Login Page Usinhg PHP

I have been tryin to create simple login page using php witout success

i juss want to give two fields userid and password nd if nyof they field is empty then on submit it shud throw an error sayin one or more fields are empty error shud be on same page on which textboxes r ther ther so error shud appear on top of entry boxes if validation fails and if its a success then it shud redirect to another page

i have been very confused how to redirect and how to display error retaining textboxes on same page

 

First post the code whatever you have got.

 

<?php
if (isset($_POST['Submit']))
{
if (!$_POST['UserId']||!$_POST['Password'])
{
die("Please Fill Required Details");

}
else
header('Location:Logged.php');

}
else

?>
<form action="<? echo $_SERVER['PHP_SELF']?>" method="post">
UserName : <input type="text" name="UserId"> <br>
Password: <input type="text" name="Password"><br>
<input type="button" name="Submit" value="Submit">

</form>

Please Suggest Changes So tht I get Error On same Page If Fields Are Empty IF they Are Not Then on submit it shud redirect

 

Something like:

<?php
if (isset($_POST['Submit']))
{
if (empty($_POST['UserId'])) {
 $un_error = "<p class='error'>You didn't write a username</p>"; }
elseif ($_POST['UserId'] != <some check to see if user exist>) {
 $un_error = "<p class='error'>User do not exist</p>"; }
else {
$un_error = ""; }
if (empty($_POST['Password'])) {
 $up_error = "<p class='error'>Please fill in the password field</p>"; }
elseif ($_POST['Password'] != <password registered to UserId>) {
 $up_error = "<p class='error'>Wrong password - please try again</p>";  }
else {
$up_error = ""; }
if (isset($_POST['UserId']) == <user ID from db or something>) && (isset($_POST['Password']) == <userIDs password>) && $un_error == "" && up_error == "") {
header('Location:Logged.php'); }
else {
?>
<form action="<? echo $_SERVER['PHP_SELF']?>" method="post">
<p>UserName : <input type="text" name="UserId" /></p>
<?php echo $un_error; ?>
<p>Password: <input type="text" name="Password" /></p>
<?php echo $up_error; ?>
<p><input type="button" name="Submit" value="Submit" /></p>
</form>

PHP:

This isn't a complete code-example - there should be some more error-checking added and such, before submitting to the logged-in page, but you should get the general idea

 

how does above code differ from what i have wrote except i dont want to check if user exists

 

Try the latest code - you can remove the checks for user/password if you want, but the page is more or less useless without some verification of the user somehow.

Anyway - as the code is now, it should provide the form again, showing the errors unless the $un_error and $up_error blocks does not show anything - if they are empty, user will be redirected to the logged-in page, if there are errors on the page, the form will be shown.

 

<?php
if (isset($_POST['Submit']))
{
if (!$_POST['UserId']||!$_POST['Password'])
{
echo("Please Fill Required Details");

}
else
header('Location:Logged.php');

}
else
?>
<form action="<? echo $_SERVER['PHP_SELF']?>" method="post">
UserName : <input type="text" name="UserId"> <br>
Password: <input type="text" name="Password"><br>
<input type="button" name="Submit" value="Submit">
</form>

the code doesnt work first time it shows proper screen but nothing happens wen i click on sibmit button

 

Try this:

<?php
if (isset($_POST['submit']))
{
	if (!$_POST['UserId']||!$_POST['Password'])
	{
		echo("Please Fill Required Details");
	}
	else
	{
		header('Location:Logged.php');
	}
}
?>
<html>
	<body>
		<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post" accept-charset="utf-8">
		UserName : <input type="text" name="UserId"> <br>
		Password: <input type="text" name="Password"><br>
		<input type="submit" name="submit" value="Submit">
		</form>	
	</body>
</html>

PHP:

 

First, check to see if the PHP_SELF variable actually produces the desired result - ie. shows a link to the file.

Then, change the <input type="button" to <input type="submit" and try again

 

I don't think that changing the input type will help in this case.

