[SOLVED] Not needing the right password

[Anxious]

I have a login form yesideez helped me do the activation. but, now.. as I set it so that you have ot enter a password.. you can enter anything, and it'll log you in.

 

Here is the code for the password.

 

<?php
      /* Verify that user is in database */
      $q = "SELECT password FROM ".TBL_USERS." WHERE username = '$username'";
      $result = mysql_query($q, $this->connection);
      if(!$result || (mysql_numrows($result) < 1)){
         return 1; //Indicates username failure
      }

      /* Retrieve password from result, strip slashes */
      $dbarray = mysql_fetch_array($result);
      $dbarray['password'] = stripslashes($dbarray['password']);
      $password = stripslashes($password);

      /* Validate that password is correct */
      if(!$password == $dbarray['password']){
         return 2; /* indicates password failure */
      } 
?>

 

However, it use to be .. at the end..

<?php 
if($password == $dbarray['password']){
   return 0; /* successfully logged in */
}
else { 
return 2; /* Indicate password failure */
}
?> 

 

I removed the "return 0" and put it after when return 3 comes in. (account activation)

So now, it don't check if the password is correct..

[jackpf]

That's some...interesting code.

Try

      if($password != $dbarray['password']){
         return 2; /* indicates password failure */
      } 

Instead of

      if(!$password == $dbarray['password']){
         return 2; /* indicates password failure */
      } 

[Anxious]

Yeah, that works. thanks

[jackpf]

Jolly good.