Processing code:
[code=php]<?php
if (realpath(__FILE__) == realpath($_SERVER[‘DOCUMENT_ROOT’] . ‘/’ . $_SERVER[‘SCRIPT_NAME’])) {
die(‘Access denied.’);
}
// list the MySQL connection details, assigning them to variables
$DB_Host = ‘host’;
$DB_User = ‘user’;
$DB_Pwd = ‘password’;
$DB_Name = ‘database’;
// establish the connection
$conn = new mysqli($DB_Host, $DB_User, $DB_Pwd, $DB_Name);
// check the connection
if (mysqli_connect_errno()) {
printf(“Connection failed: %sn”, mysqli_connect_error());
exit;
}
// process the form
if (array_key_exists($login, $_POST) && !empty($_POST[‘login’])) {
/* set up a flag to see if the
password and username from
the database matches the ones
from the form */
$isUser == true;
$isPwd == true;
// create an empty array for missing fields
$missing = array();
/* here, I’m going to create an
array to hold the form fields.
if the form fields are empty,
I’ll add them to the $missing
array. */
$fields = array(“F_Username” => $_POST[‘username’], “F_Pwd” => $_POST[‘pwd’]);
foreach($fields as $field => $value) {
if (empty($field)) {
array_push($missing, $field);
}
}
// if $missing is empty, continue the processing
if (empty($missing)) {
// assign the form fields to variables
$username = $fields[“F_Username”];
$pwd = $fields[“F_Pwd”];
// prepare the statement
if ($stmt = $mysqli->prepare(‘SELECT username, pwd FROM users WHERE username=”$username”, pwd=”$pwd”‘)) {
// execute the query
$stmt->execute();
}
// bind the variables to prepared statement
$stmt->bind_result($username1, $pwd1);
// validate the password
if ($pwd !== $pwd1 || $username !== $username1) {
$isUser == false;
$isPwd == false;
}
else {
// fetch the values
while ($stmt->fetch()) {
echo $username1 . ” and ” . $pwd1;
}
// close the statement
$stmt->close();
// close the connection
$conn->close();
}
}
}
?>
HTML code:
[code=html]<?php
// include the processing file
include_once(“../includes/staff_login_processing.php”);
?>
<!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 4.01 Transitional//EN”
“http://www.w3c.org/TR/html4/loose.dtd”>
<html>
<head>
<title>Ultimate Hogwarts: The Rebirth — Staff Login</title>
<meta http-equiv=”content-type” content=”text/html; charset=utf-8″>
<meta http-equiv=”cache-control” content=”no-cache”>
<link href=”/css/test.css” rel=”stylesheet” type=”text/css”>
</head>
<body>
<div align=”center”>
<div align=”center” style=”text-align: center; top: 250px; margin: 20px auto;”>
<h1 align=”center”>Staff Login</h1>
<?php if ($_POST && $isUser == false && $isPwd == false) { ?>
<br>
<b>Your username or password could not be found. Please make sure you typed them in correctly.</b>
<?php } ?>
<?php if ($_POST && !empty($missing)) { ?>
<br>
<b>ALL FIELDS ARE REQUIRED!</b>
<?php } ?>
<br>
<br>
<br> <br>
<form id=”staff-login” name=”staff-login” method=”post” action=”<?php echo $_SERVER[‘PHP_SELF’]; ?>”>
<label for=”username”><b>Username:</b></label>
<input type=”text” id=”username” name=”username”>
<?php if ($_POST && !empty($missing)) { ?>
<br>
<b>Username is required!</b>
<?php } ?>
<br>
<label for=”password”><b>Password:</b></label>
<input type=”password” id=”password” name=”password”>
<?php if ($_POST && !empty($missing)) { ?>
<br>
<b>Password is required!</b>
<?php } ?>
<br> <br>
<input type=”submit” name=”login” id=”login” value=”Login”>
<input type=”reset” name=”reset” id=”reset” value=”Reset”>
</form>
</div>
</div>
</body>
</html>
All right, so I’m trying to make my own login system. The problem I’m having is if you submit the form with nothing typed in it, it will display the error message that the username or password can’t be found in the database. What I want it to do is display the error message that tells the user that they didn’t enter in any information when they submit the empty form. What am I doing wrong?
I know that some of my code doesn’t really make sense as to what purpose it serves, and that is because I’m still not finished writing the script. I’m just testing it out a little bit so I can get comfortable with PHP and SQL code.