If the user submits the form without providing any authentication details, or submits details that are incorrect, we should display the form again with an appropriate error message. We can modify our index.php script to display the login form if a message has been passed to it for display, in addition to the previous check for an empty username or password:

// If no username or password has been entered, or there's a message
// to display, show the login page
if(empty($username) || empty($password) || isset($message) )
{
 // Display the message (if any), and the login form
}
else
{
 // Try to authenticate the user against the database
 ...
 // If unsuccessful, pass an error message and call the form again.
}
?>

Here, we’ve used the empty() function to ensure that the $username and $password variables are not empty, and the isset() function to check whether the $message variable has been initialized. Note that these functions are slightly different: a variable can be initialized (set) to an empty string. Since we set the first two variables earlier in the script, they will always be initialized, so we need to check whether their contents are empty or not. The $message variable will be initialized if a message has been passed to us for display; let’s see how this is done.

To pass nonsensitive information from one script to another, we can create our own GET request by adding a query string to the name of the target script. The query string consists of list ...