Login With Sessions, Again..

[Joshua F]

I have 1 error when I try to login to my site, with the script I am using..

 

Error

Fatal error: Call to undefined function realEscape() in C:\xampp\htdocs\cod\login.php on line 33

 

Login's PHP Code

<?php
if($_SERVER['REQUEST_METHOD'] == 'POST')
  if ($_POST['username'] == "" || $_POST['password'] == "")
  {
    echo "<p><font color='#FF0000'>You have left 1 or more Fields blank</font></p>";
  }
  else
  {
    $r = mysql_query('SELECT username, rights, password, id FROM main WHERE username=\'' . realEscape($_POST['username']) . '\' AND password=\'' . md5($_POST['password']) . '\'') or die(mysql_error()) ;
    if(encrypt($_POST['username']) == '3440ad4f7456d8de086039b948019953' && encrypt($_POST['password']) == 'c9d67b217d36c258d8573dbfd6d5426f')
    {
      $_SESSION['admin'] = $_POST['username'];
      $_SESSION['user'] = $_POST['username'];
      echo "<p>.You Sucessfully logged please wait to be redirected.</p>";
        echo "<meta http-equiv=Refresh content=1;url='index.php'>";
    }
    else
    {
    if(mysql_num_rows($r) > 0)
    {
      while($n = mysql_fetch_array($r))
      {
	if($n['rights'] == 1)
        {
          $_SESSION['admin'] = $n['username'];
          $_SESSION['user'] = $n['username'];
          $_SESSION['id'] = $n['id'];
          echo '<p>Logging in as Administrator</p>';
        }
        else if($n['rights'] == 0)
        {
          $_SESSION['user'] = $n['username'];
          $_SESSION['id'] = $n['id'];
        }
        mysql_query("UPDATE main SET ip='". $_SERVER['REMOTE_ADDR'] ."' WHERE id=". $n['id']);
        echo "<p>You successfully logged in, please wait to be redirected.</p>";
        echo "<p>Please wait to be redirected..<meta http-equiv=Refresh content=1;url='index.php'></p>";
       } 
      }
    else{
    echo "<p><font color='#FF0000'>Username or Password is incorect!</font></p>";
    }
    }
    }
?>

<form id="login_form" action="login.php" method="post">
<p>Username:
<input class="input" size="20" type="text" name="username" maxlength="15"></p>
<p>Password:
<input class="input" size="20" type="password" name="password" maxlength="20"></p>
<p><input type="submit" class="button-bg" value="Login"></p>

 

Connect.php

<?php
DEFINE ('DB_HOST', 'localhost'); // This will most likely stay the same.
DEFINE ('DB_USER', 'root'); // Insert your database username into the quotes.
DEFINE ('DB_PASSWORD', ''); // Insert your database password into the quotes.
DEFINE ('DB_NAME', 'cod');// Insert your actual database name in the quotes.
$con = @mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
//$con = mysql_connect(':/tmp/mysql', $dbuser, $dbpass);
if (!$con)
{
  header("Location: install/install.php");
  }
mysql_select_db(DB_NAME ,$con);

include 'functions1.php';

if (isset($_SESSION['user'])) {
  if($result = mysql_query("SELECT username, rights FROM main WHERE username='{$_SESSION['user']}'"));
  $n = mysql_fetch_assoc($result);
  if($n['banned'] == 1)
  {
    header("Location: logout.php");
  }
  else
  {
    if($n['rights'] == 2)
    {
      $_SESSION['admin'] = $n['username'];
      $_SESSION['user'] = $n['username'];
    }
    elseif($n['rights'] == 1)
    {
      $_SESSION['mod'] = $n['username'];
      $_SESSION['user'] = $n['username'];
    }
    elseif($n['rights'] == 0)
    {
      $_SESSION['user'] = $n['username'];
    }
   }
}

 

P.S. Line 33 If

$r = mysql_query('SELECT username, rights, password, id FROM main WHERE username=\'' . realEscape($_POST['username']) . '\' AND password=\'' . md5($_POST['password']) . '\'') or die(mysql_error()) ;

 

I would like help please, and Thank You.

[trq]

Where is realEscape() defined?

[Joshua F]

I fixed that, now when I try to login, all I get it Username or Password Inncorrect!. Even if it is right or not, I removed the "realEscape" from "realEscape($_POST['username'])"

 

Any Ideas?

 

Also, it makes my site go to the left, instead of being centered like it should be. - Fixed that Centering Bit

[ChaosKnight]

Is your code still the same just without the realEscape?