in my index.php there is a <p> tag in form. i want to print errors there from login.php file.
in login.php iam checking for 3 errors. is there a way i can print them in index.php in <p> tag?
i was thinking may be i use an array in login.php?
2nd question is that, what else can i do in my login.php so its harder to hack it.
----------------------- index.php ---------------------------------------------------
<?php
session_start();
include("connect.php");
//check, if user is loged in or not
if(isset($_SESSION['username']))
{
//log in(member)
echo
"
YOU ARE LOGED IN
<a href='logout.php'> logout! </a>
";
}
else
{
//not loged in(not member)
echo
"
YOU ARE NOT LOG IN!
<form method='post' action='login.php'>
<strong>Member Login </strong><br/>
<p id = 'error'>Print Errors here</p>
Username:<input name='username' type='text' id='username'><br/>
Password: <input name='password' type='password' id='password'><br/>
<input type='submit' value='Login'>
<a href='register.php'> Register! </a>
</form>
";
}
?>
---------------------------------------------- login.php ----------------------------------------------
<?php
session_start();
include("connect.php");
$post_username = $_POST['username'];
$post_password = $_POST['password'];
if($post_username && $post_password)
{
if(strlen($post_username) > 20 || strlen($post_password) > 20)
{
die("Username or Password character length is too long!");
}
else
{
//convert password to md5
$port_password = md5($post_password);
//query the database
$login = sprintf("SELECT * FROM user WHERE username='%s' AND password ='%s'", mysql_real_escape_string($post_username),mysql_real_escape_string($post_password));
$rowcount = mysql_num_rows(mysql_query($login));
$fieldarray= mysql_fetch_assoc(mysql_query($login));
$id= $fieldarray['user_id'];
if($rowcount == 1)
{
//log the user in
$_SESSION['username'] = $post_username;
$_SESSION['user_id'] = $id;
header('Location: index.php');
//echo $_SESSION['username'].", you hava been logged in! <a href='index.php'>Return</a>";
}
else
die("Incorrect username or password combination!");
}
}
else
die("Username and password required");
?>