I have this script sign in first with sql insert into query and redirected to login page. I checked all my queries on phpmyadmin. All queries are working. I do not have any error message in my query. Also it is suppose to show " password/username does not match" message if there is incorrect user/password. After i submit form, the page did not redirect to welcome page and form field clears.
this is my login page
<?php
require_once "./include/variables.inc.php";
$debug =0;
$error_text = "";
$uname = "";
$pwd = "";
session_start();
if (!isset($_SESSION['member_id'])){
if(isset($_POST["submit"])) {
if($debug) {
echo "<pre>";
print_r($_POST);
echo "</pre>";
//die("temp stop point");
}//end ofdebug if
$uname = mysqli_real_escape_string($dbc,trim($_POST['uname']));
$pwd = mysqli_real_escape_string($dbc,trim($_POST['pwd']));
if (!empty($uname) && !empty($pwd)) {
$query = "SELECT * FROM employees WHERE username = '".$uname."'
AND password = '".MD5($pwd)."'";
echo $query;
$result = mysqli_query($dbc,$query) or die ("Error in query". mysql_error());
if(mysqli_num_rows($result)) {
$row = mysqli_fetch_assoc($result);
$_SESSION['member_id'] = $row['member_id'];
$_SESSION['member_name'] = $row['member_name'];
header('Location:index.php');
}
else {
$error_text .= "The username/password are incorrect. Please enter correct username and password.";
}
}
}//end of if(isset($_POST["submit"])
}
require_once('./include/html.head.php');
?>
<body>
<div id="wrapper">
<?php require_once('./include/header.php'); ?>
<div id="side">
<?php require_once('./include/pb.side.php'); ?>
</div>
<div id="content">
<div class="form">
<p class="strong">All Santa helpers log-in here.</p>
<?= $error_text ?>
<form method="post" action="<?= $_SERVER['PHP_SELF'] ?>" enctype="multipart/form-data">
<p>User Name: <input name="uname" type="text" value="<?= $uname ?>"></p>
<p>Password: <input name="pwd" type="password"></p>
<input name="submit" type="submit" value="Login">
</form>
</div>
<div class="rdeer">
<img src="images/login_img.png" alt="Rain Deer">
</div>
</div>
<?php require_once('./include/footer.php'); ?>
</div>
</body>
</html>
and function php is
<?php
function user_authenticated($username, $password) {
if(!empty($username) && !empty($password)) {
$query = "SELECT userName, password FROM employees WHERE userName = '".$username."' and password = '".$password."'";
$result= mysqli_query($dbc, $query)
or die ("Query does not work." . mysql_error());
// If result matched $username and $password, table row must be 1 row
} else {
echo "Query error. ";
}
}
Notice the line mysqli_num_rows($result). Replace it with mysqli_num_rows($result)>0 since that function returns an int.
Related
After logging in, my code isn't redirecting me to the next page.
<?php
$con = mysqli_connect("localhost","myusername","mypassword","mydatabase");
include ("connection.php");
session_start();
if(isset($_POST['login']))
{
$username = $_POST['username'];
$password = $_POST['password'];
$check = "SELECT * FROM admin WHERE username='$username' and password='$password'";
$queryString = mysqli_query($db, $check) or die('ERROR:' . mysqli_error($db));
if (mysqli_num_rows($queryString) > 0)
{
$admin = mysqli_fetch_assoc($queryString);
$_SESSION['username'] = $admin['username'];
session_write_close();
header("location: http://mywebsite.com/home.php");
die();
}
else
{
echo '<div class="popup-position">
<div id="popup-wrapper">
<h3>Invalid user name or password.</h3><br/>OK
</div>
</div>';
}
}
mysqli_close($con);
This is the authentication of the next page after login:
<?php
session_start();
if (!isset($_SESSION['username']))
{
header("location: login.php");
exit();
}
try this
/send user to index. if he is login/
<?php
require_once("inc/ header.inc.php");
if(isset($_SESSION['id']))
{ header("Location: index.php");
exit(); }
<div class="container">
<div class="form-container">
<p class="heading text-center">Login</p>
<form action=" <?php echo $_SERVER['PHP_SELF'] ?>" method="post">
<div class="form-group">
<input type="text" name="username" placeholder="Enter your Username" class="form-control">
</div>
<div class="form-group">
<input type="password" name="password" placeholder="Enter your Password" class="form-control">
</div>
<input type="submit" value="Login" class="btn btn-primary" name="login">
</form>
<?php
//login script
if(isset($_POST['login'])){
$username = trim( htmlspecialchars ($_POST['username']));
$password = trim( htmlspecialchars ($_POST['password']));
//if username or password is empty
if(empty($username) || empty($password)){
echo "<div class='alert alert-danger'>Fill in all the fields</div>";
exit();
}
//check username and password match the db record
$q = mysqli_query($con,"SELECT id FROM `user` WHERE username='$username' AND password='$password'");
if(mysqli_num_rows($q) != 1){
echo "<div class='alert alert-danger'>Invalid username or password</div>";
exit();
}
//fetch the if of the logged in user start the session
$row = mysqli_fetch_assoc($q);
//set the session with logged in user id
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $username;
header("Location: index.php");
exit();
}
?>
</div>
</div>
Let me help you with logging in.
