PHP Login Form in HTML Page

General PHP Help
#1

I want to make my HTML page login form active. I want to let users login from the home page without the need of visiting login.php. I dont know if I have to change my HTML page into PHP to make this form work. I want to keep my own HTML design but, I just want the HTML page able to POST into PHP login page.

-----------------------------------HTML---------------------------------------------------

      <div class="PackBoxMiddle">
        <table width="210" border="0" cellspacing="0" cellpadding="0" align="center" class="LoginFormBox">
          <tr>
            <td>&nbsp;</td>
            <td >&nbsp;</td>
          </tr>
          <tr>
            <td>Login :</td>
            <td class="LoginFormBoxInput"><input name="" type="text" value="Enter Your Login id" onclick="if(this.value=='Enter Your Login id'){this.value=''}" onblur="if(this.value==''){this.value='Enter Your Login id'}"  class="LoginFormBoxInputField"/></td>
          </tr>
          <tr>
            <td>&nbsp;</td>
            <td >&nbsp;</td>
          </tr>
          <tr>
            <td>Password :</td>
            <td class="LoginFormBoxInput"><input name="" type="text" value="Enter Your Password" onclick="if(this.value=='Enter Your Password'){this.value=''}" onblur="if(this.value==''){this.value='Enter Your Password'}"  class="LoginFormBoxInputField" /></td>
          </tr>
          <tr>
            <td>&nbsp;</td>
            <td >&nbsp;</td>
          </tr>
          <tr>
            <td>&nbsp;</td>
            <td align="center"><a id="LoginBtn" href="#" title="Login"><span>Login</span></a></td>
          </tr>
          <tr>
            <td>&nbsp;</td>
            <td align="center"><a href="https://www.holahr.com/leave/register.php">Register Now</a></td>
          </tr>
        </table>
      </div>
      <!-- End PackBoxMiddle -->

-----------------------------------HTML----------------------------------------------------
-----------------------------------PHP------------------------------------------------------

<?php session_start(); include("codelibrary/variables.php"); //include("include/functions.php"); @extract($_REQUEST); if($_POST['submitform'] == "yes") { $password=md5($_POST['password']); //$sql=mysql_query("select * from user where username='$username' and password='$password' "); $sql=mysql_query("select * from user where email='$email' and password='$password' "); //echo $sql="select * from user where email='$email' and password='$password' "; $rr=mysql_num_rows($sql); if($rr>0){ $li = mysql_fetch_assoc($sql); if($li['status']==1) { mysql_query("update user set login_date=now() where id='".$li['id']."'"); $_SESSION['sess_uid'] = $li['id']; $_SESSION['sess_username'] = $li['username']; $_SESSION['sess_comp_id'] = $li['company_id']; $_SESSION['sess_email'] = $li['email']; if($_REQUEST['back']){ header("location: ".$_REQUEST['back']); exit(); }else{ echo ""; } } else { $_SESSION[sess_msg1] = $lang_jv_msg_account_deactivated; header("location: login.php"); exit(); } if($_REQUEST['back']){ header("location: ".$_REQUEST['back']); exit(); }else{ header("location: index.php"); exit(); } }else{ $_SESSION[sess_msg1] = $lang_jv_msginvalid; } } echo ''; $filename = "include/login.php"; include("include/main.inc.php"); ?>
#2

you will have to change your home page to have an ending of .php if it is just .html, then you will have to add all the php code from the login page to the home page remember that at the beginning of the php code to have a <?
and at the end of the code have a ?>. YOu can either put the php at the top of the html code or on the bottom or somewhere in the middle if you want as long as the code is inside the <? ?> tags. also I did not notice a <form method=post action=> in the form page this might cause problems for firefox, sometimes firefox will not treat it a form as a form unless you have that at the beginning of the form then also make sure to put at the end of the form! you don need to add the “action=” if you are just posting the data to the same page.
also this type of login is very insecure you are not validating the users email input so your website could easily be hacked.
enter a single quote ’ for the and see if you get a mysql error! I bet you will. you might want to use a regular expression to verify the email or to heck with it you could even md5 the email if you are only using it for login purpose, ;D but if you are storing the emails to use to contact them then you need to validate the email before doing extract() and querying the database.
next I dont even think you are using extract in the right fashion, you do not need to extract to get post or get values, if you post to the page the post values will be there! I would just remove the @extract($_REQUEST);

Sponsor our Newsletter | Privacy Policy | Terms of Service