 

Nope, it won't, but that doesn't mean it shouldn't be fixed

The following code is tested, and it works:

<?php
$username = "testuser";
$password = "password";

if (isset($_POST['submit']))
{
	if (empty($_POST["userid"])) {
		$un_error = "<p class='error'>You didn't write a username</p>";
	}
		elseif ($_POST["userid"] != $username) {
	 		$un_error = "<p class='error'>User do not exist</p>";
	 	}
	else { $un_error = ""; }
	if (empty($_POST["password"])) {
		$up_error = "<p class='error'>Please fill in the password field</p>";
	}
		elseif ($_POST["password"] != $password) {
			$up_error = "<p class='error'>Wrong password - please try again</p>";
		}
	else { $up_error = ""; }
} if ((isset($_POST["userid"])) && (isset($_POST["password"])) && $un_error == "" && $up_error == "") {
		echo "It worked"; }
	//header('Location:Logged.php'); }
		else {
			?>
			<form method="post" action="http://www.regncon.no/testpage.php">
			<p>UserName : <input type="text" name="userid" value="<?php echo $_POST['userid']; ?>"/></p>
			<?php echo $un_error; ?>
			<p>Password: <input type="password" name="password" /></p>
			<?php echo $up_error; ?>
			<p><input type="submit" name="submit" value="Log-in" /></p>
			</form>
		<?php } ?>

PHP:

As you can see, I've substituted the header() after success with a simple echo-statement, as I didn't care for making both files - just remove the line with the echo-statement above, and uncomment the header-line to get it to work for you.

The variables at the start of the script is just to match the error-checking against something.

 

above code works but if i replace
echo "It worked";

above line with this one

header('Location:Logged.php');

then i am getting error

Warning: Cannot modify header information - headers already sent by (output started at D:\PhpDevelopment\Login.php:1) in D:\PhpDevelopment\Login.php on line 20

thanx in advance

 

Read up on buffering, here:
http://www.phpbuilder.com/board/showthread.php?s=&postid=10453971

It's basically that you are trying to send headers out after pushing content to your page - use ob_start() and ob_end_flush() to put output buffering on and off. Or change the php.ini to always allow output buffering. PS! Might have security risks!

 

Output buffering always have risk. It wil make the application unsecured.

 

It is already insecure, as it is, so putting in output buffering won't hurt... if one encrypts the POST-variables, it won't matter all that much either.

 

can you temme where and how exactly to use ob_start and ob_flush concept
i hav juss started learning php so im not worrying abt security aspect i just want to make things work step by step

thanx for help

 

Insert the ob_start(); function as the first line in the php-code - ie:

<?php
ob_start();
$username = "testuser";
$password = "password";

PHP:

Insert the ob_end_flush(); before the last ?>

 

i tried it but it doesnt work same error

Warning: Cannot modify header information - headers already sent by (output started at D:\PhpDevelopment\Login.php:1) in D:\PhpDevelopment\Login.php on line 24

 

Hmm... it should work. Can you just post your complete code here? Just mark all, and copy the exact code in between PHP-tags. You might have some spaces or something that is being sent before the header/ob_start()

 

<?php

ob_start();
$username = "testuser";
$password = "password";
if (isset($_POST['submit']))
{ if (empty($_POST["userid"]))
{ $un_error = "<p class='error'>You didn't write a username</p>";
} elseif ($_POST["userid"] != $username)
{ $un_error = "<p class='error'>User do not exist</p>";
} else
{ $un_error = "";
}
if (empty($_POST["password"]))
{ $up_error = "<p class='error'>Please fill in the password field</p>";
} elseif ($_POST["password"] != $password)
{ $up_error = "<p class='error'>Wrong password - please try again</p>";
} else { $up_error = ""; }
}
if ((isset($_POST["userid"])) && (isset($_POST["password"])) && $un_error == "" && $up_error == "")
{ // echo "It worked";


header('Location:Logged.php');

}

else
{
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"
<p>UserName : <input type="text" name="userid" value="<?php echo $_POST['userid']; ?>"/></p>
<?php echo $un_error; ?>
<p>Password: <input type="password" name="password" /></p>
<?php echo $up_error; ?>
<p><input type="submit" name="submit" value="Log-in" /></p>
</form>
<?php
}
ob_flush();
?>