-1

I am trying to display my login errors on the same page when the user hits submit. My code works when I have the PHP and HTML code on separate files but when I merge both files and use 

<?php echo $_SERVER['PHP_SELF']; ?>

in the action attribute instead of giving the file location it just displays the 

die("Incorrect Username or Password entered");

error. I have absolutely no clue as to why this is happening.

      <?php
ob_start();
include ("cn.php");
// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$date = date("Y-m-d H:i:s");

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM spineless.Users WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
$user_info = mysql_fetch_assoc($result)
or die ("Incorrect Username or Password entered");
extract ($user_info);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1)
{

// Register $myusername, $mypassword and redirect to file "joblist.php"
    session_register("myusername");
    session_register("mypassword");
    $_SESSION['myusername'] = $myusername; 
    $_SESSION['mypassword'] = $mypassword;
    $_SESSION['userid'] = $User_ID; 

    $user_record = "INSERT INTO Login_Record (User_ID, Username, Login_Time)
    VALUES
    ('$User_ID','$Username','$date')";
    $recordresult = mysql_query($user_record)
    or die ("unable to add record");

    header("location:../views/joblist.php");    

    //echo "yes";

}

else
{
    echo "Wrong Username or Password";
}
ob_end_flush();
?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Spineless Classics</title>
<link rel="stylesheet" type="text/css" href="css/stylesheet.css" />
</head>
<body id="loginPage">
    <div class="loginContainer">

        <div class="loginHolder">
            <div class="block">


                <div style="text-align:center; padding-bottom: 20px;"><a href="/" title=""><img src="img/spinelessclassics.png" ></a></div>
                <!--<div class="login-error">
                        Please enter your username and password</a> // HIDE AND DISPLAY
                    </div>-->
            <!-- /error_holder -->
                <form  name="login_form" id="login_form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
                    <input type="myusername" name="myusername" placeholder="Username" class="login-input" mouseev="true" keyev="true" clickev="true" >
                    <input type="password" name="mypassword" placeholder="Password" class="login-input" mouseev="true" keyev="true" clickev="true">
                    <button type="submit" name="Submit" class="login-submit">Login</button>
                </form>


            </div>
        </div>



    </div>








</body>
</html>
Rizvi
  • 287
  • 3
  • 14
user3519721
  • 21
  • 9

1 Answers1

4

Wrap the whole PHP code with:

if(isset($_POST['Submit']){
 //all your PHP code
}

The reason it's doing this is because when you open the page, it's checking for POST values that do not exist yet (because you haven't submitted the form).

isset() function checks if the submitted value is set and only then should your POST values start processing.

Note:

Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO, or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.

Community
  • 1
  • 1
AyB
  • 11,609
  • 4
  • 32
  • 47