Home/ Questions/Q 7415795
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-29T07:22:11+00:00

why is my error message not showing if password or username is incorrect? i

  • 0

why is my error message not showing if password or username is incorrect? i would like an error message displayed if the user enters the wrong username or password

code can be seen below

<?php

// Inialize session
session_start();

// Include database connection settings
include('connect.inc');

// Retrieve username and password from database according to user's input
$login = mysql_query("SELECT * FROM users WHERE (username = '" . mysql_real_escape_string($_POST['username']) . "') and (password = '" . mysql_real_escape_string(md5($_POST['password'])) . "')");

// Check username and password match
if (mysql_num_rows($login) == 1) {
        // Set username session variable
        $_SESSION['username'] = $_POST['username'];
    }
    else
    {
    // Invalid login
    echo "Your username or password are incorrect!";
}

        // Jump to secured page
           $row = mysql_fetch_array($login);

switch ($row['drop']):
    case yes:
        header('Location: choose1.php');
        exit;
    case no:
        header('Location: choose2.php');
        exit;


}
else {

        header('Location: login.php');


}

?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    write case value in ' also break in switch case

    case 'yes':
        header('Location: choose1.php');
        exit; // this line shouldn't be needed but it's good practice
        break;

case 'no':
        header('Location: choose2.php');
        exit;
        break;

    better way:

    <?php session_start();
require_once('connect.inc');

// Retrieve username and password from database according to user's input
$input_username = mysql_real_escape_string($_POST['username']);
$login = mysql_query("SELECT * FROM users WHERE username = '".$input_username."'" );

// Check username and password match
$row = mysql_fetch_array($login);
if (mysql_num_rows($login)) {
        if($row['password'] === md5($_POST['password'])){
             $_SESSION['username'] = $_POST['username']; // store in session
             switch ($row['drop']){
                    case 'yes': header('Location: choose1.php'); break;
                    case 'no': header('Location: choose2.php'); break;
                }
                     exit;
        }
        else {
            echo "Wrong username and password combination";
            exit;
        }       
}
else{
        // Invalid login
        echo "Invalid Unsername";
        header('Location: login.php');
        exit;
}
?>
    • 0