login.php
<html>
<head>
<title>Hospital Login</title>
<link href="login.css" rel="stylesheet" type="text/css">
</head>
<body>
<form name="form1" method="post" action="process_login.php">
<fieldset class="formDisplay">
<legend><strong>Member Login </strong></legend>
<strong>Username</strong></br></br> <input name="myusername" type="text" id="myusername">
</br></br>
<strong>Password</strong></br></br><input name="mypassword" type="password" id="mypassword">
</br></br>
<input type="submit" name="Submit" value="Login">
</br></br>
<?php
echo $message;
?>
</fieldset>
</form>
</body>
</html>
The code above is literally what should be in your login script, forget about the fieldset thing, I'm just using it for something else :)
Now we want a pure PHP file to handle the input for logging into our system as so.
process_login.php
<?php
include('database_connection.php');
$myusername = mysqli_real_escape_string($DBConn, $_POST['myusername']);
$mypassword = mysqli_real_escape_string($DBConn, $_POST['mypassword']);
$query="SELECT * FROM $doctor_table WHERE username='$myusername' AND passwd='$mypassword'";
$result=mysqli_query($DBConn, $query);
if(!$result){
echo "<p>
There was an error with the query.<br />\n" .
"The error was " .
htmlspecialchars(mysqli_error($DBConn), ENT_QUOTES) .
".<br />\nThe query was '" .
htmlspecialchars($query, ENT_QUOTES ) .
"'</P>\n";
}
else if (!mysqli_num_rows($result)){
$message = "<p>Failed to Log In. Please check your username/password</p>\n";
include 'login.php';
}
else{
$count=mysqli_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_start();
$_SESSION['myusername'] = $myusername;
$_SESSION['mypassword'] = $mypassword;
header("Location: login_success.php");
}
}
?>
Now when your authentication has been successful, you should then display your main page.
Note that you must 'clean' every entry by a user in order to avoid SQL injection (helps stop ppl from stealing data from your database)
These full codes work perfectly, I'd encourage you to use the code i've supplied, and feel free to tweak it for your own use :)
I have already created a successfull login form that is connected to a database to determine whether or not a login is correct. But i would like to update this so that if an incorrect username or password is entered they will get an error message. Im just not to sure how to implement that into my existing code?...
