Right, so I've made a very simple web app that allows....
1.) People to register (adding them to the MySQL database)
2.) Login (providing they're in the database)
I've gotten it all working, but I'm stuck at the last hurdle. If someone logs in using the correct username and password, it takes them to login_success.php. Here I query the database and use "SELECT * FROM Users WHERE Username = '$name'"
I would have thought, that it would have returned that user's entry in the database. But instead I just get a blank page.
Am I right in thinking that's because the contents of the $name variable aren't passed from log.php to login_success.php
If so, how do I fix it?
----------------------------------------------------------------------------------------------------
LOGIN.PHP
<?php
include_once "Common/header.php";
session_name("MyLogin");
$page = (isset($_GET['login']) ? strtolower($_GET['login']) :
NULL);
if($page == "failed"){
print $_GET['cause'];
}
?>
<div id="main">
<br />   <br />  <br />
<h2>Sign In</h2>
 
<form name="form1" method="post" action="log.php?action=login">
<b>Username:</b>  <input type="text" name="uname"/><br />  <br />
<b>Password:</b>                 <input type="password" name="pword" /><br />  <br />
<input type="submit" value="submit" />
</form>
<?php include_once "Common/footer.php"; ?>
LOG.PHP
<?php
session_name("MyLogin");
session_start();
if($_GET['action'] == "login") {
$conn = mysql_connect("localhost", "root", "");
$db = mysql_select_db("test");
$name = ($_POST['uname']);
$word = ($_POST['pword']);
$sql = "SELECT * FROM Users WHERE Username='$name' and Password='$word'";
$q_user = mysql_query($sql) or die(mysql_error() . ' <br /> in ' . $sql);
if(mysql_num_rows($q_user) == 1){
$_SESSION['uname'] = $_POST['uname'];
header("Location: login_success.php");
exit;
} else{
header("Location: login.php?login=failed&cause=".urlencode('Invalid Username or Password'));
exit;
}
} else{
header("Location: login.php?login=failed&cause=".urlencode('Invalid User'));
exit;
}
if(session_is_registered("name") == false) {
header("Location: login.php");
}
?>
LOGIN_SUCCESS.PHP
<?php
include_once "Common/header.php";
$connect=mysql_connect("localhost", "root", "")or die ("Could not connect to database");
$data = mysql_query("SELECT * FROM Users WHERE Username ='$name'") or die(mysql_error());
Print "<table border cellpadding=3>";
while($info = mysql_fetch_array( $data )) {
Print "<tr>";
Print "<th>First Name:</th> <td>".$info['First_Name'] . "</td> ";
Print "<th>Last:</th> <td>".$info['Last_Name'] . " </td></tr>";
}
Print "</table>";
?>
Login Successful
<?php include_once "Common/footer.php"; ?>