How to display login error message on the login page with php

Question

When login is successful, the user is redirected to the main page of my site. My code redirects the user to a blank page when they input incorrect login details (login_parse.php), and here the error message 'Login unsuccessful' appears. I want the error message to appear on the login page (index.php).

Login page:

<?php session_start(); ?>
<!DOCTYPE html> 
<html>

<link rel="stylesheet" type="text/css" href="style.css">

<head>
</head>

<body>


<form id='registration_form' action='registration.php' method='post'>
    <input id ='new_username' type='text' name='new_username'     placeholder='Create a username' oninvalid="this.setCustomValidity('Please create   a username')"required></input>
    <input id ='new_password' type='password' name='new_password'     placeholder='Create a password' oninvalid="this.setCustomValidity('Please create     a password')" required></input>
    <input id ='new_email' type='email' name='new_email' placeholder='Enter   a   valid student.lboro.ac.uk email     address'oninvalid="this.setCustomValidity('Please enter a valid     student.lboro.ac.uk email address')" required></input>
    <input id ='register_button' type='submit' value='Sign Up'/>
</form>

</body>
</html>

login_parse.php:

<?php

session_start();

include "dbconnect.php";

if (isset($_POST['username'])) {

  $username = $_POST['username'];
  $password = $_POST['password'];
  $sql = "SELECT * FROM Users WHERE username= '".$username."' AND   password='".$password."' LIMIT 1";
  $res = mysqli_query($db, $sql) or die(mysqli_error);

       if (mysqli_num_rows($res) == 1) {

          $row = mysqli_fetch_array($res);
          $_SESSION['uid'] = $row['id'];
          $_SESSION['username'] = $row['username'];
          header("Location: shownewposts.php");
          exit();


          } 
          else {

            echo "Login unsuccessful";
            exit();
          }

}

?>

[Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). — Jay Blanchard, Apr 01 '16 at 16:28
Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). — Jay Blanchard, Apr 01 '16 at 16:28
If you want to stay on the same page use JavaScript and AJAX - unless you want to reload the page. — Jay Blanchard, Apr 01 '16 at 16:29

score 1 · Answer 1 · edited Jun 27 '20 at 10:36

Look at http://www.phptherightway.com/#pdo_extension for input filter and PDO.

You can create a session variable in else statement. Something Like:

   <?php

   session_start();

   include "connect.php";

   if (isset($_POST['username'])) {
     unset( $_SESSION['errorMessage'] );
     $username = $_POST['username'];
     $password = $_POST['password'];
     $sql = "SELECT * FROM Users WHERE username= '".$username."' AND   password='".$password."' LIMIT 1";
     $res = mysqli_query($db, $sql) or die(mysqli_error);

      if (mysqli_num_rows($res) == 1) {
         $row = mysqli_fetch_array($res);
         $_SESSION['uid'] = $row['id'];
         $_SESSION['username'] = $row['username'];
         header("Location: shownewposts.php");
         exit();
     } 
     else {
         $_SESSION['errorMessage'] = true;
         header("Location: index.php");
         exit();
     }

   }

   ?>

And in index.php check if session variabile exists and print message

    <?php session_start(); ?>
    <!DOCTYPE html> 
    <html>
    
    <link rel="stylesheet" type="text/css" href="style.css">
    
    <head>
    </head>
    
    <body>     
    
    <?php
       if (isset($_SESSION['errorMessage'])){
         echo "<span style='color:red;'>Check your input</span>";
       }
    ?>
    <form id='registration_form' action='registration.php' method='post'>
        <input id ='new_username' type='text' name='new_username'     placeholder='Create a username' oninvalid="this.setCustomValidity('Please create   a username')"required></input>
        <input id ='new_password' type='password' name='new_password'     placeholder='Create a password' oninvalid="this.setCustomValidity('Please create     a password')" required></input>
        <input id ='new_email' type='email' name='new_email' placeholder='Enter   a   valid student.lboro.ac.uk email     address'oninvalid="this.setCustomValidity('Please enter a valid     student.lboro.ac.uk email address')" required></input>
        <input id ='register_button' type='submit' value='Sign Up'/>
    </form>
    
    </body>
    </html>

How to display login error message on the login page with php

1 Answers1