my user login page:
<form action="../login.php" method="post">
<label for="login-username"><i class="icon-user"></i> <b>Username</b> </label><br/>
<input class="form-control" type="text" name="username">
<br/>
<label for="login-password"><i class="icon-lock"></i> <b>Password</b> </label> <br/>
<input class="form-control" type="password" name="password">
<br/>
<button type="submit" class="btn pull-right">Login</button>
</form>
<?php
if (isset($_SESSION['username'])){
if($_SESSION['logged_in'] = 1){
echo ('Logged in as: '. $_SESSION['username'].' '.$_SESSION['surname']).'<br>Log out';
}
}
?>
and the login.php it is posting to:
<?php
session_start();
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "gpdb";
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("connection failed: " . $conn->connect_error);
}
//echo "connection successful";
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM patients where Username ='$username' and Password ='$password'";
$result = $conn->query($sql);
$admin_user = 'admin';
$admin_password = 'admin1';
if ($result->num_rows > 0) {
if ($username === $admin_user || $password === $admin_password ){
foreach($result as $row) {
//echo "PatientID " .$row["PatientID"]."<br>". "First name and Last name: " . $row["Firstname"]. " ".$row["Surname"]. "<br/>";
$_SESSION['id'] = $row["PatientID"];
$_SESSION['username'] = $row["Firstname"];
$_SESSION['surname'] = $row["Surname"];
$_SESSION['logged_in'] = 2;
header("location: http://localhost/index.php");
die;
}
}else{
foreach($result as $row) {
$_SESSION['id'] = $row["PatientID"];
$_SESSION['username'] = $row["Firstname"];
$_SESSION['surname'] = $row["Surname"];
$_SESSION['logged_in'] = 1;
header("location: http://localhost/index.php");
die;
}
}
}else{
$_SESSION['logged_in'] = 0;
header("location: http://localhost/user.php");
die;
}
?>
<?php
if ($result->num_rows > 0){
header("location: http://localhost/index.php");
}else{
echo "Wrong Username or Password <br />".
'Go back...';
}
?>
You may also create a login_failure.php page and in the else part redirect the user to that page. OR another approach is to pass the value of failure message
header("location: http://localhost/user.php?msg = 1");
and display the message at the top of login box. Get the value of 'msg' in user.php page and apply if condition to display the message.
<div><?php
$msg = $_GET['msg'];
if (isset($msg)) { echo "Wrong username/password"; } ?> </div>
<form action="../login.php" method="post">
<label for="login-username"><i class="icon-user"></i> <b>Username</b> </label><br/>
<input class="form-control" type="text" name="username">
<br/>
<label for="login-password"><i class="icon-lock"></i> <b>Password</b> </label> <br/>
<input class="form-control" type="password" name="password">
<br/>
<button type="submit" class="btn pull-right">Login</button>
</form>
I've been working on a website login, and so far, I have the database and register page set up, but I'm trying to work on a Login page. I've been trying to retrieve data from the Database's Table. I was successfull at doing so on my register page to make sure there aren't multiple usernames of the same name, so I copied some of the code and pasted it onto this page. The problem: it returns blank. Please help... ._.
`
KHS SiteSpace
<div id="header">
<img src="./IMAGES/khslogo2.png" style="margin-left:4;float:left;" width="100" hieght="100">
<b>KHS<span id="name">SiteSpace</span></a>
<!--img src="./IMAGES/Menu.png" style="float:right;margin-right:6;" height="100" width="90"-->
</div>
<div id="content">
<p id="subTitle">Login</p>
<div style="float:left;height:30%;">
<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post" id="register"><br>
Username:<br>
<input type="text" name="name"><br><br>
Password:<br>
<input type="password" name="pass">
<br><br>
<input type="submit" value="Confirm">
</form>
</div>
<div style="float:right;width:50%;border-style:none none none solid; border-color:222222;border-width:4;height:30%;">
<p style="margin-left:20;font-size:20;">Output:</p>
<p style="margin-left:20;padding-bottom:15;">
<?php
error_reporting(0);
#ini_set('display_errors', 0);
session_start();
$conn = new mysqli("localhost", "shanedrgn", "getting321", "Users");
if (!$conn) {die("Failure to connect");}
$name = trim($_POST['name']);
$pass = trim($_POST['pass']);
if (empty($name) or empty($pass)) {echo "Empty Fields";} else {
$name = trim($_POST['name']);
$pass = trim($_POST['pass']);
echo "Check: The fields arent empty...";#OUTPUT
echo "Testing Variables...";#OUTPUT
//Error Trapping
$sql = "SELECT Username FROM Users where Username = '$name'";
$Data = mysqli_query($conn, $sql);
if($record=mysqli_fetch_array($Data)) {
$nameTrap = $record['Username'];
}
$sql = "SELECT Address FROM Users where Address = '$address'";
$Data = mysqli_query($conn, $sql);
if($record=mysqli_fetch_array($Data)) {
$ipTrap = $record['Address'];
}
if ($nameTrap == $name) {
echo "Check: Username Exists...";
if ($passTrap == $pass) {
echo "Password is correct!";
$_SESSION['User'] = $name;
$sql = "SELECT * FROM Users where Username = '$name'";
$Data = mysqli_query($conn, $sql);
$record=mysqli_fetch_array($Data);
session_start();
$_SESSION['id'] = $record['id'];
echo "<script>alert('You have successfully logged in!')</script>";
sleep(4);
header("Location: ./index.php"); /* Redirect browser */
exit();
} else { echo "Password Invalid";}
} else {echo "That username doesn't exist!";echo $name.";;";echo $nameTrap;}
}
?>
</p></div>
</div>
</body>
</html>`
EDIT: Added missing code
You are doing this:
echo "<script>alert('You have successfully logged in!')</script>";
sleep(4);
header("Location: ./index.php"); /* Redirect browser */
I understand, what you try, but it can't work. You can't set an Header after sending Body-Content - what you do using echo.
