I am trying to code a login form in PHP. The login/logout is working fine, however I'm a bit curious as to the proper way to echo "Wrong Username / Password" for my particular code.
Here's my code (from login.php which is included on index.php in a sidebar):
<form method="post" action="security.php">
<input name="username" type="text" placeholder="Username" id="username"><br />
<input name="password" type="password" placeholder="Password" id="password"><br />
<input name="login" type="submit" value="Log in" class="login">
<small><input type="checkbox"> Keep me logged in</small>
</form>
<?php
if ($failed == 1) {
echo "Wrong Username / Password";
}
?>
And here's my code for security.php:
<?php
require 'connect.php';
// username and password sent from form
$tbl_name = 'users';
$username=$_POST['username'];
$password=$_POST['password'];
// To protect MySQL injection
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($conn, $_POST['username']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result = mysqli_query($conn, $sql);
// Mysql_num_row is counting table row
$count = mysqli_num_rows($result);
// If result matched $username and $password, table row must be 1 row
if($count == 1)
{
// Register $username, $password and redirect to file "login_success.php"
session_start();
$_SESSION["username"] = $username;
header("location:home.php");
}
else {
$failed = 1;
header("location:index.php");
}
?>
As you may or may not see, I've tried to use a variable set in security.php called $failed which is set in security.php and used in an if in login.php to echo the failure message. I know that isn't even close to working, but it was the only way I could see to tell you what I'm trying to do. Any help?
