My login script

[DaveGordon]

It has been a long while since I have programmed anything and I have recently decided to take it back up again. I have a login script that previously worked fine but as I said it has been a long time and there have been updates to PHP. It seems that these updates have caused my script not too work. Could someone please help me out with what needs updating and for what reasons.

 

The first section is just a snippet from the home page

 

<form method=post action=login.php>

<tr><td width="67" with=10>User:</td><td width="145"><input type=text name=user></td>

<td width="486" align=right with=100%>Current Game Time: <? $date = date("h:i:s A T"); print "$date"?> </td>

</tr>

<tr><td with=10>Password:</td><td><input type=password name=pass></td>

 

THis second bit being the login page

 

<?php

if (!$user || !$pass) {

include("head.php");

print "Please fill out all fields.";

include("foot.php");

exit;

}

include("head.php");

$pass = md5("$pass");

$logres = mysql_num_rows(mysql_query("select * from players where user='$user' and pass='$pass'"));

if ($logres <= 0) {

print "Login failed. If you have not already, please signup. Otherwise, check your spelling and login again.";

include("foot.php");

exit;

} else {

session_register("user");

session_register("pass");

print " <br>Welcome back. Please click <a href=updates.php>here</a> to continue..";

}

include("foot.php");

?>

 

 

 

NO matter what I do it just says please fill out all fields. Like I said I know this previously ran fine.

[Jessica]

Your script depends on register_globals, which is a security risk. You need to use the $_POST superglobal.