Please read the comments above from Jay and take them into consideration and apply what is suggested as it is very important in securing your
application
Now back to your question you need to store the error message in a variable then just echo that variable where you want the message to show.
<!DOCTYPE html>
<html>
<head>
<title></title>
<link rel="icon" type="img/png" href="pic/logo3.png">
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<link rel="stylesheet" type="text/css" href="css/style.css">
</head>
<body id="loginform">
<?php
$loginError = "";
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "";
$conn = new mysqli($servername, $username, $password, $dbname);
if (isset($_POST['submit']))
{
$name = $_POST['name'];
$pass =$_POST['pass'];
$query = mysqli_query($conn,"SELECT * FROM admin_user WHERE name='$name' and pass='$pass'") or die(mysqli_error());
$row = mysqli_fetch_row($query);
if ($row)
{
if (isset($_POST['remember'])) {
setcookie('name', time()+60*60*7);
}
session_start();
$_SESSION['name'] = $name;
header('location:index.php');
}
else
{
$loginError = '<div class="col-sm-12 text-align--center error">Invalid Username and Password Combination</div>';
}
}
?>
<div class="col-sm-6 align-center loginForm">
<img src="pic/logo.png">
<div class="box">
<?php echo $loginError;?> <!-- error will display here -->
<form action="" method="post" name="login" class="boxContent">
<label>Username</label><br>
<input class="login-input" type="text" name="name" /><br>
<label>Password</label><br>
<input class="login-input" type="password" name="pass" /><br>
<input class="login-input m-bottom" name="submit" type="submit" value="Login"/>
<input class="bump-left" type="checkbox" name="remember"><label>Remember me</label><br>
</form><br>
<div class="forgot">
<a class="bump-left" href="">Forgot Your Password?</a>
</div>
</div>
</div>
<div class="col-sm-6 col-pad--none">
<div class="bgcontent"><img src="pic/services2.jpg"></div>
</div>
</body>
</html>
Edit :
Putting everything together from the users comments above :
Little Bobby says your script is at risk for SQL Injection Attacks.
Learn about prepared statements for MySQLi. Even escaping the string
is not safe! Or PDO,
To solve the above you need to use prepared statements, you have two options, 1 use mysqli prepared or use PDO prepared statements, there are many arguments as to which one is better than the other comparison available on the internet, quick comparison here
I honestly prefer PDO.
Never store plain text passwords! Please use PHP's built-in functions to handle password security. If you're using a PHP version
less than 5.5 you can use the password_hash()
compatibility pack.
Make sure you don't escape passwords or use any other cleansing
mechanism on them before hashing. Doing so changes the password and
causes unnecessary additional coding.
Therefore a solution for the above is to use password_hash()
and password_verify();
See more about password hash and verify here :
So what you need to do now when you inserting the data in your database from the register page, you need to have a hash
$hash = password_hash($_POST['password'],PASSWORD_DEFAULT); Then you will need to store the hashed password in the database which is `$hash()`
This is how you login should look with PDO and password_verify()
<?php
session_start();
/*PDO Connection*/
$host = 'localhost';
$db = 'YOURDATABASE';
$user = 'root';
$pass = 'YOURPASSWORD';
$charset = 'utf8';
$dsn = "mysql:host=$host;dbname=$db;charset=$charset";
$opt = [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
];
$dbh = new PDO($dsn, $user, $pass, $opt);
if (isset($_POST['submit'])) {
$name = $_POST['name'];
$pass = $_POST['pass'];
$LoginMessage = "";
$stmt = $pdo->prepare("SELECT * FROM admin_user WHERE name = ?");
$stmt->execute([$name]);
$results = $stmt->fetch();
if ($results && password_verify($_POST['pass'], $results['pass'])) {
$_SESSION['name'] = $name;
header('location:index.php');
} else {
$loginError = "<div class=\"col-sm-12 text-align--center error\">Invalid Username and Password Combination</div>";
}
}
?>
<div class="col-sm-6 align-center loginForm">
<img src="pic/logo.png">
<div class="box">
<?php echo $loginError;?> <!-- error will display here -->
<form action="" method="post" name="login" class="boxContent">
<label>Username</label><br>
<input class="login-input" type="text" name="name" /><br>
<label>Password</label><br>
<input class="login-input" type="password" name="pass" /><br>
<input class="login-input m-bottom" name="submit" type="submit" value="Login"/>
<input class="bump-left" type="checkbox" name="remember"><label>Remember me</label><br>
</form><br>
<div class="forgot">
<a class="bump-left" href="">Forgot Your Password?</a>
</div>
</div>
</div>
<div class="col-sm-6 col-pad--none">
<div class="bgcontent"><img src="pic/services2.jpg"></div>
</div>
</body>
</html>