jon4433 Posted June 2, 2012 Share Posted June 2, 2012 My login script doesn't seem to be working. I think I might of changed something about 2 weeks ago, but can't remember what, nor can I what... Could anybody help me out, pelase? It would be much appreciated. <?php $username = $_POST['username']; $password = $_POST['password']; if (empty($username) && (empty($password))){ echo "<font color=\"blue\">All fields are required!</font>"; }else{ if($username && $password) { require("connect_to_mysql.php"); $query = mysql_query("SELECT * FROM login WHERE username='$username' AND password='" . md5($password) . "'"); $numrows = mysql_num_rows($query); if($numrows == 1) { header("location: index.php"); $_SESSION['username']; } } } ?> It doesn't check whether the username exists, yet. Quote Link to comment Share on other sites More sharing options...
PravinS Posted June 2, 2012 Share Posted June 2, 2012 You are checking USERNAME and PASSWORD both in SELECT query. I think you should check only USERNAME in database. Quote Link to comment Share on other sites More sharing options...
jon4433 Posted June 2, 2012 Author Share Posted June 2, 2012 It checks the users username and passwords that they entered when they registered. It checks their username and password that they have entered, which are stored in a variable, $username = $_POST['username']; and $password = $_POST['password']; (the mysql_real_escape_string() gives me errors for some reason). The script did work before, but for some reason it isn't working now... Quote Link to comment Share on other sites More sharing options...
jon4433 Posted June 2, 2012 Author Share Posted June 2, 2012 Okay, I figured it out. I changed '$_SESSION['username'];' to '$_SESSION['username'] = $username;' after they've successfully logged in. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.