<?php

		$db=mysql_connect('localhost','root','') or die('Cannot connect to MySQL!');			
		@mysql_select_db('dbriomra')or die('Cannot connect to database');
		
		
		// Retrieve username and password from database according to user's input
		
		$login = mysql_query("SELECT * FROM login WHERE (username = '" . mysql_real_escape_string($_POST['compid']) . "') and (password = '" . mysql_real_escape_string($_POST['pword']) . "')");

		// Check username and password match
		if (mysql_num_rows($login) == 1) {
        // Set username session variable
        $_SESSION['username'] = $_POST['compid'];
        // Jump to secured page
        header('Location: employee.php'); // kung anong file.php mag ffall ung user pag valid ung log in procedures nya.
}
else {
       
        // Jump to secured page
        //header('Location: index.php'); //homepage mo pag invalid
}

?>

i want to put a restriction, like, invalid username and password, but i don't know how, im new in php. thank you :)

Recommended Answers

That's goes in your 'else' part.
You can send back to index.php with a querystring like:

index.php?login=fail

or something similar. The index page picks up the $_GET value if set.

Jump to Post

All 3 Replies

Member Avatar

That's goes in your 'else' part.
You can send back to index.php with a querystring like:

index.php?login=fail

or something similar. The index page picks up the $_GET value if set.

As ardav said you can use the $_GET method...
If you do not want to use this method, use the other method.
In this method, you will have to place the above code on the login page and use the request type method i.e.

if($_SERVER['REQUEST_METHOD'] == 'POST')
{

}

...

Try this...

<?php
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
		$db=mysql_connect('localhost','root','') or die('Cannot connect to MySQL!');
		@mysql_select_db('dbriomra')or die('Cannot connect to database');
 
 
		// Retrieve username and password from database according to user's input
 
		$login = mysql_query("SELECT * FROM login WHERE (username = '" . mysql_real_escape_string($_POST['compid']) . "') and (password = '" . mysql_real_escape_string($_POST['pword']) . "')");
 
		// Check username and password match
		if (mysql_num_rows($login) == 1) {
        // Set username session variable
        $_SESSION['username'] = $_POST['compid'];
        // Jump to secured page
        header('Location: employee.php'); // kung anong file.php mag ffall ung user pag valid ung log in procedures nya.
}
else {
$message = "Invalid username or password"; 
}
} else {
$message = "";
}
echo "$message";
?>

Well, Thank you very much, you help me a lot :) my problem was solve :))))))

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.