0

Whats the best way to display user-friendly error messages when username or password is empty for example or failed to login. Is there a way to set textbox with specific text when error apears?

Index.php file. Has a textbox called "Error" and i want to display error msg when error happens into the textbox.

      <?php
         include 'login.php';
      ?>
    <html>
      <head>
      <title>Form site</title>
     <link rel="stylesheet" type ="text/css" href="style.css">
     </head>
     <body>
     <img src="imge/logo.png" id="logo"  width="270" height="130">

     <div id ="frm">
     <form method="post" action="login.php">
      <p>
        Username : <input type="text" name="username" id="username" ><br><br>
        Password : <input type="password" name="password" id="password"><br><br>
        <input type="submit" value="Login" id="btn" name="submit">
        <input type="text" value="Error" id="Error" name="Error">
  </p>
   </div>
 </form>
 </body>
</html>

Login.php file. Where i handle the errors. Is there a way when error happens to echo it to the textbox? At the moment i have no clue how to handle and inform user about these errors. Any suggestions will be appreciated! :)

<?php
if($_SERVER["REQUEST_METHOD"] == "POST"){

if(empty($_POST['username']) || empty($_POST['password'])){
    header("Location: index.php"); 
    // FIRST ERROR
}
else
{
    //Define $user and $pass
    $user=$_POST['username'];
    $pass=$_POST['password'];
    //Establishing Connection with server by passing server_name, user_id and pass as a patameter
    $conn = mysqli_connect("localhost", "root", "");
    //Selecting Database
    $db = mysqli_select_db($conn, "loginsystem");
    //sql query to fetch information of registerd user and finds user match.
    $query = mysqli_query($conn, "SELECT * FROM users WHERE Password ='$pass' AND Username ='$user'");

    $rows = mysqli_num_rows($query);
    if($rows == 1){
        header("Location: welcome.php"); // Redirecting to other page
    }
    else
    {
        header("Location: index.php");
        //SECOND ERROR
    }
    mysqli_close($conn); // Closing connection
}
}
 ?>
Krizs
  • 65
  • 8
  • 1
    Your script is at risk of [SQL Injection Attack](//stackoverflow.com/questions/60174) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](//stackoverflow.com/questions/5741187) Use [prepared parameterized statements](https://php.net/manual/en/mysqli.quickstart.prepared-statements.php). – John Conde May 22 '18 at 23:04
  • 1
    **Never store plain text passwords!** Please use **[PHP's built-in functions](http://php.net/manual/en/function.password-hash.php)** to handle password security. If you're using a PHP version less than 5.5 you can use the password_hash() **[compatibility pack](https://github.com/ircmaxell/password_compat)**. Make sure you **[don't escape passwords](http://stackoverflow.com/q/36628418/1011527)** or use any other cleansing mechanism on them before hashing. Doing so changes the password and causes unnecessary additional coding. – John Conde May 22 '18 at 23:04
  • please check https://www.allphptricks.com/simple-user-registration-login-script-in-php-and-mysqli/ – Jaydp May 22 '18 at 23:27
  • 1
    Also please check it https://speedysense.com/create-registration-login-system-php-mysql/ – Jaykumar Patel Dec 17 '19 at 08:56

1 Answers1

-1

Use php to echo a JavaScript alert as follows:

if(empty($_POST['username']) || empty($_POST['password'])) { echo “ alert(‘Invalid combination’) ”; }

Scottso
  • 89
  • 4