i have a index.php page that contains a form and I want it to display the proper error. based on the info it gets from my login.php file. As soon as it loads though, it always displays “successful login” even when no information is entered. I have attached the files. PLEASE HELP
index.php -------
<?php
error_reporting(E_ALL | E_STRICT);
ini_set('display_errors', True);
session_start();
?>
<html>
<head>
<title>My login</title>
</head>
<body>
<div></div>
<?php if (isset($_SESSION['username'])) { ?>
You are now logged in
<a href="logout.php">Logout</a>
<?php } ?>
<form action="login.php" method="post">
username: <input name="username" type="text" />
password: <input name="password" type="password" />
<input type="submit" />
</form>
<!-- Output Error -->
<?php if (in_array('error',$_SESSION)) echo $_SESSION['error']; unset($_SESSION['error']); ?>
</body>
</html>
login.php ----
<?php
session_start();
$db_host = 'localhost';
$db_user = 'root';
$db_pass = '';
$db_db = 'users';
if (isset($_POST['username']))
{
// Mysql Connection
$db_link = mysql_connect($db_host, $db_user, $db_pass)
or die('MySQl Connection Error:'.mysql_error());
mysql_select_db($db_db)
or die('MySQL Error: Cannot select table');
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
// MySQL Query
$result = mysql_query("SELECT * FROM users
WHERE username = '$username' AND password = '$password' ");
if(!$result) {
$_SESSION['error'] = '<span style="color: red">Login Failed</span>';
} else {
// Mysql fetch row results
$row = mysql_fetch_assoc($result);
$_SESSION['userid'] = $row['id'];
$_SESSION['username'] = $username;
$_SESSION['error'] = 'Login successful<br> Welcome, '.$username;
}
mysql_close($db_link);
}
header('Location: ./')
?>
ADMIN EDIT: Added the php CODE tags for readability