Whats wrong with my code?? Please help

[AbydosGater]

Hi, Ive been trying to update my login script to work on my friends website, only better....

The code is as following..
[code]
<?php
if (!$_SESSION['username'] && !$_POST['login']){ // No session + No Form Login... Display the form...
echo <<<LOGINFORM
<form action="test.php" method="post" name="loginform">
Username:
<br>
<input type="text" name="username" value="" size="20" class="field1">
<br>
Password:
<br>
<input type="password" name="password" value="" size="20" class="field1">
<br><br>
<input type="submit" value="login" class="button1">
<br><br>
<a href="register.php">Click Here To Register</a>
</form>
LOGINFORM;
} elseif ($_POST['username']){ //if the form has been submitted... The ifs + elses between this and next comment arnt that important just checking if the login details are correct...

$username = $_POST['username'];
$password = $_POST['password'];
//---
$result = mysql_query("SELECT * FROM sf_users WHERE username='$username'") or die(mysql_error());
$user = mysql_fetch_array( $result );
if ($user['member_id'] == ""){
echo "<font color=\"#FF0000\"><b>Unknown username, please try again</b></font>";
} else if ($user['member_id'] !== ""){
$dbusername = $user['username'];
$dbpassword = $user['password'];
if ($username == $dbusername && $password == $dbpassword){
session_register("user");
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
//-- Rest Of Info On The User
$_SESSION['member_id'] =  $user['member_id'];
$_SESSION['email'] =  $user['email'];
$_SESSION['CL'] =  $user['CL'];
$_SESSION['banned'] =  $user['banned'];
//-- Session Variables End
echo "<font color=\"#FF0000\"><b>Thank you for login in,<br /> You will be redirected to the protected pages in 2 seconds <META HTTP-EQUIV=\"refresh\" CONTENT=\"2; URL=index.php\"></b></font>";
} else if ($username == $dbusername && $password !== $dbpassword){
echo "<font color=\"#FF0000\"><b>Your Password is incorrect</b></font>";

} else {
echo "<font color=\"#FF0000\"><b>Unknown System Error!<br> Please ensure your Cases are correct!</b></font>";
}
};


} elseif ($_SESSION['username']){ //If we have the session... echo the username has logged in :P
//Display member options...
$username = $_SESSION['username'];
echo "<font color='#FFFFFF'><b>$username.. You are logged in.</b></font>";
} else { //WOOPS somethings gone wrong if i see this...
echo "<font color='#FFFFFF'><b>Unknown System Error.</b></font>";
}

?>
[/code]

Its not working, when the form is submitted, it just displays the login for again?
Where did i go wrong, its late and i cant see it.. Anyone see where?

Thanks Abydos

PS: You can see it running at.. www.shadowfleet.info/newversion/test.php

[marcus]

Would you mind re-editing your post to show the php in the colour?

Make the tags lowercases (e.g. (<?php ?>))

[AbydosGater]

All done! Sorry was wondering why that was happening, never knew it had to be lowercase!

Thanks

[marcus]

[code]
<?php
if (!$_SESSION['username'] && !$_POST['login']){ // No session + No Form Login... Display the form...
echo "
<form action=test.php method=post name=loginform>
Username:
<br>
<input type=text name=username size=20 class=field1>
<br>
Password:
<br>
<input type=password name=password size=20 class=field1>
<br><br>
<input type=submit value=login class=button1>
<br><br>
<a href=register.php>Click Here To Register</a>
</form>
";
} else if ($_POST['username']){
//if the form has been submitted... The ifs + elses between this and next comment arnt that important just checking if the login details are correct...

$username = $_POST['username'];
$password = $_POST['password'];
//---
$result = mysql_query("SELECT * FROM sf_users WHERE username='$username'") or die(mysql_error());
$user = mysql_fetch_array( $result );
$num = mysql_num_rows($result);
if ($num > 0){
echo "<font color=\"#FF0000\"><b>Unknown username, please try again</b></font>";
} else {
$dbusername = $user['username'];
$dbpassword = $user['password'];
if ($username == $dbusername && $password == $dbpassword){
session_register("user");
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
//-- Rest Of Info On The User
$_SESSION['member_id'] =  $user['member_id'];
$_SESSION['email'] =  $user['email'];
$_SESSION['CL'] =  $user['CL'];
$_SESSION['banned'] =  $user['banned'];
//-- Session Variables End
echo "<font color=\"#FF0000\"><b>Thank you for login in,<br /> You will be redirected to the protected pages in 2 seconds <META HTTP-EQUIV=\"refresh\" CONTENT=\"2; URL=index.php\"></b></font>";
} else if ($username == $dbusername && $password != $dbpassword){
echo "<font color=\"#FF0000\"><b>Your Password is incorrect</b></font>";

} else {
echo "<font color=\"#FF0000\"><b>Unknown System Error!<br> Please ensure your Cases are correct!</b></font>";
}
};


} elseif ($_SESSION['username']){
//If we have the session... echo the username has logged in
//Display member options...
$uname = $_SESSION['username'];
echo "<font color='#FFFFFF'><b>$uname... You are already logged in.</b></font>";
} else {
//WOOPS somethings gone wrong if i see this...
echo "<font color='#FFFFFF'><b>Unknown System Error.</b></font>";
}

?>
[/code]

[AbydosGater]

Thanks,
Ermm.. What did you change? Just the echo for the form? or anything else?

Thanks Abydos

EDIT:: I tryed that, and no still the same thing.. Only displaying the form over and over after login

[marcus]

Look where it checks if the user actually exists.

[haaglin]

Add session_start(); at the top of your script.

[marcus]

How bout this, connect to your database.

[AbydosGater]

Ohh That would have been very smart of me to add it in, completly forgot, Thanks..

But now that ive put that in... And still when i submit the form.. Its displaying the form again :(


EDIT:: Im connected to my database.. Im requiring a file into the top of the page with the code of..

<?php
require_once("config.php");
session_start();
conn_db();
?>

The config file has my database info and the function..

[marcus]

It echo's test now.

[AbydosGater]

I know i added echo test to the header file just to make sure its running.. Gone now

[marcus]

Hmm... this is interesting. Have you thought of using cookies?

[AbydosGater]

yes i was thinking about it but ive never used them before, so i would be much happier using the sessions for the moment, i was going to add cookie options for a remember me, but not untill i had everything else working..

[haaglin]

Add name=login to your login button.

[AbydosGater]

YAYYAYYAYYAY HAAGLIN!! Your A Genious! :D

Thank You Both.. Expessially mgallforever you put alot of time into this topic.. Thank you.

But :P Whatever you did to my checking if the user exists :( now when i login, it keeps saying the user doesnt exist :P

[marcus]

Oh, you can just remove it then. I was just using my login script to yours.

[AbydosGater]

Okay!! Thanks! Woot, im happy now!

[haaglin]

A tip for you is to look into the md5 function to encrypt your passwords. this is one-way, so you can only compare the encrypted against each others like this:

if(md5($dbpassword) == $password) {
\\password ok.
This is of course if you saved the password with md5 to the database.

'Passwords encrypted with md5 cannot be decrypted!

[AbydosGater]

Ok great.. How exactly would i do this?
So in the registeration script (Not started:P), when inserting the user into the database use...
$userpasswd = md5($formenteredpassword);
INSERT into blah VALUES ($userpasswd...)

and then in the login script...

if(md5($dbpassword) == $password) {
\\password ok.

Is this correct?