Another Login Problem

[laado]

i have a login code

<html><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /><title>Login Form</title><link href="loginmodule.css" rel="stylesheet" type="text/css" /></head><body><p> </p><form id="loginForm" name="loginForm" method="post" action="login-exec.php">  <table width="300" border="0" align="center" cellpadding="2" cellspacing="0">	<tr>	  <td width="112"><b>Login</b></td>	  <td width="188"><input name="login" type="text" class="textfield" id="login" /></td>	</tr>	<tr>	  <td><b>Password</b></td>	  <td><input name="password" type="password" class="textfield" id="password" /></td>	</tr>	<tr>	  <td> </td>	  <td><input type="submit" name="Submit" value="Login" /></td>	</tr>  </table></form></body></html>

when i enter wrong user name and password it cannot display errors why?the code which handel this login form is

<?php	//Start session	session_start();		//Include database connection details	require_once('config.php');		//Array to store validation errors	$errmsg_arr = array();		//Validation error flag	$errflag = false;		//Connect to mysql server	$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);	if(!$link) {		die('Failed to connect to server: ' . mysql_error());	}		//Select database	$db = mysql_select_db(DB_DATABASE);	if(!$db) {		die("Unable to select database");	}		//Function to sanitize values received from the form. Prevents SQL injection	function clean($str) {		$str = @trim($str);		if(get_magic_quotes_gpc()) {			$str = stripslashes($str);		}		return mysql_real_escape_string($str);	}		//Sanitize the POST values	$login = clean($_POST['login']);	$password = clean($_POST['password']);		//Input Validations	if($login == '') {		$errmsg_arr[] = 'Login ID missing';		$errflag = true;	}	if($password == '') {		$errmsg_arr[] = 'Password missing';		$errflag = true;	}		//If there are input validations, redirect back to the login form	if($errflag) {		$_SESSION['ERRMSG_ARR'] = $errmsg_arr;		session_write_close();		header("location: login-form.php");		exit();	}		//Create query	$qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'";	$result=mysql_query($qry);		//Check whether the query was successful or not	if($result) {		if(mysql_num_rows($result) == 1) {			//Login Successful			session_regenerate_id();			$member = mysql_fetch_assoc($result);			$_SESSION['SESS_MEMBER_ID'] = $member['member_id'];			$_SESSION['SESS_FIRST_NAME'] = $member['firstname'];			$_SESSION['SESS_LAST_NAME'] = $member['lastname'];			session_write_close();			header("location: member-index.php");			exit();		}else {			//Login failed			header("location: login-failed.php");			exit();		}	}else {		die("Query failed");	}?>

please tell me whts wrong in this code??plz reply urgent

[smerny]

When assigning values to an array, you need tell it where in the array, for example$errmsg_arr[1] = 'Login ID missing';and$errmsg_arr[2] = 'Password missing'not sure what your login-failed.php page looks like, but you can put print_r($_SESSION); to make sure the session has the info you want

[laado]

where i put print_r($_SESSION); here is the login failed form

<html><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /><title>Login Failed</title><link href="loginmodule.css" rel="stylesheet" type="text/css" /></head><body><h1>Login Failed </h1><p align="center"> </p><h4 align="center" class="err">Login Failed!<br />  Please check your username and password.<a href="login.html">Click Here</a>To try again</h4></body></html>

When assigning values to an array, you need tell it where in the array, for example$errmsg_arr[1] = 'Login ID missing';and$errmsg_arr[2] = 'Password missing'not sure what your login-failed.php page looks like, but you can put print_r($_SESSION); to make sure the session has the info you want

[justsomeguy]

The array syntax was correct, when you do this:$errmsg_arr[] = 'Login ID missing';It's shorthand for this:array_push($errmsg_arr, 'Login ID missing');You have this on a successful login:session_regenerate_id();Why are you regenerating the session ID when they successfully log in?Now what do you mean it doesn't display an error when you enter the wrong username or password? When that happens you redirect to login-failed.php, which does show an error message, if that's not what you want to happen then what do you want to happen?Please reply, it's urgent.

[laado]

i just want that when i enter wrong user name or password its gives error against that field that invalid password or user name or username or password is missing.

The array syntax was correct, when you do this:$errmsg_arr[] = 'Login ID missing';It's shorthand for this:array_push($errmsg_arr, 'Login ID missing');You have this on a successful login:session_regenerate_id();Why are you regenerating the session ID when they successfully log in?Now what do you mean it doesn't display an error when you enter the wrong username or password? When that happens you redirect to login-failed.php, which does show an error message, if that's not what you want to happen then what do you want to happen?Please reply, it's urgent.

[justsomeguy]

Well, right now it's redirecting to login-failed.php if that's true, so you need to change that to redirect back to the form instead of login-failed.php. You can send an error variable to the form telling it what the problem is. e.g.:header("location: login-form.php?error=wrong_password");Then on login-form.php you can find that error message in $_GET['error']. In the login-form.php page you can check if $_GET['error'] is equal to "wrong_password", for example, and if it is, print an error message next to the password field.