Okay, so I'm trying to display the users first name as a greeting message on index.php like, 'Hello, (users first name), but im pretty new to all this php stuff so i really cant figure out how to do this. I tried to follow a short tutorial, but whenever i try to print the first name with 'print $_POST['first_name'] i get a undefined index error.... Might be a stupid question, but i just cant figure it out.
Here's my db_connect.php if it matters at all:
<?php
$host = "localhost";
$user = "root";
$pass = "";
$db = "Byt til Nyt";
$ms = mysql_pconnect($host, $user, $pass);
if ( !$ms )
{
echo "Could not connect to database.";
}
mysql_select_db("$db");
?>
Here's a short version of my register.php:
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>Register</title>
<?php
include('includes/db_connect.php');
if (#$_GET["op"] == "reg") {
$bInputFlag = false;
foreach ($_POST as $field) {
if ($field == "") {
$bInputFlag = false;
} else {
$bInputFlag = true;
}
}
if ($bInputFlag == false) {
die("Der opstod et problem med dine oplysninger. Gå tilbage og prøv igen.");
}
$q = "INSERT INTO 'users' ('first_name','last_name','email','username','password')" . "VALUES ('" . $_POST["username"] . "'," . "PASSWORD ('" . $_POST["password"] . "')," . "'" . $_POST["email"] . "')";
$r = mysql_query($q);
if (!mysql_insert_id()) {
die("Der opstod en fejl. Du er ikke blevet tilføjet til databasen.");
} else {
Header("Location: register.php?op=thanks");
}
} elseif (#$_GET["op"] == "thanks") {
echo "<h2>Tak fordi du registrerede!</h2>";
}
?>
</head>
<body>
<form method="post" action="includes/verify.php" name="register">
//recaptcha script here
<label>First name</label>
<input type="text" name="first_name" placeholder="Your first name" required><br>
<label>Last name</label>
<input type="text" name="last_name" placeholder="Your last name" required><br>
//some more input fields and stuff
And here's a short version of my index.php:
<?php
session_start();
include("includes/functions.php");
include("includes/db_connect.php");
?>
<!DOCTYPE html>
<html lang="dk">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<head>
<title>
Byt til Brugt
</title>
<link rel="stylesheet" href="index.css">
</head>
<body background="http://i.imgur.com/urLzQr5.jpg" bgcolor="navy">
<div class="menu">
<p>Velkommen, <?php if (isset($username)) {
print $_POST['first_name'];
}
?>
</p>
So, what is the problem?? :/ Any help would be VERY appreciated, I've been trying to fix this for 2 days now.... Just say if you need my login.php or anything else (: Thanks a lot! And sorry for my bad English..
$_POST['first_name']
is probably not set, try
<?php if (isset($_POST['first_name'])) {
print $_POST['first_name'];
}
?>
You don't have the user POSTing to your index page, therefor the $_POST variable is empty when you try to access it.
Your register form posts to includes/verify.php
The variable $_POST is only populated for you if the user submits a form using the POST method. So you should NEVER expect it to contain data, always check it first (!empty($_POST) at the least).
What you are probably intending to do is retrieve the name from the database using their username. (Probably stored in the session?)
Once you have populated the variable then you simply echo out that variable when you need it and you will get the first name they entered when signing up.
Additionally, your signup page won't work as intended for the same reason. You are posting to includes/verify.php and judging from your code it looks like your verify page redirects the user back to register.php?op=reg which means you just lost all of your POST data unless you are using javascript to post back to register.php?op=reg (but that isn't needed)
Also, your MySQL is wrong. You are trying to insert into 5 fields
'first_name','last_name','email','username','password'
and you are only passing 3 values
'username', 'password', 'email'
You should be passing 5 values and the order should match the column list. If you set a default value for username and password then this might not cause a MySQL error but your data will not match up to the intended field.
(Username into first_name, password into last_name, email into email, nothing in username, nothing in password)
You mention that you are following a tutorial, so perhaps it's best to just look for another tutorial. Maybe one that is a little more updated considering you should avoid using mysql_connect or mysql_pconnect as a database method.
