Hi All, Im new to scripting especially to PHP and HTML. Im trying to do a login page but I’m having issues when it comes to error messages.

login.html file

    <?php
    	include('login.php');
    	
    	if(isset($_SESSION['login_user'])){
    	header("location: welcome.html");
    	}
    ?>


<!DOCTYPE html>
<html>
	<head>
		<title>Login Form in PHP with Session</title>
		<link href="style.css" rel="stylesheet" type="text/css">
	</head>
		<body>
			<div id="main">
				<h1>PHP Login Session Example</h1>
			<div id="login">
		<h2>Login Form</h2>
		<form action="login.php" method="post">
				<label>Email Address :</label>
				<input id="email" name="email" placeholder="Enter Your Email Address" type="text">
				<label>Password :</label>
				<input id="password" name="password" placeholder="Enter Your Password" type="password">
				<input name="submit" type="submit" value=" Login ">
				<span><?php echo $error; ?></span>
		</form>
		</div>
		</div>
	</body>
</html>

login.php file

    <?php
    	   $host= 'localhost';
    	   $user= 'root';
    	   $pass= '';
    	   $db= 'newusers';
    	   
    	   
    	   $email = $_POST['email'];
    	   $password = $_POST['password'];
    	
    	
    	
    	
    		session_start(); // Starting Session
    		$error=''; // Variable To Store Error Message
    		if (isset($_POST['submit'])) {
    		if (empty($_POST['email']) || empty($_POST['password'])) {
    		$error = "Email Address or Password is invalid";
    }
    else
    {


    	// Establishing Connection with Server by passing server_name, user_id and password as a parameter
    	$connection = mysqli_connect($host,$user,$pass,$db);
    			if($connection) {
    						// To protect MySQL injection for Security purpose
    						//$username = stripslashes($username);
    						//$password = stripslashes($password);
    						//$username = mysql_real_escape_string($username);
    						//$password = mysql_real_escape_string($password);
    						// Selecting Database
    						//$db = mysql_select_db("company", $connection);
    						// SQL query to fetch information of registerd users and finds user match.
    		$query = "Select * from signup where Email = '$email' AND Password = '$password';";
    		$resultquery = mysqli_query ($connection,$query);
    		
    		if (mysqli_num_rows ($resultquery) == 1){
    		
    		$_SESSION['login_user']=$email; 
    		header("location: welcome.html"); 
    		} else {
    		$error = "Email Address or Password is invalid";
    		}
    		mysql_close($connection); 
    		}
    		}
    		}
    ?>

the issue that Im facing is that when the user enters wrong credentials or else click on the submit button without inserting any credentials no error messages are displayed. Also when I include the php in the html file and try to access login.html I’m being redirected to the welcome.html page.

Any help would be greatly appreciated

Thanks

For starters, stop mixing the obsolete mysql_* with Mysqli.

you must use exit or die after your header. I prefer exit;

header('Location: welcome.html');
exit;

<?php include('login.php'); if(isset($_SESSION['login_user'])){ header("location: welcome.html"); exit; } ?> Login Form in PHP with Session

I have just included the exit under the header however issue still not solved

adding exit will not fix all of your problems. i am not going to initiate a classroom session with you either, i am not an instructor. I will not rewrite your program either.

for one thing, you submit to login.php but you also include login.php in the same file as the form.
you don’t even test for server method as post and you are not using pdo.

the best thing for you to do is to look at login examples and follow the lead. Use google search: php login example or php secure login system example.

Issue was solved, and now working successfully