I am trying to use the code below for a login system on my website.
login.php
<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<?php
if(!isset($user) | !isset($password)) {
?>
<form action="<?php echo $PHP_SELF?><?php if($QUERY_STRING){ echo"?". $QUERY_STRING;}?>" method="POST">
<p align="center">Members only. Please login to access this document.</p>
<table align="center" border="0">
<tr>
<th>
Username:
</th>
<th>
<input type="text" name="user">
</th>
</tr>
<tr>
<th>
Password:
</th>
<th>
<input type="password" name="password">
</th>
</tr>
<tr>
<th colspan="2" align="right">
<input type="submit" value="Login">
</form>
</th>
</tr>
</table>
</body>
</html>
<?php
exit();
}
session_register("user");
session_register("password");
include ("connection.php");
$sql = mysql_query("SELECT password FROM admin WHERE user = '$user'");
$fetch_em = mysql_fetch_array($sql);
$numrows = mysql_num_rows($sql);
if($numrows != "0" & $password == $fetch_em["password"]) {
$valid_user = 1;
}
else {
$valid_user = 0;
}
if (!($valid_user))
{
session_unset();
session_destroy();
?>
<form action="<?php echo $PHP_SELF?><?php if($QUERY_STRING){ echo"?". $QUERY_STRING;}?>" method="POST">
<p align="center">Incorrect login information, please try again. You must login to access this document.</p>
<table align="center" border="0">
<tr>
<th>
Username:
</th>
<th>
<input type="text" name="user">
</th>
</tr>
<tr>
<th>
Password:
</th>
<th>
<input type="password" name="password">
</th>
</tr>
<tr>
<th colspan="2" align="right">
<input type="submit" value="Login">
</form>
</th>
</tr>
</table>
</body>
</html>
<?php
exit();
}
?>
</body>
</html>
I then put include('login.php'); at the top of the page that only the admin can view. It all works fine until I enter in the user name and password. It keeps telling me that I have entered in incorrect login information and therefore will not let me proceed.
Can someone please help?
Thanks