Related
I am using the following html form to get a login:
<!DOCTYPE html>
<!-- This is a html file for logging in to the virtual adviser -->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8">
<title> Pet Tracker Login</title>
<link rel="stylesheet" type="text/css" media='screen' href="css/login.screen.css">
</head>
<body>
<!-- The div that displays the login form-->
<div class="login">
<h1><strong>Welcome to the Pet Tracker System</strong></h1>
<form action="validateLogin.php" method="POST">
<fieldset>
<label for="user">Username</label>
<p><input type="text" required id = "user" name = "Username" value=""></p>
<label for="pass">Password</label>
<p><input type="password" required id = "pass" name = "Password" value=""></p>
<!-- <p>Forgot Password?</p> -->
<p><input type="submit" value="Login"></p>
</fieldset>
</form>
<!-- include the logo with green background -->
<img src="images/threeDeePawPrint.png" alt="paw Logo" style="width:194px;height:97px" class = "center">
</div>
</body>
</html>
but apparently this is not posting because I get an undefined index error on the validateLogin.php page:
<?php
// start the session for this page and create the array to hold error messages
session_start();
$errmsg_arr = array();
$errflag = false;
$username = 'root';
$password = '';
$url = 'localhost';
$database = 'pet_tracker';
/* Note that above variables are using single quote for string. When they
get replaced in the connection statement below, single quotes within
single quotes will fail, therefore, the string argument in $conn= statement
must be double quotes
*/
try
{
$conn = new PDO("mysql:host=$url; dbname=$database",$username,$password); //create PDO object (PHP Data Objects = PDO)
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); /*set the attribute that controls the error mode once the database
has been connected to, so that it throws exceptions (PDO switches to
"silent failure" mode after establishing a successful connection) */
$conn->exec('SET NAMES "utf8"'); /* PDO has a method exec that runs SQL scripts. Configure the character
encoding to UTF-8 for special characters like smart quotes */
}
catch (PDOException $e)
{
echo $e;
$output = 'Unable to connect to the database server.'. //the '.' is the concatenation operator for a string
$e->getMessage(); //the '->' is the equivalent of the dot operator in Java
include 'error.html.php';
exit();
}
//get the username and password posted from the login page (index.php)
if(isset($_POST['user'])) echo 'index user has value'.$_POST['user'];
if(isset($_POST['pass'])) echo 'index user has value'.$_POST['pass'];
$user = $_POST['user'];
$pass = $_POST['pass'];
//query the database for the posted data from form
$result = $conn->prepare("SELECT * FROM client WHERE username= :un AND password= :pw");
$result->bindParam(':un', $user);
$result->bindParam(':pw', $pass);
$result->execute();
$rows = $result->fetch(PDO::FETCH_NUM);
if($rows > 0)
{
$result = $conn->prepare("SELECT * FROM client WHERE username = :un"); //PDO can only handle a row of data at a time?? Cannot select first_name from students, etc.??
$result->bindParam(':un',$user);
$result->execute();
$name = $result->fetchColumn(1);
$_SESSION['name'] = $name;
$_SESSION['user'] = $user; //the next page employee.php will need the username to get information from the database
header("location: employee.php");
}
else{
$errmsg_arr[] = 'Username and Password are not found';
$errflag = true;
}
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: index.php");
exit();
}
?>
The errors I get are in the lines where I set the $user and $pass variables. The errors I get are:
Notice: Undefined index: user in C:\xampp\htdocs\PetTracker\validateLogin.php on line 41
Notice: Undefined index: pass in C:\xampp\htdocs\PetTracker\validateLogin.php on line 42
Index of $_POST variable should be exactly same as the name attribute of the HTML Input. Name of your input field is Username while you are trying to access it as $_POST['user'] which is entirely wrong.
Either change the name to user or the $_POST index to Username
Also consider reviewing your code, there are bunch of other mistakes as well. Just for instance, you need to capitalize the first letter of location as Location in the header function. Also consider checking the post-back by writing the following condition on the first line of validateLogin.php page
if($_SERVER['REQUEST_METHOD']=='POST'&&isset($_POST['submit'])){
//Your code
}else{
//redirect to somewhere else...
}
Html create input keys from name attribute.
Solution 1: change HTML
<input type="text" required id="user" name="user" value="">
Or solution 2: change PHP
$user = $_POST['Username'];
$pass = $_POST['Password'];
PHP Notice of Undefined Index means that the array Key does not find in the array. If you wish to view all the elements of array you can use print_r($_POST);
To fix your problem just change $_POST['user'] to $_POST['Username'] and $_POST['pass'] to $_POST['Password'];
I have three files working on an login app to learn PHP.
