ncurran217 Posted August 27, 2013 Share Posted August 27, 2013 Well I have this login script, and there are if statements if something doesn't match up and it will set $error with a sentence of what is wrong. Then at the bottom of the code has the login form, with an if statement that says if $error is set, then echo $error. But when actually put in wrong credentials, it goes to a blank page and doesn't echo $error. If I put in the correct credentials it goes to the next page properly. Here is my code, what am I doing wrong? Thanks for the help in advance! <?php include 'includes/db_connect.php'; $self = $_SERVER['PHP_SELF']; //-----------------------------------Anti-Injection Function----------------------------------------------- function anti_injection($sql) { $sql = preg_replace("/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/","",$sql); $sql = trim($sql); $sql = strip_tags($sql); $sql = addslashes($sql); return $sql; } //---------------------------------------------------------------------------------------------------------- if(isset($_POST['user']) && $_POST['pass']){ $user = anti_injection($_POST['user']); $pass = anti_injection($_POST['pass']); $crypt_pass = md5($pass); $query1 = "SELECT username FROM Logins WHERE Username = '".$user."'"; $params1 = array(); $options1 = array( "Scrollable" => SQLSRV_CURSOR_KEYSET ); $result1 = sqlsrv_query( $connection, $query1 , $params1, $options1 ); $count1 = sqlsrv_num_rows($result1); $query2 = "SELECT password FROM Logins WHERE Username = '".$user."'"; $result2 = sqlsrv_query( $connection, $query2); while ($row2=sqlsrv_fetch_array( $result2, SQLSRV_FETCH_ASSOC)) { $sysadmin_password = $row2['password']; } if($count1 == '0') { $error = 'This account is not found in the database.'; } elseif($sysadmin_password != $crypt_pass) { $error = 'Wrong password. Try again.'; } elseif($_GET['login'] != 'login' && $count1 == '0') { $error = 'Login Error, Please login again.'; } else { session_start(); $_SESSION['valid_sysadmin'] = $user; echo "<script type='text/javascript' language='javascript'> window.location.href = 'index.php';</script>"; exit; // Dont forget to and your session // session_destroy(); // End secure content } } else { // build form echo "<title>Mail Report</title>"; echo "<form name='auth' action='$self' method='post'>\n"; echo "<table align=center width=210 border=0 cellpadding=7 cellspacing=1>\n"; echo " <tr class=right_main_text><td colspan=2 height=35 align=center valign=top><h2>Mail Report Login</h2></td></tr>\n"; echo " <tr class=right_main_text><td align=left>Username:</td><td align=right><input type='text' name='user' maxlength='30'></td></tr>\n"; echo " <tr class=right_main_text><td align=left>Password:</td><td align=right><input type='password' name='pass' maxlength='16'></td></tr>\n"; echo " <tr class=right_main_text><td align=center colspan=2><input type='submit' value='Login'> </td></tr>\n"; if (isset($error)) { echo "<tr class=right_main_text><td align=center colspan=2><font color='red'>'".$error."'</font></td></tr>\n"; } echo "</table>\n"; echo "</form>\n"; } ?> Quote Link to comment Share on other sites More sharing options...
ncurran217 Posted August 27, 2013 Author Share Posted August 27, 2013 Well I figured it out. It had to do with how the first IF then ELSE statement were setup. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.