Login and Logout Authentication for a Project Management Application - The HTML Form (
Page 2 of 4 )
The HTML form attached to the code above simply displays the username and password fields as stated in the previous article. We will look at it here.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/userauth.dwt.php" codeOutsideHTMLIsLocked="false" -->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<!-- InstanceBeginEditable name="doctitle" -->
<title>Project Management ::Login</title>
<!-- InstanceEndEditable -->
<!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable -->
<link href="Templates/loginstyle.css" rel="stylesheet" type="text/css" />
</head>
<body>
<table width="100%" border="0">
<tr>
<td bgcolor="#6699CC" class="headertxt">Project Management:: User Authentication </td>
</tr>
<tr>
<td><!-- InstanceBeginEditable name="main" -->
<table width="100%" border="0" class="formborder">
<tr>
<td colspan="2" class="loginheader">Login</td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
The form starts here with the <form> element. Immediately below you can clearly see where the error message display area is set.
<form action="login.php" method="post" name="f1" class="formborder">
<?php if(isset($errmsg)){?>
<tr>
<td colspan="2" class="errmsg" ><?php echo $errmsg; ?></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<?php
}
?>
The error message is only displayed if the $errmsg variable is set. In other words if the $errmsg variable is not empty, it will be displayed. The next part of the form displays the “username” field.
<td width="10%" valign="bottom"><strong>Username:</strong></td>
<td width="90%"><label>
<input name="uname" type="text" class="login" id="uname" size="40" />
</label></td>
</tr>
<tr>
And finally, here is the password field.
<td valign="bottom"><strong>Password:</strong></td>
<td><label>
<input name="upass" type="password" class="login" id="upass" size="40" />
</label></td>
</tr>
<tr>
<td> </td>
A link to the password.php file is provided for those who have forgotten their password. The password.php script is responsible for retrieving and sending the password to the user.
<td><a href="password.php">Forgot your password?</a> </td>
</tr>
<tr>
<td> </td>
<td><label>
<input name="submit" type="submit" id="submit" value="Log me in!" />
</label></td>
</tr>
</form>
</table>
<!-- InstanceEndEditable --></td>
</tr>
<tr>
<td align="right" class="cright">copyright © 2007 PM </td>
</tr>
</table>
</body>
<!-- InstanceEnd --></html>
Throughout the PHP section of the log-in code (and indeed, throughout the entire application), you will note that I’ve called the mysql_error() function to see if any errors occurred in the mysql query code:
}else{
//if values do not match set errmsg
$err=true;
$errmsg .="The username or password you entered does not match.<br> MYSQL ERROR ". mysql_error();
}//else
I’ve only done this for debugging purposes because the code was in development. If you are going to use this application in the real world, you should find another way to show or handle the error. For example, you could write an error logging class or something that will not display the error, but rather write the error to a text file. This is because PHP errors reveal a lot more information than they need to when there is an error, and can cause a security vulnerability when doing so.
That’s it for the login script. Next we'll look at the logout form.
/ 9 