You should use JavaScript for your redirect, after the 4 second timeout. Use setTimeout and window.location.
Simple Question: Trying to create a php login form. My database is connected successfully. I currently have 1 table row in mySQL. So why is my $numrow variable echoing 0/ Why is my username in my database not being recognized? What am I missing? Please, help. Not a php expert.
Thanks!
<?php
include 'includes/top.php';
?>
<?php
error_reporting(0);
session_start();
$connect = mysql_connect("localhost", "hostname", "password") or die ("Couldn't connect!");
mysql_select_db("djones33") or die ("Couldn't find db!");
$query = mysql_query("SELECT * FROM tm_user WHERE username='$username'");
$numrows = mysql_num_rows($query);
echo $numrows;
if ($numrows!=0) {
while ($row = mysql_fetch_assoc($query)) {
$db_username = $row['username'];
$db_password = $row['password'];
}}
if (isset($_POST["username"])) {
$username = $_POST["username"];
//they did, so now, has the username AND password been entered?
if ((isset($_POST["username"])) && (isset($_POST["password"]))){
//they have, now, is the username correct?
if ($_POST["username"]!=$db_username && $_POST["username"]!=""){
$uerror="<p class='error'>* The username you entered is not correct.</p>";
//echo "$uerror";
} else {
echo "";
}
//now, is the password correct?
if ($_POST["password"]!=$db_password && $_POST["password"]!=""){
$perror="<p class='error'>* The password you entered is not correct.";
//echo "$perror";
} else {
echo "";
}
//they haven't entered a username, so...
if ($_POST["username"]=="") {
$emptyu="<p class='error'>* You must enter a username.</p>";
//echo $emptyu;
}
//they haven't entered a username, so...
if ($_POST["password"]=="") {
$emptyp="<p class='error'>* You must enter a password.</p>";
//echo $emptyu;
}
//if the username and password are correct, give them the welcome page!
if ($_POST["username"]==$db_username && $_POST["password"]==$db_password) {
echo "";
$_SESSION['username']=$db_username;
//$welcome = "Welcome, ".$user. "! You have successfully logged in.";
}
}
}
?>
<h2><span class="green_title">Welcome</span><br><span class="title_size">to YOUR.to-do!</span></h2>
<section id="login_area">
<div id="login_title">
<p>Login</p>
</div>
<div id="form_area">
<form action="login.php" method="post">
<?php echo $uerror; echo $emptyu;?>
<input type="text" name="username" placeholder="username" id="username"/><br/>
<?php echo $perror; echo $emptyp;?>
<input type="password" name="password" placeholder="password" id="password"/><br/>
<input type="submit" name="submit" value="LOGIN" class="button"/>
</form>
</div>
</section>
<footer>
<p>New user? | Register</p>
</footer>
</div>
</div>
</body>
</html>
Have a look at PHP's built-in Password Hashing Functions and the PDOStatement Class. When your users register be sure to use password_hash() on the passwords they submit before saving them in your database. And when you query your database use PDOStatements and bound parameters to keep your site safe from SQL injection attacks.
