reason is because you display the form for both cases!

//i'm abbreviating this
if(isset($_POST['go'])){
    //i see form html here

}else if(!isset($_POST['go'])){
   //i see form html here TOO

}

you also have logic around whether the username/pass is correct but essentially I see form html for both states

Thanks, I assumed with the isset statements depending on whether or not 'go' was set, it would do one or the other, either display the form for the first time or do the field checking and display the form again to make the corrections.

How would I rewrite this so it only displays if not logged in?

hmm, Ok i rewrote some of it, added a hidden field and check for the cookie value allow. if you look at http://mylinuxweb.com/krista/index.php youll see the form on the bottom right. enter test/test in the fields and youll see that after you do login there should be 1 user online shown at the top right next to contact us.

The form will remain there though unless you click login for the second time, then it will display the user online.

<?php 
		 if (!$_COOKIE['allow']) { ?>
         <form action=index.php method="post"><br />

	<?php if ( isset($_POST['check']) && ($_POST['uname'] !== $uname) ) {
	echo "Username Incorrect <br />";
	} //endif 
	?>

    Username: <input name="uname" type="text" size="10" maxlength="10" value="<?php $_POST['uname'] ?>" /><br /><br />

	<?php if ( isset($_POST['check']) && ($_POST['pass'] !== $pass) ) {
	 echo "Password Incorrect <br />";
	} //endif 
	?>

    Password: 
    <input name="pass" type="password" size="10" maxlength="10" value="<?php $_POST['pass'] ?>" /><br />
    <input name="go" type="submit" value="Login" />
    <input type="hidden" name="check" >
     </form>
<?php } ?>

try using session variables, but here is your logic I suggest:

if($_SESSION['loggedIn']){
   //don't display the form, display the # of signed-in users
   ?>


   <?php

}else{
   //sub-logic, evaluate the login
   if($_POST['go'] && $_POST['password']!==$secretpassword){
      //failed login
      $loginError=true; //now use this to display error messages
   }else{
      //show the form
      ?><form ..>

  </form><?php
   }
}

I don't think that will work cause of how i have the pages setup. I have a header.php which which is included in the index.php file. That checks whether or not the cookie is set to allow =1 and will display the users online if it is.

Im thinking it is a backeting issue but im not certain. Here is the code for the header.php:

<?php error_reporting(0);
$uname ='test';
$pass ='test';
?>

// Some html here

<?php 
			if (isset($_POST['go'])){ 
				if ( ($_POST['uname'] == $uname) && ($_POST['pass'] == $pass) ) { 
					setcookie("allow", 1, time() + (86400 * 30));
				}
			if ($_COOKIE["allow"] == 1) {
			include ("online.php");
			}
		}
			?>

And then the index.php which the form is submitting to:

<?php 
		 if (!$_COOKIE['allow']) { ?>
         <form action=index.php method="post"><br />

	<?php if ( isset($_POST['check']) && ($_POST['uname'] !== $uname) ) {
	echo "Username Incorrect <br />";
	} //endif 
	?>

    Username: <input name="uname" type="text" size="10" maxlength="10" value="<?php $_POST['uname'] ?>" /><br /><br />

	<?php if ( isset($_POST['check']) && ($_POST['pass'] !== $pass) ) {
	 echo "Password Incorrect <br />";
	} //endif 
	?>

    Password: 
    <input name="pass" type="password" size="10" maxlength="10" value="<?php $_POST['pass'] ?>" /><br />
    <input name="go" type="submit" value="Login" />
    <input type="hidden" name="check" >
     </form>
<?php } ?>

It all works just that you have to hit the login buton 2x before the users online will show and the form disappears.