PHP alert message

Question

I know the first thing everyone is going to say is that this has been posted hundreds of times; however, I have tried all the different methods people have suggested with still no luck... I am trying to get an alert message to popup if the login fails but for some reason the message does not want to appear. Here's what I have so far:

if($conn) {
    $result=sqlsrv_query($conn, "SELECT * FROM Operator
    WHERE Username='{$_POST['login']}'");
    $pass=sqlsrv_fetch_array($result);
    if($pass["Password"] === $_POST['password']) {
        session_start();
        $_SESSION['loggedin']=true;
        header("Location: home.php");
        exit;
    }
    else {
        header("Location: login.php");
        echo '<script type="text/javascript">';
        echo 'alert("Password Invalid!")';
        echo '</script>';
    }
}
sqlsrv_close($conn);

The php is working fine but for some reason I can't get the javascript to work. Any ideas?

Can you also show us the javascript that is not working? Also, open your network tab in browser dev console. Does your ajax ever goes through? — Zlatko, Jul 19 '13 at 13:29
If you're setting a redirector with `Location` the script will never appear. — j08691, Jul 19 '13 at 13:31
@zladuric from his line header("Location: login.php"); it's obvious it's not ajax and he's redirecting — Patsy Issa, Jul 19 '13 at 13:31
@zladuric There is only one part where I'm using java... I'm trying to include the javascript inside the php code. — Llama, Jul 19 '13 at 13:31
It looks to me like you're storing your passwords in plain text. That's a huge security issue. Check out this SO question for implementations: http://stackoverflow.com/questions/4795385/how-do-you-use-bcrypt-for-hashing-passwords-in-php — rtimoshenko, Jul 19 '13 at 13:33
Try adding a query string to the end of your "login.php" redirect so that it looks like "login.php?status=error". Then you can add a conditional that checks $_GET["status"] and output the alert there. — rtimoshenko, Jul 19 '13 at 13:37

srakl · Accepted Answer · 2013-07-19T13:39:06.330

3

i think, the problem is here. you are redirecting the page before the alert message

header("Location: login.php"); /* Redirect browser */

try removing it, or make it redirect after a couple of seconds, like this

header( "refresh:5;url=login.php" ); //redirect after 5 seconds

or you prompt a dialog for the user to click to go to next page. remove the header() tho

<script type="text/javascript">
<!--
   var retVal = confirm("Login FAILED! Do you want to continue ?");
   if( retVal == true ){
      window.location.href = "login.php";
      return true;
   }else{
      alert("User does not want to continue!");
      return false;
   }
//-->
</script>

edited Jul 19 '13 at 13:39

answered Jul 19 '13 at 13:31

srakl

2,565
2
21
32

I've already tried putting it before the header with still no luck. – Llama Jul 19 '13 at 13:33
@Llama if you put the header() after the javascript, make sure there is a timer in the header() – srakl Jul 19 '13 at 13:38
If you put the timer in there it skips the whole login check process and goes straight to the home page after 5 seconds =/ – Llama Jul 19 '13 at 13:43
what file is this code in? you want to redirect to the same file or a different file? – srakl Jul 19 '13 at 13:45
This is a submit.php file which takes the info from the login.php that the user gives and compares it to a database file. If the login fails I want to give the user another chance of loggin in but displaying the alert message. – Llama Jul 19 '13 at 13:48
I ended up using the refresh method and just creating a new php file that would make sure it couldn't go to the home page, probably not the best method/idea but hey it works! Thank you for the help :) – Llama Jul 19 '13 at 13:59

score 1 · Answer 2 · answered Jul 19 '13 at 13:31

1

In your code header("Location: login.php"); is there before your js code so it never execute js code it redirects to login page remove it and try.

answered Jul 19 '13 at 13:31

Prasanth Bendra

31,145
9
53
73

When I removed the header the alert worked, but how would I still have the redirect to the login page with the alert message appearing? – Llama Jul 19 '13 at 13:36
1

@Llama Try adding a query string to the end of your "login.php" redirect so that it looks like "login.php?status=error". Then you can add a conditional that checks $_GET["status"] and output the alert there. – rtimoshenko Jul 19 '13 at 13:38

score 1 · Answer 3 · answered Jul 19 '13 at 15:24

Use this code

echo '<script>';
echo 'alert("Password Invalid!");';
echo 'location.href="login.php"';
echo '</script>';

instead of

header("Location: login.php");
echo '<script type="text/javascript">';
echo 'alert("Password Invalid!");';
echo '</script>';

Thanks.

score 0 · Answer 4 · answered Jul 19 '13 at 13:31

0

Your code that comes after the header doesn't run, maybe try setting a session variable and check for that variable in login.php. You can then call the alert from there, or just show a simple message on the page.

answered Jul 19 '13 at 13:31

Tdelang

1,298
2
12
20

do.becker · Answer 5 · 2013-07-19T13:39:35.330

there is a missing semicolon right behind the alert:

if($conn) {
    $result=sqlsrv_query($conn, "SELECT * FROM Operator
    WHERE Username='{$_POST['login']}'");
    $pass=sqlsrv_fetch_array($result);
    if($pass["Password"] === $_POST['password']) {
        session_start();
        $_SESSION['loggedin']=true;
        header("Location: home.php");
        exit;
    }
    else {
        header("Location: login.php");
        echo '<script type="text/javascript">';
        echo 'alert("Password Invalid!");';
        echo '</script>';
    }
}
sqlsrv_close($conn);

didnt you check the javscript console ?

EDIT: Sorry, my fault, the semicolon isnt necessary of course.

I testet your php code on my server and it works fine anyway !

PHP alert message

5 Answers5

Linked