($password == "") { print "Please enter your password"; }elseif($username == "me" && $password == "test"){ // Username and password havebeen submitted print '<p>You are logged in</p>'; } } ?> Quote Link to comment Share on other sites More sharing options...
mallen Posted August 4, 2011 Author Share Posted August 4, 2011 I still get errors. I changed username to user Warning: mysql_real_escape_string(): Access denied for user ''@'localhost' (using password: NO) in C:\inetpub..... on line 13 Warning: mysql_real_escape_string(): A link to the server could not be established in C:\inetp..... on line 13 Warning: mysql_real_escape_string(): Access denied for user ''@'localhost' (using password: NO) in C:\inetp...... on line 14 Warning: mysql_real_escape_string(): A link to the server could not be established in C:\inetp..... on line 14 Please enter your username Quote Link to comment Share on other sites More sharing options...
phpSensei Posted August 4, 2011 Share Posted August 4, 2011 Oh, thats because of mysql_real_escape_string, it requires a mysql connection. I assumed you were connected to a database. Try this, without mysql_real_escaep_string, however this will be a security risk, and you need to use them. If you just want to do this for testing purposes, then use the code below <?php if(!empty($_POST['submit'])){ $username = trim($_POST['user']); $password = trim($_POST['password']); if($username == "") { print "Please enter your username"; }elseif($password == "") { print "Please enter your password"; }elseif($username == "me" && $password == "test"){ // Username and password havebeen submitted print '<p>You are logged in</p>'; } } ?> Quote Link to comment Share on other sites More sharing options...
mallen Posted August 4, 2011 Author Share Posted August 4, 2011 Thanks I didn't even occur to me I should have caught that. Yes I am just testing to work with operators, errors etc. Now that its working I have one more fix. Once I am logged I don't want to show the form. Quote Link to comment Share on other sites More sharing options...
phpSensei Posted August 4, 2011 Share Posted August 4, 2011 Well you need to create a session which is saved on the server, then check if the session is set and that it is not empty, if this is the case then display "Hello User", else print the form again... session_start(); if (!isset($_SESSION['username'])) { session_regenerate_id(); $_SESSION['username'] = ""; }elseif($_SESSION['username'] != ""){ print "Hello User"; }else{ // print form } so just another very very basic example to help you get on your feet for the next few steps.. Quote Link to comment Share on other sites More sharing options...
mallen Posted August 5, 2011 Author Share Posted August 5, 2011 Phpsensei, Thanks again for all your help. I think I'm getting closer. It prints the user's name but still shows the form if they are signed in. <?php session_start(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Login Test Page</title> </head> <body> <?php if(!empty($_POST['submit'])){ $user = trim($_POST['user']); $password = trim($_POST['password']); if($user == "") { print "Please enter your username"; }elseif($password == "") { print "Please enter your password"; }elseif($user == "me" && $password == "test"){ // Check if username and password were submitted if (!isset($_SESSION['user'])){ session_regenerate_id(); //assign user's name to session $_SESSION['user'] = $_POST['user']; }elseif($_SESSION['user'] = "me"){ print '<p>You are logged in ' . $_SESSION['user'] . ' !</p>'; } } } ?> <form action="login5.php" method="post"> <table width="200" border="0"> <tr> <td width="71">User:</td> <td width="113"><label for="user"></label> <input type="text" name="user" id="user" /></td> </tr> <tr> <td>Password:</td> <td><label for="password"></label> <input type="password" name="password" id="password" /></td> </tr> <tr> <td> </td> <td><input type="submit" name="submit" value="Log in" /></td> </tr> </table> </form> </body> </html> Quote Link to comment Share on other sites More sharing options...
phpSensei Posted August 5, 2011 Share Posted August 5, 2011 Try this <?php session_start(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Login Test Page</title> </head> <body> <?php if(!empty($_POST['submit'])){ ?> $user = trim($_POST['user']); $password = trim($_POST['password']); if($user == "") { print "Please enter your username"; }elseif($password == "") { print "Please enter your password"; }elseif($user == "me" && $password == "test"){ // Check if username and password were submitted if (!isset($_SESSION['user'])){ session_regenerate_id(); //assign user's name to session $_SESSION['user'] = $_POST['user']; }elseif($_SESSION['user'] = "me"){ print '<p>You are logged in ' . $_SESSION['user'] . ' !</p>'; } } } ?> <?php if(($_SESSION['user'] == "" )|| (!isset($_SESSION['user']))){ ?> <form action="login5.php" method="post"> <table width="200" border="0"> <tr> <td width="71">User:</td> <td width="113"><label for="user"></label> <input type="text" name="user" id="user" /></td> </tr> <tr> <td>Password:</td> <td><label for="password"></label> <input type="password" name="password" id="password" /></td> </tr> <tr> <td> </td> <td><input type="submit" name="submit" value="Log in" /></td> </tr> </table> </form> </body> </html> <?php } ?> Quote Link to comment Share on other sites More sharing options...
