Member Avatar for shielaolid 
<?php

		$db=mysql_connect('localhost','root','') or die('Cannot connect to MySQL!');			
		@mysql_select_db('dbriomra')or die('Cannot connect to database');
		
		
		// Retrieve username and password from database according to user's input
		
		$login = mysql_query("SELECT * FROM login WHERE (username = '" . mysql_real_escape_string($_POST['compid']) . "') and (password = '" . mysql_real_escape_string($_POST['pword']) . "')");

		// Check username and password match
		if (mysql_num_rows($login) == 1) {
        // Set username session variable
        $_SESSION['username'] = $_POST['compid'];
        // Jump to secured page
        header('Location: employee.php'); // kung anong file.php mag ffall ung user pag valid ung log in procedures nya.
}
else {
       
        // Jump to secured page
        //header('Location: index.php'); //homepage mo pag invalid
}

?>

i want to put a restriction, like, invalid username and password, but i don't know how, im new in php. thank you :)

  • 3 Contributors
  • 3 Replies
  • 203 Views
  • 2 Days Discussion Span
  • Latest Post Latest Post by shielaolid

Recommended Answers

All 3 Replies

Member Avatar for diafol

That's goes in your 'else' part.
You can send back to index.php with a querystring like:

index.php?login=fail

or something similar. The index page picks up the $_GET value if set.

Member Avatar for shahbaz13

As ardav said you can use the $_GET method...
If you do not want to use this method, use the other method.
In this method, you will have to place the above code on the login page and use the request type method i.e.

if($_SERVER['REQUEST_METHOD'] == 'POST')
{

}

...

Try this...

<?php
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
		$db=mysql_connect('localhost','root','') or die('Cannot connect to MySQL!');
		@mysql_select_db('dbriomra')or die('Cannot connect to database');
 
 
		// Retrieve username and password from database according to user's input
 
		$login = mysql_query("SELECT * FROM login WHERE (username = '" . mysql_real_escape_string($_POST['compid']) . "') and (password = '" . mysql_real_escape_string($_POST['pword']) . "')");
 
		// Check username and password match
		if (mysql_num_rows($login) == 1) {
        // Set username session variable
        $_SESSION['username'] = $_POST['compid'];
        // Jump to secured page
        header('Location: employee.php'); // kung anong file.php mag ffall ung user pag valid ung log in procedures nya.
}
else {
$message = "Invalid username or password"; 
}
} else {
$message = "";
}
echo "$message";
?>
Member Avatar for shielaolid

Well, Thank you very much, you help me a lot :) my problem was solve :))))))

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.