This is the connection with DB
<?php
# Connecting database below
$connection = mysqli_connect('localhost','root','','loginapp');
if ($connection) {
# code...
echo "connected";
}
else{
echo "Errorr";
die("Database");
}?>
and here is the html code for the web view
<html>
<head>
<title>Form</title>
</head>
<body>
<h1>Welcome to My Form</h1>
<form class="" action="login_create.php" method="post">
<input type="text" name="name" placeholder="Enter your name here"><br>
<input type="password" name="password" placeholder="Enter Password" value=""><br>
<input type="submit" name="submit" value="submit">
</form>
</body>
</html>
and here is the file where things are going wrong, its not checking the conditions of entries and not putting the data into database what's wrong going there? help please
sometimes it gives
error that "unknown 'sbumit' in the $_POST" and sometimes it don't
doesn't even show any error
but doesn't even do anything
<?php
include "db.php";
if (isset($_POST['submit'])) {
$username = $_POST['name'];
$password = $_POST['password'];
if (isset($username) && isset($password)) {
if (strlen($username) > 10 && strlen($username) < 3) {
echo "Must enter username & pass between 3 & 10";
echo "So that we can forward your request";
}
else {
$query = "INSERT INTO users (username,password) VALUES ('$username','$password')";
$result = mysqli_query($connection,$query);
if(!$result)
{
die('Sorry Query faild'.mysqli_error());
}
}
}
else
{
echo "You haven't wrote anything, write it first";
}
}?>
Habib,
Some guidance for PHP :
$button = isset($_POST["submit"])?$_POST["submit"]:"";
What this line does is apply a value to the $button variable, the first check is that IF isset($var) THEN (indicated with the ? ) apply the value of $var to the $button variable.
The colon : then sets that if the boolean query (true/false) of the IF returns false, then apply the second value instead, in this case an empty string of "".
This is code minimalisation and you should be aware of it but there is little need to use it, especially while learning.
Feedback on your code:
mysqli_error($connection); Your error feedback for MySQLi should include the connection details, as shown here.
replace the $username = $_POST['name'];
$password = $_POST['password'];
if (isset($username) && isset($password)) {
because you want to check not if they're set but if they're not empty, currently they will be set as they're set to the values of $_POST even if they are null (potentially), so replace with:
if(!empty($username) && !empty($password)){
Also note that ! is the negative operator. so above is IF NOT EMPTY.
if (strlen($username) > 10 && strlen($username) < 3) { this is impossible to reach because you're setting if string is longer then 10 AND string is shorter than 3, this is clearly impossible. replace the && with || which is OR rather than AND .
Personally I think that isset($_POST['submit']) is not the best way, instead checking that if($_POST['submit'] == 'submit') confirms the submission of this form from this submit button (the value is the value set in your HTML form).
$query = "INSERT INTO users (username,password) VALUES ('$username','$password')"; This works fine, BUT you really, really need to do some research into SQL injection attacks and SQL security. read How can I prevent SQL injection in PHP? as a start. This is very important to learn at the start of your PHP MySQL learning.
Also research into PDO database connectivity.
Also be aware that your script will not output anything when you have a successful saving of username/password to the database.
As a closer:
Fnally, set up error logging on your page, to give you useful feedback on errors and problems: error_reporting(E_ALL);
ini_set('display_errors', 1); at the very top of your page. Also see How do I get PHP errors to display?
Change your code as follow.
<?php
include "db.php";
$button = isset($_POST["submit"])?$_POST["submit"]:"";
$username = isset($_POST["name"])?$_POST["name"]:"";
$password = isset($_POST["password "])?$_POST["password "]:"";
/*Commetents*/
$button =isset($_POST["submit"])?$_POST["submit"]:"";
is similar to following code:
if(isset($_POST["submit"]))
{
$button = $_POST["submit"];
}
else
{
$button = $_POST["submit"];
}
You know in Php 5.4 , it will present error,if you do not set any value to variable . that is why we used it. If it doesn't get any value it will set it value "".
if($button == "submit") means when someone will press the button submit then $_POST['submit'] value will be submit which you define in the submit button value.
if($button == "submit")
{
if($username=="" or $password=="")
{
$error ="Username & Password can't be blank";
}
elseif(strlen($username)<3 or strlen($username) > 10 )
{
$error ="Must enter username & pass between 3 & 10";
}
else
{
$query = "INSERT INTO users (username,password) VALUES('$username','$password')";
mysqli_query($connection,$query) or die(mysqli_error());
}
}
echo $error;
Hope it will help you .
