How do you return login form errors to the same page using PHP?

Question

I'm relatively new to PHP and have exhausted the internet trying to find an answer to this problem. I've looked at countless examples but people seem to very different login systems to mine and I have trouble deciphering it.

Here is my code so far:

index.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Video for Education Log In</title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>



<body>
<div id="wrapper">
<div id="header">
    <div id="logo">
        videoedu.edu    </div>
    <div id="menu">
        <ul>
            <li><a href="account.html" class="menua">Create Account</a></li>
            <li><a href="about.html" class="menua">About Us</a></li>
        </ul>
    </div>
</div>
<br><br><br><br>
<div id="page">

<div id="content">
    <h2>Video for Education helps you connect and share with the videos in your life.</h2>
    <h3>Upload Share Create Using video for your education purposes. Lecturers Welcome
    Upload Share Create Using video for your education purposes. Lecturers Welcome
    Upload Share Create Using video for your education purposes. Lecturers Welcome</h3>
    <div class= "form">
    <form name="login" method="post" action="checklogin.php">
        Username: <input type="text" name="myusername" id="myusername" class="textb"/><br />
        Password  :  <input type="password" name="mypassword" id="mypassword" class="textb"/><br />
        <br>
        <input type="submit" name="login" value="Login" id="login" class="texta" />
    </form>
    </div>
</div>
</div>
</div>
</body>
</html>

checklogin.php

<?php

$host = "localhost";
$username = "root";
$password = "";
$db_name = "test";
$tbl_name = "members";

mysql_connect("$host", "$username", "$password")or die("Cannot connect.");
mysql_select_db("$db_name")or die("Cannot select DB.");

$myusername=$_POST["myusername"];
$mypassword=$_POST["mypassword"];


    if ($myusername&&$mypassword)
    {

    $myusername = stripslashes($myusername);
    $mypassword = stripslashes($mypassword);
    $myusername = mysql_real_escape_string($myusername);
    $mypassword = mysql_real_escape_string($mypassword);

    $sql = "SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
    $result = mysql_query($sql);

    $count = mysql_num_rows($result);

    if($count == 1){
    session_register("myusername");
    session_register("mypassword"); 
    header("location:login_success.php");
        }
    else 
        {
    echo "Wrong Username or Password";
        }
    }

    else

    echo "You have left one or more fields blank.";

?>

login_success.php

<? 
session_start();
if( !isset( $_SESSION['myusername'] ) ){
header("location:account.html");
}

echo "Welcome, ".$_SESSION['myusername']." - You are now logged in.<br>";

echo "<a href=logout.php>Logout</a>"
?>

<html>
<body>

</body>
</html>

logout.php

<?php

session_start();

session_destroy();

echo "You have been logged out, <a href='index.php'>click here</a> to return."

?>

I have tried inserting this into index.html and changing the file name to index.php.

$submit = $_POST["login"];

if($submit)
{

}

...but it just constantly displays one of the errors ('Wrong username or password') down the bottom of the page at all times.

I want it so that if the user enters a wrong username or password, or leaves a required field blank, the error will pop up on the same page, instead of going to a new ugly, blank PHP page with the error message in the top left-hand corner.

Answer 1

In checklogin.php, instead of echoing an error, use this:

die(header("location:index.html?loginFailed=true&reason=password"));

or something similar, and in your index.html page, just have PHP generate the HTML message, something like this:

    <input type="submit" name="login" value="Login" id="login" class="texta" /><br /><br />
    <?php $reasons = array("password" => "Wrong Username or Password", "blank" => "You have left one or more fields blank."); if ($_GET["loginFailed"]) echo $reasons[$_GET["reason"]]; ?>
</form>

Also, make sure to die() or exit() when you use header to redirect the page, otherwise the rest of your script continues to run.

Answer 2

What you can do is, redirect back to your page if data is invalid. Put errors into session and display them on page:

e.g.:

<?php if(isset($_SESSION['Login.Error'])  { echo $_SESSION['Login.Error'];
 unset($_SESSION['Login.Error']); } ?>
<form ....

and your error will be visible on page.

In your PHP

 $_SESSION["Login.Error"] = 'Invalid credentials';//redirect back to your login page

Answer 3

In checklogin.php, if the user enters a wrong username or password, use the code like this:

echo "<script language=\"JavaScript\">\n";
echo "alert('Username or Password was incorrect!');\n";
echo "window.location='login.php'";
echo "</script>";

It will pop up the error message at the same page (login page), instead of going to a blank PHP page.