mallen Posted August 5, 2011 Author Share Posted August 5, 2011 Parse error: syntax error, unexpected $end on last line Quote Link to comment Share on other sites More sharing options...
phpSensei Posted August 5, 2011 Share Posted August 5, 2011 <?php session_start(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Login Test Page</title> </head> <body> <?php if(!empty($_POST['submit'])){ $user = trim($_POST['user']); $password = trim($_POST['password']); if($user == "") { print "Please enter your username"; }elseif($password == "") { print "Please enter your password"; }elseif($user == "me" && $password == "test"){ // Check if username and password were submitted if (!isset($_SESSION['user'])){ session_regenerate_id(); //assign user's name to session $_SESSION['user'] = $_POST['user']; }elseif($_SESSION['user'] = "me"){ print '<p>You are logged in ' . $_SESSION['user'] . ' !</p>'; } } } ?> <?php if(($_SESSION['user'] == "" )|| (!isset($_SESSION['user']))){ ?> <form action="login5.php" method="post"> <table width="200" border="0"> <tr> <td width="71">User:</td> <td width="113"><label for="user"></label> <input type="text" name="user" id="user" /></td> </tr> <tr> <td>Password:</td> <td><label for="password"></label> <input type="password" name="password" id="password" /></td> </tr> <tr> <td> </td> <td><input type="submit" name="submit" value="Log in" /></td> </tr> </table> </form> </body> </html> <?php } ?> Quote Link to comment Share on other sites More sharing options...
mallen Posted August 5, 2011 Author Share Posted August 5, 2011 Notice: Undefined index: user in .....on line 41 if(($_SESSION['user'] == "" )|| (!isset($_SESSION['user']))){ ?> Quote Link to comment Share on other sites More sharing options...
phpSensei Posted August 5, 2011 Share Posted August 5, 2011 put this on top of your code, right under session_start(); error_reporting(E_ALL ^ E_NOTICE); Quote Link to comment Share on other sites More sharing options...
mallen Posted August 5, 2011 Author Share Posted August 5, 2011 I don't get an error, but the form goes away, then I refresh the screen and it says I'm logged in. Quote Link to comment Share on other sites More sharing options...
phpSensei Posted August 5, 2011 Share Posted August 5, 2011 Whats the problem then? Quote Link to comment Share on other sites More sharing options...
mallen Posted August 5, 2011 Author Share Posted August 5, 2011 When I enter the form, it should display "You are logged in me". But as it is now the screen goes blank, then if you refresh the screen the message shows. Quote Link to comment Share on other sites More sharing options...
phpSensei Posted August 5, 2011 Share Posted August 5, 2011 Your putting the hello message and the form submit in the same operation. 1 operation logs the user and writes the session, then you redirect the user to the hello.php page. In your case your saying "IF THE USER POSTS THE LOGIN FORM THEN DISPLAY THE HELLO MESSAGE". I also don't understand why you changed around the code I gave you originally. Try this <?php session_start(); error_reporting(E_ALL ^ E_NOTICE); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Login Test Page</title> </head> <body> <?php if(!empty($_POST['submit'])){ $user = trim($_POST['user']); $password = trim($_POST['password']); if($user == "") { print "Please enter your username"; }elseif($password == "") { print "Please enter your password"; }elseif($user == "me" && $password == "test"){ // Check if username and password were submitted if (!isset($_SESSION['user'])){ session_regenerate_id(); //assign user's name to session } $_SESSION['user'] = $_POST['user']; } } ?> <?php if(($_SESSION['user'] == "" )|| (!isset($_SESSION['user']))){ ?> <form action="login5.php" method="post"> <table width="200" border="0"> <tr> <td width="71">User:</td> <td width="113"><label for="user"></label> <input type="text" name="user" id="user" /></td> </tr> <tr> <td>Password:</td> <td><label for="password"></label> <input type="password" name="password" id="password" /></td> </tr> <tr> <td> </td> <td><input type="submit" name="submit" value="Log in" /></td> </tr> </table> </form> <?php }else{ print "Hello, ".$_SESSION['user']; }?> </body> </html> Quote Link to comment Share on other sites More sharing options...
mallen Posted August 6, 2011 Author Share Posted August 6, 2011 Ahh perfect. Thanks so much phpSensei. Now I will work on a mysql connection instead of a hardcoded user and password. Also will work on SQL injections. I know it would have been easier to just send the user to a "welcome" page but it was a learning experience using errors, conditions, and sessions. Quote Link to comment Share on other sites More sharing options...
phpSensei Posted August 6, 2011 Share Posted August 6, 2011 Np, mark topic as solved, always glad to help. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.