This question already exists:
How do I enable error reporting in PHP? [duplicate]
Closed 8 years ago.
I am in the process of creating a simple PHP-CMS. I have of course also created a simple login Form, which as you can see uses an SQL query to check if the Username and Password that are typed in match, etc.
This worked fine for months now until recently I changed something in this file (I cannot remember what: Sorry) and now all I get when I enter the correct username/password is a whitescreen! I have enabled errorreporting in PHP but I get nothing
Can someone help me/check my code for the error?
Many thanks in advance!
this here is the PHP loginpanel.php file.
<?php
error_reporting(E_ALL);
ob_start();
if(isset($_POST["SubmitBtn"]))
{
$username = $_POST["Name"];
$password = $_POST["Pass"];
$pdo = new PDO("mysql:host=fdb6.awardspace.net;dbname=1645626_cms","***","****");
$query = $pdo->prepare("SELECT * FROM T_Users WHERE Username = :username AND Password = :password");
$query->bindParam(":username", $username);
$query->bindParam(":password", $password);
$query->execute();
// geneste if voor het inloggen indien aan de voorwaarde hierboven voldaan word+countdown/welkomstbericht
if($result = $query->fetch(PDO::FETCH_OBJ))
{
echo "Welcome " .$result->Username. "!";
echo '<p>You will be logged in in 5 seconds.</p>';
session_start();
$_SESSION["Name"] = $username;
header("Location:http://stuff.romulus310ftp.dx.am/CMS/login/adminpanel.php");
}
else
{
echo "You entered the wrong password or username. Please try again.";
}
}
// ifje voor de registratie-countdown
if (isset($_POST["RegistrateBtn"]))
{
echo '<p>You will be redirected in 5 seconds.</p>';
header("Location:http://stuff.romulus310ftp.dx.am/CMS/login/registrationpanel.php");
}
?>
And this is its' HTML
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>CMS by Romulus</title>
<link rel="stylesheet" type="text/css" href="CSS/style.css">
</head>
<body>
<form action="#" method="post" class="form">
Name: <input type="text" name="Name">
</br>
Passw: <input type="password" name="Pass">
</br>
<input type="submit" value="Enter" name="SubmitBtn">
<input type="submit" value="Register" name="RegistrateBtn">
</form>
</body>
</html>
EDIT: I found out I get the error "Fatal error: Uncaught exception 'PDOException' with message 'could not find driver'" which according to a friend of mine means there is a problem at my host. Is this true?
Try making a test page and outputting phpinfo()
You should be able to see whether PDO is installed there
You should wrap your PDO connection in a try / catch block:
try {
$pdo = new PDO(...)
//queries, etc.
}
catch(PDOException $ex) {
echo(ex->getMessage());
}
It's possible that your hostname is wrong, your username, your password, or even your query. The getMessage method should help you track down which line is causing you problems.
EDIT: Judging by your update with the PDO error, I would suggest visiting this SO question to find out about enabling the MySQL PDO driver in your PHP installation.
I have a simple html form that looks like this
<form action="insert.php" method="post">
Name: <input type="text" name="name"><br>
Password: <input type="text" name="pw"><br>
<input type="submit" value="log in">
</form>
What I need to do with this is check the values that are submitted in this form against those in a simple database I have created. The database is name is userdb, and in it I have created a simple table called 'users', with two columns called name and password.
I am able to connect to the database correctly with
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
Now I'm confused with (probably the most important bit) where I have to validate the form against some values in the database.
I have created a name and password entry in phpmyadmin, for name='eric' and password='123456'.
I'm just not sure how to check it using the form?
Is it something like this?
$sql = "INSERT INTO `userdb`.`users` (`name`, `password`) VALUES ($name, $pw);";
$name and $pw are values that I got from the form name attributes.
It tells me I have undefined variables though so obviously I've got it wrong here.
Any help?
