0

I have a php file which checks for login and password from users database, it works fine.

But I am unable to validate the exact error to display if the user does not exist or password incorrect to the user and go back to previous page after error, help me how to display these errors.

<?php // access.php
include_once 'common.php';
include_once 'db.php';

session_start();

$uid = isset($_POST['uid']) ? $_POST['uid'] : $_SESSION['uid'];
$pwd = isset($_POST['pwd']) ? $_POST['pwd'] : $_SESSION['pwd'];

if(!isset($uid)) {
  ?>

  <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN" 
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml">
  <head>
<title>Login</title>
    <meta http-equiv="Content-Type"
      content="text/html; charset=iso-8859-1" />
<head>
<style type="text/css">
<!--
.style1 {
    font-size: 16px;
    font-family: Verdana, Arial, Helvetica, sans-serif;
}
.style3 {
    font-size: 12px;
    font-family: Verdana, Arial, Helvetica, sans-serif;
}
-->
</style>

  </head>
<body>
  <h1 class="style1"> <br><br>  Login Required </h1>
  <span class="style3"><br>
  You <strong>must login to access this area </strong>of the site. <br>
  <br>
  If you are not a registered user, please contact your Admin
     to sign up for instant access!</span>
  <p><form method="post" action="<?=$_SERVER['PHP_SELF']?>">
    <span class="style3">User ID:&nbsp;&nbsp;&nbsp;&nbsp;    
    <input type="text" name="uid" size="12" />
    <br>
    <br />
    Password:</span>    
    <input type="password" name="pwd" SIZE="12" />
    <br>
    <br />
    <input type="submit" value="Login" />
  </form></p>
</body>
 </html>

  <?php
  exit;
}

$_SESSION['uid'] = $uid;
$_SESSION['pwd'] = $pwd;

dbConnect("svga");
$sql = "SELECT * FROM user WHERE
        userid = '$uid' AND password = '$pwd'";
$result = mysql_query($sql);
if (!$result) {
  error('A database error occurred while checking your '.
        'login details.\\nIf this error persists, please '.
        'contact [email protected].');
   }

if (mysql_num_rows($result) == 0) {
  unset($_SESSION['uid']);
  unset($_SESSION['pwd']);
  ?>

  <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml">
      <head>
    <title> Access Denied </title>
    <meta http-equiv="Content-Type"
      content="text/html; charset=iso-8859-1" />
        <style type="text/css">
<!--
.style1 {
    font-size: 16px;
    font-family: Verdana, Arial, Helvetica, sans-serif;
}
.style3 {
    font-size: 12px;
    font-family: Verdana, Arial, Helvetica, sans-serif;
}
-->
</style>  

  </head>
  <body>
  <br/>
  <br/>

  <h1 class="style1"> Access Denied </h1>
  <p class="style3">Your user ID or password is incorrect, or you are not a
     registered user on this site. To try logging in again, click
     <a href="<?=$_SERVER['PHP_SELF']?>">here</a>. To access, please contact our Admin     !</a>.</p>
  </body>
  </html>

<?php
  exit;
}
$username = mysql_result($result,0,'fullname');
$_SESSION['user'] = mysql_result($result,0,'userid');
?>
Improve this question
2
  • Don`t tell your user what field he inserted wrong. This is for security reasons. Just show common message like "Incorrect username and/or password". Commented Jun 27, 2012 at 12:50
  • @Rafael Sedrakyan You are right ! But my requirement is such that I have to display what is the error to the user. Commented Jun 27, 2012 at 12:57

1 Answer 1

Reset to default
1

simply put

if(mysql_num_rows($result)==0) {
header('location:your_page.php');
}

this will redirect you to the page and assuming that you have defined error() method, just 

echo error();
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

could you explain how to write error() method and in which script
After checking the num of rows if we redirect it to the login page where a user enters username, it would loose all the data already entered !
for this you can use sessions to restore the data into your forms.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.