Help with my Login script Please

[MattMan]

Hi,

 

I was wondering if anyone could help me with my login script. It connects to the database and logins in i think but keep on getting redirected back to the loginpage

 

 

Heres the code:

 

memberlogin.php

 

<?php
include ('/home/mattman/public_html/test/Connections/DBConn.php')
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Member Login</title>
</head>
<body>
<table width="600" border="0" align="center">
<tr>
<form name="form1" method="post" action="memberchecklogin.php">
  <tr>
    <td height="152" colspan="2"> </td>
  </tr>
        <tr>
<td height="22" colspan="2" align="center">
<?php
if(isset($_GET['empty']))
{
	echo("Please enter a valid Username and Password"); 
}
if(isset($_GET['invalid']))
{
	echo("Invalid Username or Password"); 
}
    ?>
  </td>
</tr>
<tr>
<td width="300" align="right">Username:</td>
<td width="300"><input name="memusername" type="text" id="memusername"></td>
</tr>
<tr>
<td width="300" align="right">Password:</td>
<td width="300"><input name="mempassword" type="password" id="mempassword"></td>
</tr>
  <tr>
    <td colspan="2" align="center"><input type="submit" name="memloginbutton" value="Login" id="memloginbutton" /></td>
  </tr>
    <tr>
<td colspan="2" align="center">If you have forgotten you password Please E-Mail<br /></td>
</tr>
</form>
</tr>
</table>
</body>
</html>

 

memberchecklogin.php

 

<?php
session_start();

include ('/home/mattman/public_html/test/Connections/DBConn.php');

$memusername = trim($_POST['memusername']);
$mempassword = trim($_POST['mempassword']);

if($memusername == "" or $mempassword == "")
{
header('Location: memberlogin.php?empty=true');
die();
}


$result = mysql_query("SELECT password FROM members WHERE username = '$memusername'") or die(mysql_error());

$row = mysql_fetch_array($result);

if($row['password'] == md5($mempassword))
{
$_SESSION['loggedin'] = true;
header("Location: index.php");
} else {
header('Location: memberlogin.php?invalid=true');
}
?>

 

memberlogout.php

 

<?php
session_start();
if (isset($_SESSION['id'])) {
   unset($_SESSION['memusername']);
}
header('Location: memberlogin.php');
exit;
?>

 

DBConn.php

 

<?php
$hostname = "---";
$database = "mattman_loginscript";
$username = "mattman_matt";
$password = "---";

mysql_connect($hostname, $username, $password) or die(mysql_error());
mysql_select_db($database) or die(mysql_error());

function page_protect() {
session_start();

if(isset($_COOKIE['id']) && isset($_COOKIE['memusername'])){
      $_SESSION['id'] = $_COOKIE['id'];
      $_SESSION['memusername'] = $_COOKIE['memusername'];
   }


if (!isset($_SESSION['id']))
{
header("Location: memberlogin.php");
}

}


function filter($data) {
$data = trim(htmlentities(strip_tags($data)));

if (get_magic_quotes_gpc())
	$data = stripslashes($data);

$data = mysql_real_escape_string($data);

return $data;
}

?>

 

I am very new to php so any help would be appreciated

 

 

Thanks

 

Matt

[gevensen]

1st thing i notice is SELECT password

you dont want to select the password it opens you up to hacking

you could SELECT id FROM table WHERE user = 'somename' AND password = 'somepassword' 

its off subject but important

[gevensen]

i would put die("debugging"); or some variation on each step you have a redirect, maybe die("debugging1"); die("debugging2"); at various places to see where your redirecting to the login and then take it from there to figure out what your doing wrong