php login script, give an error message if the name or password is incorrect -

how change script, displays error message if name or password incorrect? i'm new here in, can explain me

<?php     $username=$_post['username'];     $password=md5($_post['password']);     $login=$_post['login'];     if(isset($login)){          $mysqli = new mysqli("localhost", "root", "tech112!", "ripper");         if ($mysqli->connect_errno) {             echo "failed connect mysql: " . $mysqli->connect_error;         }         $stmt = $mysqli->prepare("select * login lower(`username`) = ? , password = ?");         $stmt->bind_param('ss', strtolower($username), $password);         $stmt->execute();         $result = $stmt->get_result();         $row = $result->fetch_assoc();           $name = $row['name_login'];         $user = $row['username'];         $pass = $row['password'];         $rank = $row['type_login'];         if($user==$username && $pass=$password){             session_start();             if($rank=="2"){                 $_session['mysesi']=$user;                 $_session['rank']=$rank;                 echo "<script>window.location.assign('index.php')</script>";                 } else if($rank=="1"){                 $_session['mysesi']=$user;                 $_session['rank']=$rank;                 echo "<script>window.location.assign('index.php')</script>";             }           }     }  ?> 

tom lammers

you need add else statement, so

 if($user==$username && $pass=$password){         session_start();         if($rank=="2"){             $_session['mysesi']=$user;             $_session['rank']=$rank;             echo "<script>window.location.assign('index.php')</script>";             } else if($rank=="1"){             $_session['mysesi']=$user;             $_session['rank']=$rank;             echo "<script>window.location.assign('index.php')</script>";      }     else {          echo "invalid login";     } 

this output error message only, you'll need format code more useful.

i count rows, ensure you're getting mysql, so.

if($result->num_rows == 1) {      if($user==$username && $pass=$password){                 session_start();             if($rank=="2"){                 $_session['mysesi']=$user;                 $_session['rank']=$rank;                 echo "<script>window.location.assign('index.php')</script>";                 } else if($rank=="1"){                 $_session['mysesi']=$user;                 $_session['rank']=$rank;                 echo "<script>window.location.assign('index.php')</script>";          }         else {              echo "invalid login - username , passwords not match";         } } else {     echo "invalid login - single entry not returned"; } 

i major security review on code, should never storing passwords in plain text format.