*edit here is the full code:
index.php
<html>
<head>
<style>
#main
{
width: 700px;
margin-left: auto;
margin-right: auto;
}
</style>
</head>
<body>
<div id="main">
<?php
$name = "";
$pw = "";
?>
<form action="insert.php" method="post">
Name: <input type="text" name="name"><br>
Password: <input type="text" name="pw"><br>
<input type="submit" value="log in">
</form>
</div>
</body>
</html>
insert.php
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Untitled Document</title>
</head>
<body>
<?php
$con=mysqli_connect("localhost","userdb","","");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
else
{
echo "you are connnected";
}
$sql = "INSERT INTO `userdb`.`users` (`name`, `password`) VALUES ($name, $pw);";
?>
</body>
</html>
Your POST variables are in the wrong file. Take them out of index.php and place them in insert.php as so:
You're also storing passwords in plain text, which is not recommended. Use PHP's password_hash() function if your PHP version is 5.5. Otherwise, use crypt() or bcrypt()
Sidenote: There is a password compatibility pack available here for the password_* functions.
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Untitled Document</title>
</head>
<body>
<?php
$con=mysqli_connect("localhost","userdb","","");
$name=$_POST['name']; // <-- right there
$pw = $_POST['pw']; // <-- right there
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
else
{
echo "you are connnected";
}
$sql = "INSERT INTO `userdb`.`users` (`name`, `password`) VALUES ('$name', '$pw')";
?>
</body>
</html>
If you want to check for successful insert, do:
$sql = "INSERT INTO `userdb`.`users` (`name`, `password`) VALUES ('$name', '$pw')";
if (mysqli_query($con,$sql))
{
echo "Database updated successfully";
}
else
{
echo "Error: " . mysqli_error($con);
}
Footnotes:
For added security, change:
$name=$_POST['name']; // <-- right there
$pw = $_POST['pw']; // <-- right there
to:
$name=mysqli_real_escape_string($con,$_POST['name']);
$pw = mysqli_real_escape_string($con,$_POST['pw']);
Login method: (Sidenote: Use the password storage methods shown at the top if possible).
If you want to use it as a login method, you can use something to the effect of:
$con = #mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME)
OR die("could not connect");
$user = mysqli_real_escape_string($con,$_POST['name']);
$pass = mysqli_real_escape_string($con,$_POST['pw']);
$query = "SELECT * FROM your_table WHERE name='$user' AND password='$pass'";
$result = mysqli_query($con,$query);
$row = mysqli_fetch_array($result);
if($row["name"]==$user && $row["password"]==$pass){
echo "You are a validated user.";
}
else{
die("Sorry.");
}
$sql="SELECT * FROM userdb WHERE name='$name' LIMIT 1";
Then fetch the result and check if the password is equal to the password you have.
Next thing you want is to return something, and also to actually log the user in do:
$_SESSION['userid'] = $userid;
Or store whatever you want^. Then check if that exists in all your other pages to determine if the user is logged in.
EDIT: Also it seems like it's needed to add - you're not storing your passwords securely, and you're also not sanitizing your strings properly (against SQL injections). Might want to look into that ^_^.
EDIT 2: Oh yeah, for your problems - variables are undefined because you have to get them using $_POST['']. Inside the '', put the name of the variable you're expecting. $_POST['name'] to get the name, for example.
I would recommend you to use the PHP Data Objects handle the data.
I am not quite sure what exactly you want. You want to make a login page or a signup page?
//connect database
$dsn='mysql:dbname=userdb;host=localhost';
$dbu=''; //YOUR DATABASE USERNAME GOES HERE
$dbp=''; //YOUR DATABASE PASSWORD GOES HERE
try {
$dbh=new PDO($dsn,$dbu,$dbp);
} catch (PDOException $e) {
echo 'Connection failed: '. $e->getMessage();
}
if it's a login page, using this:
//check name and password
$sth=$dbh->prepare('SELECT 1 FROM users WHERE name = ? AND password = ?');
$sth->execute(array($_POST["name"], $_POST["pw"]);
$row=$sth->fetchAll(PDO::FETCH_ASSOC);
if (count($row) == 1){
echo "Correct name and password";
} else {
echo "Wrong name or password";
}
if it's a signup page, using this:
//insert name and pass
$sth=$dbh->prepare('INSERT INTO users (name, password) VALUES (?,?)');
$sth->execute(array($_POST["name"], $_POST["pw"]);
PHP/MySQL newbie question.
