Hi All, Im new to scripting especially to PHP and HTML. Im trying to do a login page but I’m having issues when it comes to error messages.
login.html file
<?php
include('login.php');
if(isset($_SESSION['login_user'])){
header("location: welcome.html");
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Login Form in PHP with Session</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="main">
<h1>PHP Login Session Example</h1>
<div id="login">
<h2>Login Form</h2>
<form action="login.php" method="post">
<label>Email Address :</label>
<input id="email" name="email" placeholder="Enter Your Email Address" type="text">
<label>Password :</label>
<input id="password" name="password" placeholder="Enter Your Password" type="password">
<input name="submit" type="submit" value=" Login ">
<span><?php echo $error; ?></span>
</form>
</div>
</div>
</body>
</html>
login.php file
<?php
$host= 'localhost';
$user= 'root';
$pass= '';
$db= 'newusers';
$email = $_POST['email'];
$password = $_POST['password'];
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['email']) || empty($_POST['password'])) {
$error = "Email Address or Password is invalid";
}
else
{
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysqli_connect($host,$user,$pass,$db);
if($connection) {
// To protect MySQL injection for Security purpose
//$username = stripslashes($username);
//$password = stripslashes($password);
//$username = mysql_real_escape_string($username);
//$password = mysql_real_escape_string($password);
// Selecting Database
//$db = mysql_select_db("company", $connection);
// SQL query to fetch information of registerd users and finds user match.
$query = "Select * from signup where Email = '$email' AND Password = '$password';";
$resultquery = mysqli_query ($connection,$query);
if (mysqli_num_rows ($resultquery) == 1){
$_SESSION['login_user']=$email;
header("location: welcome.html");
} else {
$error = "Email Address or Password is invalid";
}
mysql_close($connection);
}
}
}
?>
the issue that Im facing is that when the user enters wrong credentials or else click on the submit button without inserting any credentials no error messages are displayed. Also when I include the php in the html file and try to access login.html I’m being redirected to the welcome.html page.
Any help would be greatly appreciated
Thanks