Session Login Failure Popup Problem

Anon

Ok, I will see if I can explain this properly. I am trying to institute a login session that provides the $userid for the user in a pulldown menu and they just have to enter the password. upon successful login the user will be redirected to the next page. If login is unsuccessful the user will be given a popup message telling them of their error. Here is the problem. I finally can get the popup message to pop up once the wrong userid and password are entered. Then, once the cookie is set, you will get the error message even with the proper userid and password, then it will pass you on to the next page. Also if you close the browser it will give you the error message. Very annoying. I have moved the popup section of the script all over in the PHP script but it is always the same result.

Any Ideas?

<?
session_start();
echo "userid: $userid";
echo "password: $password";

//if user has not tried to log in this will be skipped

if ($userid && $password)
{
$usr = "";
$pwd = "";
$db = "";
$host = "";
$cid = mysql_connect($host,$usr,$pwd);
if (!$cid) { echo("ERROR: " . mysql_error() . "\n"); }

	// when the user tries to log in this will run.
	$query = "select  *  from Organization where OrgID='$userid'  and Password='$password'";
	$retid = mysql_db_query($db, $query, $cid);
	if (!$retid) { echo( mysql_error()); }
	if (mysql_num_rows($retid) >0 )
		{
			// if they are in the database register the userid
			$valid_user = $userid;
			session_register("valid_user");
		}
	if (mysql_num_rows($retid) ==0 )
		{
			// if they are in the database register the userid
			$non_valid_user = $userid;
			session_register("non_valid_user");
		}
}

<body>

<?
$usr = "";
$pwd = "";
$db = "";
$host = "";
$cid = mysql_connect($host,$usr,$pwd);
if (!$cid) { echo("ERROR: " . mysql_error() . "\n"); }

if (session_is_registered("valid_user"))
{
function redirect($URL)
{
echo "<script language='javascript'>";
echo "function redirect(url){" ;
echo "document.location.href=url;}";
echo "redirect($URL)";
echo "</script>";
}
//call the redirect function passing it the url
redirect("'http://next.page.com/MA-AO_logon.php'");
}
else
{
echo "<script language='javascript'>";
echo "function MM_popupMsg(msg) { ";
echo " alert('The system could not log you in. Please check your Organization name and Password and try again.');}";
echo "</script>";

		//session_unset();
		//session_destroy();

		}
					$userid="";
      	$password="";

session_destroy();
echo "<body bgcolor=#FFFFFF text=#000000 onUnload=MM_popupMsg()>";

Anon

There are a few things that probably look funny in the script I posted. The echo of the $userid and $password is so that I can see at the top of my webpage what variables are currently set at that time. I also have set in there a

$non_valid_user = $userid;
session_register("non_valid_user");

I need to take that out. It is something I was trying that didn't work.

Thanks
Rick

Anon

Would it be better to split up this script? Leaving the form data on the main page and passing the variables to a second page instead of trying to process everything at once using loops?

Rick