Your log in script should look something like this:
$db = new PDO('mysql:host=localhost;dbname=Database_Name', 'Username', 'Password');
$ps = $db->prepare("SELECT * FROM tm_user WHERE username = (:username)");
$ps->bindParam(":username", $_POST["username"]);
$ps->execute();
$result = $ps->fetch(); // $result is an array representing the row in tm_user with the submitted username
if(count($result) === 0)
{
// username not found
}
else if(password_verify($_POST["password"], $result["password"]) === false)
{
// password is incorrect
}
else if(password_verify($_POST["password"], $result["password"]) === true)
{
// give them the welcome page!
}
Remember: password_verify() will only work if you used password_hash() on the password before storing it in the database.
I have this php page that posts to itself and then it checks weather if to login someone or not. The problem I am having is that if it logins... then it still shows the username and password textboxes.. but if i refresh they go away and now the welcome thing comes up thanks to the session.
What i want is to once the submit is clicked and it logs the person in to immediately not show the textboxes (username, password) and show the welcome message. Right now i have to refresh.
Please note i am new to PHP and any wise advise will be much appreciated.
<?php
echo "<form method=\"post\" action=\"index.php?form_type=$page_vals\">";
echo "<body>";
//Start session
session_start();
//Check whether the session variable SESS_MEMBER_ID is present or not
if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) {
extract($_POST);
$username = "";
$password = "";
$userrole = "";
$userid ="";
$login_query = "SELECT user_id, user_role, user_username FROM users WHERE user_username = '$_POST[logInUsername]' AND user_password = '$_POST[logInPassword]'";
if(!($database = mysql_connect("localhost","root","")))
die("<p>Could not connect to database</p></div></div>
</body>
</html>");
if(!mysql_select_db("mydatabase", $database))
die("<p>Could not open my databases database</p></div>
</div>
</body>
</html>");
if(!($result = mysql_query($login_query, $database)))
{
print("Could not execute query!<br/>");
die(mysql_error()."</div>
</div>
</body>
</html>");
}
if (mysql_num_rows($result) == 0) {
print("Please verify your login information<br/>");
}
while ($row = mysql_fetch_assoc($result)) {
$username = $row["user_username"];
$userrole = $row["user_role"];
$userid = $row["user_id"];
}
echo "Hello - '$username'";
mysql_close($database);
session_regenerate_id();
$_SESSION['SESS_MEMBER_ID'] = $userid;
$_SESSION['SESS_NAME'] = $username;
//Write session to disc
session_write_close();
echo '<div id="login" class="login">
<label for="login">User Name</label>
<input type="text" name="logInUsername" />
<label for="Password">Password</label>
<input type="password" name="logInPassword" />
<input type="submit" value="Submit" class="button" />
</div>';
}
else
{
$sessionName = $_SESSION['SESS_NAME'];
echo '<div id="login" class="login">
<label for="welcome">Welcome '. $sessionName.'!</label>
</div>';
}
?>
Problem here is just your code is not in sequence. I have corrected Try it now.
<?php
session_start();
echo "<body>";
//Start session
//print_r($_SESSION);exit;
//Check whether the session variable SESS_MEMBER_ID is present or not
extract($_POST);
$username = "";
$password = "";
$userrole = "";
$userid ="";
if(isset($_POST))
{
$login_query = "SELECT reg_id, role_id, f_name FROM registration WHERE f_name = '$_POST[logInUsername]' AND password = '$_POST[logInPassword]'";
if(!($database = mysql_connect("sunlinux","pukhraj","pukhraj123")))
die("<p>Could not connect to database</p></div></div>
</body>
</html>");
if(!mysql_select_db("testbaj", $database))
die("<p>Could not open my databases database</p></div>
</div>
</body>
</html>");
if(!($result = mysql_query($login_query, $database)))
{
print("Could not execute query!<br/>");
die(mysql_error()."</div>
</div>
</body>
</html>");
}
if (mysql_num_rows($result) == 0) {
print("Please verify your login information<br/>");
}
while ($row = mysql_fetch_assoc($result)) {
$username = $row["f_name"];
$userrole = $row["role"];
$userid = $row["reg_id"];
}
$_SESSION['SESS_MEMBER_ID'] = $userid;
$_SESSION['SESS_NAME'] = $username;
}
if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) {
echo "Hello - '$username'";
mysql_close($database);
session_regenerate_id();
//Write session to disc
session_write_close();
echo "<form method=\"post\" ><div id=\"login\" class=\"login\">
<label for=\"login\">User Name</label>
<input type=\"text\" name=\"logInUsername\" />
<label for=\"Password\">Password</label>
<input type=\"password\" name=\"logInPassword\" />
<input type=\"submit\" value=\"Submit\" class=\"button\" />
</div>";
}
else
{
$sessionName = $_SESSION['SESS_NAME'];
echo "<div id=\"login\" class=\"login\">
<label for=\"welcome\">Welcome '$sessionName' !</label>
</div>";
}
?>
Small changes :
Just plase form tag at appropriate place.
