Hello, im very green to php and I am having trouble creating a simple log in script. Not sure why this is not working, maybe a mysql_query mistake? I am not receiving any errors but nothing gets updated in the members table and my error message to the user displays. any help is appreciated! here is my php:
<?php
session_start();
$errorMsg = '';
$email = '';
$pass = '';
if (isset($_POST['email'])) {
$email = ($_POST['email']);
$pass = ($_POST['password']);
$email = stripslashes($email);
$pass = stripslashes($pass);
$email = strip_tags($email);
$pass = strip_tags($pass);
if ((!$email) || (!$pass)) {
$errorMsg = '<font color="#FF0000">Please fill in both fields</font>';
}else {
include 'scripts/connect_db.php';
$email = mysql_real_escape_string ($email);
$pass = md5($pass);
$sql = mysql_query("SELECT * FROM members WHERE email='$email' AND password='$pass'");
$log_check = mysql_num_rows($sql);
if ($log_check > 0) {
while($row = mysql_fetch_array($sql)) {
$id = $row["id"];
$_SESSION['id'];
$email = $row["email"];
$_SESSION['email'];
$username = $row["username"];
$_session['username'];
mysql_query("UPDATE members SET last_logged=now() WHERE id='$id' LIMIT 1");
}//Close while loop
echo "You are logged in";
exit();
}
else {
$errorMsg = '<font color="#FF0000">Incorrect login data, please try again</font>';
}
}
}
?>
and the form:
<?php echo $errorMsg; ?>
<form action="log_in.php" method="post">
Email:<br />
<input name="email" type="text" /><br /><br />
Password:<br />
<input name="password" type="password" /><br /><br />
<input name="myBtn" type="submit" value="Log In" />
</form>