dennismonsewicz Posted September 24, 2008 Share Posted September 24, 2008 I have a login system that checks to see if the username and password are there and if they are the script is supposed to then login you in and off you go on your marry way Well here is my code: $login_error = '<h2 style="color: red">Login Failed, Try Again</h2> <form action="index.php?action=login" method="post"> <label>Username:</label> <input type="text" name="username" id="username" /> <label style="margin-top: 5px;">Password: </label> <input type="password" name="password" id="password" /> <label><input type="submit" value="Login" style="margin-top: 5px;" /></label> </form>'; if($_POST) { if($_POST['username'] || $_POST['password']) { $_SESSION['username'] = stripslashes($_POST['username']); $_SESSION['password'] = stripslashes($_POST['password']); } } switch($action) { case "login": $result = mysql_query("SELECT * FROM users WHERE username = '".mysql_real_escape_string($_SESSION['username'])."' AND password = '".mysql_real_escape_string($_SESSION['password'])."'") or die(mysql_error()); $num_rows = mysql_num_rows($result); if($num_rows == 0) { echo $login_error; } else { header("location:index.php?session_start=yes"); } break; case "logout": session_destroy(); ob_end_flush(); header("location:index.php"); break; } $login = '<h2>Login</h2> <form action="index.php?action=login" method="post"> <label>Username:</label> <input type="text" name="username" id="username" /> <label style="margin-top: 5px;">Password: </label> <input type="password" name="password" id="password" /> <label><input type="submit" value="Login" style="margin-top: 5px;" /></label> </form>'; if(!$_SESSION) { echo $login; } else { echo '<h2>Recent Projects</h2>'; echo '<ul>'; $query = mysql_query("SELECT * FROM added_projects ORDER BY id DESC LIMIT 0,10") or die(mysql_error()); while($results = mysql_fetch_object($query)) { echo '<li><a href="tools.php?action=view&id=' . $results->id . '">' . $results->project . '</a></li>'; } echo '</ul>'; } When you login, even if the login is correct, the script displays the $login_error var and also displays the unordered list in the while statement Any ideas? Quote Link to comment Share on other sites More sharing options...
dennismonsewicz Posted September 24, 2008 Author Share Posted September 24, 2008 the session_start() and ob_start() are located in the header file: $session = $_GET['session_start']; switch($session) { case "yes": session_start(); ob_start(); break; } Quote Link to comment Share on other sites More sharing options...
dennismonsewicz Posted September 24, 2008 Author Share Posted September 24, 2008 anyone have any ideas? Quote Link to comment Share on other sites More sharing options...
.josh Posted September 24, 2008 Share Posted September 24, 2008 - where is $action being set? - is the pw encrypted in the db? because i see no kind of encryption of the pw being checked. Quote Link to comment Share on other sites More sharing options...
dennismonsewicz Posted September 24, 2008 Author Share Posted September 24, 2008 $action is being set above the $login_error var $action = $_GET['action']; And no the pw is not encrypted. I will worry about that a little later I am just trying to get the dern thing working to full capacity Quote Link to comment Share on other sites More sharing options...
.josh Posted September 24, 2008 Share Posted September 24, 2008 did you try separating your query string from your mysql_query and echoing it out to see if it's holding what you expect? And running it directly in phpmyadmin or w/e? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.