I have two login forms, one for admin, the other for members, I am using the same code for both with alternative SQL queries. The admin login works, whilst the member login doesn't.
<?php
include("config.php") ;
if (isset($_POST['user']) && isset($_POST['password'])){
$user = $_POST['user'];
$pass = $_POST['password'];
$query = "select * from members where user='$user' and pass='$pass'" ;
$result = mysql_query($query) ;
$count = mysql_num_rows($result) ;
if ($count == 1) {
$timestamp_expire = time() + 365*24*3600; // Le cookie expirera dans un an
setcookie('user', ($_POST['user']), $timestamp_expire); // On crit un cookie
setcookie('pass', md5($_POST['password']), $timestamp_expire); // On crit un cookie
echo '<meta http-equiv="refresh" content="0;url=user_p.php" />';
}
else echo 'le pass ke vs aves etres est faux';
}
else{
?>
<table border=0 ><caption>member login</caption>
<form action="" method="post">
<tr><td><b>pseado</b><td><input type="text" name="user" ></tr>
<tr><td><b>mot de passe</b><td><input type="password" name="password" ></tr>
<tr><td><input type="submit" value="Entrer" ></tr>
</table>
<?php } ?>
The errors returned are header errors, I've read the sticky too.
I am not focused on security as of this moment.