How do I get login error messages on the same page?

Question

0.00/5 (No votes)

See more:

Hello I am wondering how to get login error messages on the same page. As of right now I am only able to get to show with opening a new page and echoing "Invalid username or password". If you can help I'd love to hear your ideas thank you so much!

loginpage.php code below

PHP

<pre><?php
require_once("db.form.php");
?>
<!DOCTYPE html>
<html>
  <head>
    <meta charset="utf-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <title>L&B Furniture</title>
    <link rel="stylesheet" href="style.css" />
    <link rel="preconnect" href="https://fonts.googleapis.com" />
    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin />
    <link
      href="https://fonts.googleapis.com/css2?family=Poppins&display=swap"
      rel="stylesheet"
    />
  </head>
  <body onload="slider()">
    <div class="back">
      <div class="slider">
        <img src="images/bedroom.jpeg" alt="" id="slideImg" />
      </div>
      <div class="overlay">
        <div class="nav-design">
          <div class="logo">L&B FURNITURE</div>
        </div>
        <div class="content">
          <h1>L&B is all you need!</h1>
          <h3>
            All customers are required to create an account before they are able
            to continue to the homepage
          </h3>
          <h3>Do you have an account already? Please login in below:</h3>
          <div>
            <form action="login.form.php" method="POST">
              <label class="usernamestyle">User Name :</label
              ><input
                class="loginbox"
                style="margin-bottom: 100px"
                type="text"
                name="usersUSERSNAME"
                placeholder="Enter User Name"
              /><br />
              <label class="passwordusername">Password: </label
              ><input
                class="passwordbox"
                type="password"
                name="usersPWD"
                placeholder="Enter Password"
              />
              <button class="loginbuttons" type="submit">Login</button>
            </form>
            <form action="register.form.php" method="POST">
              <button class="registerbutton" type="Submit">
                Create an account
              </button>
            </form>
          </div>
        </div>
      </div>
    </div>
    <script>
      var slideImg = document.getElementById("slideImg");

      var images = new Array(
        "images/bedroom.jpg",
        "images/office.jpg",
        "images/livingroom.jpg",
        "images/diningroom.jpg",
        "images/bathroom.jpg"
      );

      var len = images.length;
      var i = 0;

      function slider() {
        if (i > len - 1) {
          i = 0;
        }
        slideImg.src = images[i];
        i++;
        setTimeout("slider()", 4000);
      }
    </script>
  </body>
</html>

login.form.php which is called from the main login page.

PHP

<?php

require("db.form.php");

$usersUSERSNAME = $_POST['user'];  
$usersPWD = $_POST['pwd'];  
  
    //to prevent from mysqli injection  
    $username = stripcslashes($usersUSERSNAME);  
    $password = stripcslashes($usersPWD);  
    $username = mysqli_real_escape_string($conn, $usersUSERSNAME);  
    $password = mysqli_real_escape_string($conn, $usersPWD);  
  
    $sql = "select *from users where usersUSERSNAME = '$usersUSERSNAME' and usersPWD = '$usersPWD'";  
    $result = mysqli_query($conn, $sql);  
    $row = mysqli_fetch_array($result, MYSQLI_ASSOC);  
    $count = mysqli_num_rows($result);  
      
    if($count == 1){  
        header("location: homepage.php");
    }  
    else{  
        echo "<h1> Login failed. Invalid username or password.</h1>";  
    }

What I have tried:

I havent tried much, I tried to play around with the $_SESSION and create an error but I couldnt get it to work

Posted 2-Dec-21 4:15am

Bryan Woodruff

Updated 2-Dec-21 4:37am

Add a Solution

Comments

Richard Deeming 2-Dec-21 11:46am

PHP: SQL Injection - Manual[^]
PHP: Prepared statements and stored procedures - Manual[^]

Richard Deeming 2-Dec-21 11:47am

Also, never store passwords in plain text.
Secure Password Authentication Explained Simply[^]
Salted Password Hashing - Doing it Right[^]

PHP even has built-in functions to help you do the right thing.
PHP: password_hash[^]
PHP: password_verify[^]

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Chris Copeland · Answer 1 · 2021-12-02T04:37:00

The main issue comes from how you've named your form elements vs. what you're expecting in PHP:

HTML

<input .. name="usersUSERSNAME" .. />
<input .. name="usersPWD" .. />

Versus:

PHP

$usersUSERSNAME = $_POST['user'];  
$usersPWD = $_POST['pwd'];

You're trying to reference inputs with different names. Remember that the $_POST variable contains values corresponding to the names of the elements in your form. So in this case your 'user' needs to be 'usersUSERSNAME' and your 'pwd' needs to be 'usersPWD' so that they match. Or you can choose to rename the input elements instead.

That being said, obligatory comment about using variables directly within an SQL statement. Even using escape string it's still better practise to use prepared statements and bind the parameters. PHP MySQL Prepared Statements[^]