Login Button posts a blank screen

[Hazy125]

On the login_form page?

 

no no i was saying that for instance if the user entered a wrong username and password it would not let them proceed but to come up with another message saying your username and password was incorrect, do you understand what I'm trying to say?

[ashraf97]

On the login_form page?

haha yea i guess

[Hazy125]

haha yea i guess

 

You need to alter your PHP script so that instead of "or die()" you redirect back to login_form with a query string. Then use php on the login_form to grab the query string and display an error to the user 

[ashraf97]

You need to alter your PHP script so that instead of "or die()" you redirect back to login_form with a query string. Then use php on the login_form to grab the query string and display an error to the user 

how exactly do i grab the query strong so that i can display the error?

[Hazy125]

how exactly do i grab the query strong so that i can display the error?

<?php    if(isset($_GET['error'])){         $error = htmlspecialchars($_GET['error']);    }?>Then down in the error box underneath the form or where you want the error to be displayed, just write<?php echo $error;?>

[ashraf97]

<?php    if(isset($_GET['error'])){         $error = htmlspecialchars($_GET['error']);    }?>Then down in the error box underneath the form or where you want the error to be displayed, just write<?php echo $error;?>

do i add this is the php script or the form?

[JogerNaut]

Haven't done PHP in years but I'll try to help.

This is part where you check if the username/password combination is stored on the db (from your original code):

<?php$login_query = mysql_query("SELECT * FROM `user` WHERE `username` = '".$_POST['username']."' AND `password` = '".$_POST['password']."'");    // If number of rows is == to 0 (zero) then return error.    if(mysql_num_rows($admin) == 0) {        // Pick error, as this.        die("Wrong username or password.");        // If there is user:    } else {        // Use same query to fetch in array all abou that user, so you can put his ID in session.        $user = mysql_fetch_array($login_query, MYSQL_ASSOC);            $_SESSION['user_id'] = $user['id'];    }} ?>

In the line

if(mysql_num_rows($admin) == 0) {

the variable $admin is uninitialized, I not sure what exactly mysql_num_rows returns when null is given as an argument but I'm pretty sure that's not what you wanted. Depending on what mysql_num_rows returns this either will always be true or always be false.

You probably wanted it to go something like

if(mysql_num_rows($login_query) == 0) {

where you check how many results your login query has.

A few more things:

1. Your sql query also looks vulnerable to sql injection so you should probably sanitize your inputs not just client side but also server side.

2. Don't store passwords in plaintext

3. Your php123 page and pages that require login should do a check whether the user is logged and redirect them to another page if they aren't

[thefatshizms]

You really shouldn't be using mysql with PHP as its deprecated. You should really be using PDO or MySQLi.