What i want to do is make things appear.
I have created a login system. What i want to do is make a box saying "incorrect password" or something like that when they incorrectly answer the username and password.
The backend is fairly simple. I plan to make it more complex after i get the answer to this. Also, some of the front end is written in Bootstrap. And, i am using MySQL to contain the Username and Password information.
What i need is, a simple PHP variable to be called later in the HTML. I will not be combining the backend and the frontend together.
My Code:
Frontend:
<html>
<head>
<link rel="stylesheet" href="../../css/bootstrap.min.css"/>
<title>User Login</title>
</head>
<body>
<div class="container">
<div align="center" class="jumbotron">
<div class="container">
<h1>User Login</h1>
</div>
</div>
<div align="center" class="container">
<form action="login.php" method="post">
<div class="form-group">
<input type="text" name="username" id="username" placeholder="Username"/>
</div>
<div class="form-group">
<input type="password" name="password" id="password" placeholder="Password"/>
</div>
<input value="Submit" type="submit" class="btn btn-primary"/>
</form>
</div>
</div>
</body>
</html>
Backend:
<?php
session_start();
$servername = "**BLOCKED**";
$username = "**BLOCKED**";
$password = "**BLOCKED**";
$dbname = "**BLOCKED**";
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT password FROM user WHERE username = '" . $_POST["username"] . "'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc())
{
if ($row["password"] == $_POST["password"])
{
$_SESSION["Authenticated"] = true;
header("Location: ../");
}else
{
echo "Login failed";
}
//Debug
//echo " password DB: " . $row["password"];
//echo " password IN: " . $_POST["password"];
}
} else {
echo "User not found!";
}
$conn->close();
add/replace:
$result = $conn->query($sql);
$FORM_DATA = ''; // variable with will go to the view (html)
&
//echo "Login failed";
$FORM_DATA = 'Wrong login or password';
&
//echo "User not found!";
$FORM_DATA = 'Wrong login or password';
& View (html) after:
<div align="center" class="jumbotron">
<div class="container">
<h1>User Login</h1>
</div>
</div>
add html with variable
<?php if($FORM_DATA): ?>
<div align="center" class="jumbotron">
<div class="container">
<p style="color: red"><?php echo $FORM_DATA ?></p>
</div>
</div>
<?php endif; ?>
Ok, what you need to do is put your messages for the user into a variable instead of using echo within your backend script. E.g.:
//login failed
$message = 'Login Failed';
Your frontend script then needs a way of showing this information to the user. Perhaps above the form tag add:
<div style="colour: red"><?php echo $message; ?></div>
This would give you a basic mechanism for feeding back to the user. Looking at your code, I also strongly suggest reading up on SQL injection vulnerabilities and how to use mysqli_real_escape_string to mitigate against the more obvious attacks a user could try against your system.
Please update your code something like that
<?php
session_start();
$servername = "**BLOCKED**";
$username = "**BLOCKED**";
$password = "**BLOCKED**";
$dbname = "**BLOCKED**";
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$message ='';
if(!empty($_POST["username"]) && !empty($_POST["password"])) {
$sql = "SELECT password FROM user WHERE username = '" . $_POST["username"] . "'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc())
{
if ($row["password"] == $_POST["password"])
{
$_SESSION["Authenticated"] = true;
header("Location: ../");
}else
{
$message = "Login failed.please enter correct password";
}
//Debug
//echo " password DB: " . $row["password"];
//echo " password IN: " . $_POST["password"];
}
} else {
$message= "User not found!";
}
}else
{
$message ="Please enter username/password";
}
$conn->close();
?>
<html>
<head>
<link rel="stylesheet" href="../../css/bootstrap.min.css"/>
<title>User Login</title>
</head>
<body>
<div class="container">
<div align="center" class="jumbotron">
<div class="container">
<h1>User Login</h1>
</div>
</div>
<div align="center" class="container">
<div style="color: red"><?php echo $message; ?></div>
<form action="" method="post">
<div class="form-group">
<input type="text" name="username" id="username" placeholder="Username"/>
</div>
<div class="form-group">
<input type="password" name="password" id="password" placeholder="Password"/>
</div>
<input value="Submit" type="submit" class="btn btn-primary"/>
</form>
</div>
</div>
</body>
</html>