Hi,

This is the website that I created:

http://www.masterlink.co.id/cgoods/index.php

index.php

<?php
//start session    
session_start();     

//unset any session data until user submits valid username and password    
// this is correct way not unset($_SESSION), sorry my mistake    
// see http://www.php.net/manual/en/function.session-unset.php    

session_unset();    
session_destroy(); 
?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Masterlink International</title>
<link href="style.css" rel="stylesheet" type="text/css" />
<link rel="stylesheet" href="includes/navstyle.css" />
<script type="text/javascript" src="includes/jquery-1.4.2.min.js"></script>
<script type="text/javascript" src="includes/superfish.js"></script>
<script type="text/javascript">
jQuery(function(){
	jQuery('ul.menu').superfish({
		animation: {opacity:'show',height:'show'},
		speed: 'slow', 
		autoArrows: true
	});
});
</script>
</head>

<div id="weblayout">
<?php include("includes/header.php"); ?>

     

<body>

<div id="login">
      
      <form action="proseslogin.php" method="post" name="login" target="_self" id="login" style="style.css" title="login"><br />
          <label>user    :          </label>
          <input type="text" name="username" id="username" />
          <label>password:          </label>
          <input type="text" name="password" id="password" />
          <input type="submit" name="Login" id="Login" value="Login" />
       </form>

proseslogin.php

<?php

// start session
session_start(); 

$username = $_POST['username'];
$password = $_POST['password'];
$login = isset($_POST['login']) ? $_POST['login'] : false;

//function
function periksa ($username, $password){
		if (($username=="*****") and ($password=="*****")){
			return true;
		}else{
			return false;
		}
	}	
	
// cek		
if (periksa($username, $password)) {
		$login=true;	
}
else {
				
	  header("Location: http://www.masterlink.co.id/cgoods/index.php");
}
if ($login) {
	//echo "<br>Di sini blok aplikasi setelah login dilakukan";
	//echo "<br>Anda berhasil menjalankan!";
	
	// buat session username
	$_SESSION['username'] = $username;	
	header("Location: http://www.masterlink.co.id/cgoods/admin.php");
	exit();
}


?>

This is what I want, when user enter the username or password incorrectly, there should be an error message next to the login form. "Incorrect username or password".

Also, the password must be encapsulated ("*****" instead of "abcde"), or other people may not see what the user type-in. How to code that way ?

At this point, everyone around you can see what you type-in the password form box.

For issue 2:

<input type="password" name="password" id="password" />

for the first one

// start session
    session_start();
     
    $username = $_POST['username'];
    $password = $_POST['password'];
    
    // make sure there's nto weird code in the post's
    $username = stripslashes($username);
	$password = stripslashes($password);
	$username = mysql_real_escape_string($username);
	$password = mysql_real_escape_string($password);
    // also when storing in database your going to want to salt or md5 your passwords $password = md5($password)
     
    //function
    function periksa ($username, $password){
    if (($username=="*****") and ($password=="*****")){
    $answer = "yes";
	return $answer;
    }else{
    $answer = "no";
    return $answer;
    }
    }
     
    // cek
    
    $logincheck = periksa($username, $password);
	
	
    if ($logincheck === "yes") {
    //echo "<br>Di sini blok aplikasi setelah login dilakukan";
    //echo "<br>Anda berhasil menjalankan!";
     
    // buat session username
    $_SESSION['username'] = $username;
    header("Location: http://www.masterlink.co.id/cgoods/admin.php");
    exit();
    }ELSE{
    	
    echo "sorry wrong username or password";
		
    }
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.