[SOLVED] User login script

[echocpt]

Hi, i thort i had solved the problem and so "Solved" the last topic. Unfortunatly the file is playing up again.

 

Ok, i have a login script that compromises 2 pages. The first page has the form that users fill in their username and password in and click submit (admin.php) and the second page is php code to check the login details, (loging2.php). I currently have a problem with them. When the submit button is clicked the login2.php page will work its magic, but for some reason stops half way through and redirects me to the form to try again. As far as i can see there is no problem and no error gets displayed, can anyone help? I think its arround line 39 were its wronge but dont know.

 

The login2.php file:

<?php 
// login2.php

// Start a session. Session is explained below.
session_start();
include("connection.php");

// Same checking stuff all over again.
if(isset($_POST['submit'])) {
if(empty($_POST['username']) || empty($_POST['password'])) {
	header("Location: admin.php?login=true");
	exit;
}
// Create the variables again.
$username = $_POST['username'];
$password = $_POST['password'];
// Encrypt the password again with the md5 hash. 
// This way the password is now the same as the password inside the database.
$password = md5($password);

// Store the SQL query inside a variable. 
// ONLY the username you have filled in is retrieved from the database.
$query = "SELECT username,password 
		  FROM	 `user`
		  WHERE	 username='$username'";

$result = mysql_query($query);
if(!$result) { 
	// Gives an error if the username given does not exist.
	// or if something else is wrong.
	echo "The query failed " . mysql_error();
} else {
	// Now create an object from the data you've retrieved.
	$row = mysql_fetch_object($result);
	// You've now created an object containing the data.
	// You can call data by using -> after $row.
	// For example now the password is checked if they're equal.
	if($row->password != $password) {
		header("Location: admin.php?login=true");
		exit;
	}
	// By storing data inside the $_SESSION superglobal,
	// you stay logged in until you close your browser.
	$_SESSION['username'] = $username;
	$_SESSION['sid'] = session_id(); 
	// Make it more secure by storing the user's IP address.
	$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
	// Now give the success message.
	// $_SESSION['username'] should print out your username.
	header("Location: welcome.php");
}
}
?>

 

The "admin.php" file (the form bit):

<form id="form6" name="form6" method="post" action="login2.php">
					<table width="638" border="0" cellspacing="0" cellpadding="0">
						<tr>
							<td width="190">Username:</td>
							<td width="449"><label>
							<input name="username" type="text" class="area" id="username" value="" />
							</label></td>
						</tr>
						<tr>
							<td> </td>
							<td> </td>
						</tr>
						<tr>
							<td>Password:</td>
							<td><label>
							<input name="password" type="password" class="area" id="password" value="" />
                                
							</label></td>
						</tr>
						<tr>
							<td> </td>
							<td> </td>
						</tr>
						<tr>
							<td> </td>
							<td><label>
							  <input type="submit" name="submit" id="submit" value="Login" /></form>

.....not all the code, just what is needed for this problem.

 

I have also tried replacing the area were i think it goes wronge (line 39) with this code to try and get an error but nothing is diplayed for the error.

				if($row->password != $password) {
		echo "work!" . mysql_error();
		exit;
	}

 

Thanks for anyhelp

[jrws]

Nevermind. Disregard, I didn't read you comments. But a question why just the username? And Not the password as well?