Never mix code after post and before post.
here all database stuff should be execute after submit so I enclosed them in condition if(isset($_POST))
due to nonlinearity of code it was creating session after one more refresh after post data. Now corrected.
for message :
do below changes :
give name to submit button <input type=\"submit\" name=\"submit\" value=\"Submit\" class=\"button\" />
replace first if condition with if(isset($_POST['submit']))
So, not dealing with any of the security or style issues that are here...
Right now you are seeing if the session is set. If it is not, then you process the login. After processing the login, you display the form fields.
You should actually check for 3 states...
Is someone already logged in?
Do you need to process a login?
If neither of those, show normal form...
You can do this by using your existing isset for the session field.
Then if it is not set, check if the post fields are set... if they are set, process a login.
Otherwise, show the basic login form.
EDIT:
Full code sample (sorry for the terrible formatting, mostly cut and paste...:
<?php
echo "<form method=\"post\" action=\"index.php?form_type=$page_vals\">";
echo "<body>";
//Start session
session_start();
//Check whether the session variable SESS_MEMBER_ID is present or not
if(isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) != '')) {
$sessionName = $_SESSION['SESS_NAME'];
echo '<div id="login" class="login">
<label for="welcome">Welcome '. $sessionName.'!</label>
</div>';
}
else if ($_POST[logInPassword] != null && $_POST[logInUsername] != null)
{
extract($_POST);
$username = "";
$password = "";
$userrole = "";
$userid ="";
$login_query = "SELECT user_id, user_role, user_username FROM users WHERE user_username = '$_POST[logInUsername]' AND user_password = '$_POST[logInPassword]'";
if(!($database = mysql_connect("localhost","root","")))
die("<p>Could not connect to database</p></div></div>
</body>
</html>");
if(!mysql_select_db("mydatabase", $database))
die("<p>Could not open my databases database</p></div>
</div>
</body>
</html>");
if(!($result = mysql_query($login_query, $database)))
{
print("Could not execute query!<br/>");
die(mysql_error()."</div>
</div>
</body>
</html>");
}
if (mysql_num_rows($result) == 0) {
print("Please verify your login information<br/>");
}
while ($row = mysql_fetch_assoc($result)) {
$username = $row["user_username"];
$userrole = $row["user_role"];
$userid = $row["user_id"];
}
echo "Hello - '$username'";
mysql_close($database);
session_regenerate_id();
$_SESSION['SESS_MEMBER_ID'] = $userid;
$_SESSION['SESS_NAME'] = $username;
//Write session to disc
session_write_close();
$sessionName = $_SESSION['SESS_NAME'];
echo '<div id="login" class="login">
<label for="welcome">Welcome '. $sessionName.'!</label>
</div>';
}
else
{
echo '<div id="login" class="login">
<label for="login">User Name</label>
<input type="text" name="logInUsername" />
<label for="Password">Password</label>
<input type="password" name="logInPassword" />
<input type="submit" value="Submit" class="button" />
</div>';
}
?>
Good luck!
Your logic just needs to be rethought. How about something like this? (pseduocode)
if( user is NOT logged in) // Check via session
{
$errors = array();
if( user submitted the form and is trying to log in) // Can be checked with a POST'd variable
{
// Set the session correctly here, query DB, etc.
// If there are any errors, add them to the $error array
}
if( !empty( $errors) || form was not submitted)
{
// Print the form and any errors (like invalid username / password combo)
}
exit; // Stop here
}
// Print welcome message here (since we know if we get here, the user is logged in)