I have a database I've imported into my local phpmyadmin. However it seems I can't access it from my a php application. The connection string seems right and when I try to authenticate user credentials to access database information, no problems.
However authenticate everyone and knows when I put in fake credentials. Still it won't pull any other information from the database.
For instance, once a users login they should see something like, "Hello username", that kind of thing. At this point I see "Hello" without the username. Any ideas what i might be missing?
I noticed you are using the root user (though I'm not sure if this was added merely for posting purposes here.) Depending on what hosting environment you are using this may or may not be a problem - some shared hosts force you to assign a user for databases in MySQL.
From the looks of things your query should be executing and returning a number of rows at the least. Have your tried print_r on the results array? If so, can you post the output?
If you are successfully getting results from the database, I don't see anywhere in your posted code a conditional that echos out a success message. You may want to check isset() against the $_SESSION superglobal keys you assign ( recordID and firstName) and if true echo out a success message if you have not already done so.
Just a thought as well - I noticed you are using sprintf to format out your query - it may be a bit too robust for what you're trying to accomplish, but using PDO to get parameterized sql queries is a nice way to get that job done where available.
Introduction to PHP 5 PDO
ok sorry for all the back and forth guys. here's the issue. I've got a php app and mysql database connected (or at least i hope so...). there is a form in the header of my page for users to login. i CAN login but i can't seem to pull any information from the database. If i try to log in using bogus credentials i'm given an "incorrect login" message. However when i do login it can't seem to pull anything else from the database other than those credentials.
ok here's the code...
DATABASE CONNECTION:
<?php
session_start();
# FileName="Connection_php_mysql.htm"
# Type="MYSQL"
# HTTP="true"
$hostname_test = "localhost";
$database_test = "girlpower";
$username_test = "root";
$password_test = "password";
$test = mysql_pconnect($hostname_test, $username_test, $password_test) or trigger_error(mysql_error(),E_USER_ERROR);
mysql_select_db($database_test, $test);
?>
HERE'S THE LOGIN CODE:
<?php
require_once("includes/db.php");
$userEmail = trim($_POST['userEmail']);
$password = trim($_POST['password']);
$userlogin = trim($_POST['userlogin']);
//print_r($_POST);
if ($userlogin != "" && $userEmail != "" && password != "" )
{
$sql = sprintf("Select * from girlpower where email = '%s' and pwd = '%s'", $userEmail, $password );
//echo $sql;
$res = mysql_query($sql);
if( mysql_num_rows( $res ) == 0 )
{
//TODO:
//redirect..
header("Location: " . $_SERVER['HTTP_REFERER'] . "?fail=1" );
}
else
{
$row = mysql_fetch_assoc( $res );
$_SESSION['recordId'] = $row['recordId'];
$_SESSION['firstName'] = $row['firstName'];
//echo "success...";
header("Location: " . $_SERVER['HTTP_REFERER'] );
//print_r($_SERVER);
}
//print($_SESSION);
}
else
{
header("Location: " . $_SERVER['HTTP_REFERER'] . "?fail=1" );
}
HERE'S WHERE HEADER CODE (THIS IS WHERE THE FORM LIVES):
<?php
$fail = false;
if( $_GET['fail'] != "")
{
$fail = true;
}
if( $_SESSION['recordId'] != "" )
{
//get the 1st name
$firstName = $_SESSION['firstName'];
}
?>
<div id="header">
< SHOULD BE LINK "index.php"></a>
<div id="ulogin">
<fieldset id="userlogin">
<?php if( $firstName == ""){ ?>
<form name="loginForm" action="dologin.php" method="post" >
<label for="logemail">Members Login: Email</label> <input type="text"
name="userEmail" id="logemail" size="15" />
<label for="logpwd">Password</label> <input type="password" name="password"
id="logpwd" size="15" />
<input type="submit" name="userlogin" id="login" value="Login" />
<?php if ($fail == true ) {?>
<span class="error">Incorrect Login</span>
<?php }?>
</form>
</fieldset>
<?php
}
else{
?>
<div id="welcome">Welcome <?= htmlentities( $firstName ) ?> | <SHOULD BE LINK ="seemsgs.php?receiver_id="<?= $_SESSION["recordId"]?> > See Messages</> |<SHOULD BE LINK ="member.php">Update Profile</> | <SHOULD BE LINK ="dologout.php">Logout</a> </div><?php }?>
</div>