It's not working!

[Zoud]

??? Ok, here's my script:
[code]<?php session_start(); session_register("session"); ?>

<?php require("includes/connect/members.php"); ?>

<?php
$username = $_POST['username'];
$password = md5($_POST['password']);
if($rec=mysql_fetch_array(mysql_query("SELECT * FROM profile WHERE userid='$username' AND password = '$password'")))  {
  if(($rec['username']==$username)&&($rec['password']==$password))  {
    $_SESSION['id']=session_id();
    $_SESSION['username']=$username;
    echo "<meta http-equiv='refresh' content='0;url(http://www.eliteguards.us/index.php)'>";
    echo "<script>self.location='index.php';</script>";
  }
}
else  {
session_unset();
    echo "<meta http-equiv='refresh' content='0;url(http://www.eliteguards.us/login_false.php'>";
    echo "<script>self.location='login_false.php';</script>";
}
?>[/code]

I have no idea were I went wrong... or even if I'm close to being right at all.
When I enter my username and password it takes me to the login_false.php. And no... I'm not entering the wrong information.

[AbydosGater]

What is it ment to do? Ok thats obvious... a login script..

But what errors are you getting?

[Zoud]

When I enter my username and password it takes me to the login_false.php.

It's not saying there's any errors but it just wont read the information correctly or something.... I don't know.

[Tandem]

This is your problem line:

[code]if($rec=mysql_fetch_array(mysql_query("SELECT * FROM profile WHERE userid='$username' AND password = '$password'")))  {[/code]

firstly you should validate your information or you will be open to sql injection attacks.

Secondly try this instead and see if it works:

[code]<?php session_start(); session_register("session"); ?>

<?php require("includes/connect/members.php"); ?>

<?php
$username = $_POST['username'];
$password = md5($_POST['password']);
$rec_check = mysql_query("SELECT * FROM profile WHERE userid='$username' AND password = '$password'");
$rec_num = mysql_num_rows($rec_check);
if($rec_num > 0)  {
$rec = mysql_fetch_array($rec_check);
  if(($rec['username']==$username)&&($rec['password']==$password))  {
    $_SESSION['id']=session_id();
    $_SESSION['username']=$username;
    echo "<meta http-equiv='refresh' content='0;url(http://www.eliteguards.us/index.php)'>";
    echo "<script>self.location='index.php';</script>";
  }
}
else  {
session_unset();
    echo "<meta http-equiv='refresh' content='0;url(http://www.eliteguards.us/login_false.php'>";
    echo "<script>self.location='login_false.php';</script>";
}
?>[/code]

[Tandem]

Double post sorry.

[Zoud]

:'( It didn't work.

[Tandem]

Errors?

[dgiberson]

I whole heartedly agree with Tandem on the whole SQL injection attack.
Secondly, I would suggest changing the lines such as :
echo "<script>self.location='index.php';</script>";
to
header("Location: index.php");

[sasa]

you check (userid = $username  in query). Is it OK?

[dgiberson]

Change: $rec_num = mysql_num_rows($rec_check);

To: $rec_num = mysql_numrows($rec_check);

[Zoud]

Ok, here's the code I'm using now:
[code]<?php session_start(); session_register("session"); ?>

<?php require("includes/connect/members.php"); ?>

<?php
$username = $_POST['username'];
$password = md5($_POST['password']);
$rec_check = mysql_query("SELECT * FROM profile WHERE userid='$username' AND password = '$password'");
$rec_num = mysql_numrows($rec_check);
if($rec_num > 0)  {
$rec = mysql_fetch_array($rec_check);
  if(($rec['username']==$username)&&($rec['password']==$password))  {
    $_SESSION['id']=session_id();
    $_SESSION['username']=$username;
    echo "<meta http-equiv='refresh' content='0;url(http://www.eliteguards.us/index.php)'>";
    header("Location: index.php");
  }
}
else  {
session_unset();
    echo "<meta http-equiv='refresh' content='0;url(http://www.eliteguards.us/login_false.php'>";
    header("Location: login_false.php");
}
?>[/code]
It's still taking me to the login_false.php. There's still no errors showing, it's just saying that the information put in is wrong... which it's not.

[dgiberson]

Couple of questions:
1. Is the password stored in the database a md5 hash?
2. I dont doubt you are using the proper username / password, just asking if you are matching it up case sensitive?

[Barand]

[quote author=dgiberson link=topic=122693.msg506402#msg506402 date=1168981762]
Change: $rec_num = mysql_num_rows($rec_check);

To: $rec_num = mysql_numrows($rec_check);
[/quote]

[quote author=php manual]For downward compatibility, the following deprecated alias may be used: mysql_numrows()[/quote]

Why should he change valid code to a deprecated version?

[Tandem]

Another thing, if $rec_num is more than 0 you don't need the further check. Try this:

[code]<?php session_start(); session_register("session");
error_reporting(E_ALL);
?>

<?php require("includes/connect/members.php"); ?>

<?php
$username = $_POST['username'];
$password = md5($_POST['password']);
$rec_check = mysql_query("SELECT * FROM profile WHERE userid='$username' AND password = '$password'");
$rec_num = mysql_numrows($rec_check);
if($rec_num > 0)  {
    $_SESSION['id']=session_id();
    $_SESSION['username']=$username;
    echo "<meta http-equiv='refresh' content='0;url(http://www.eliteguards.us/index.php)'>";
    header("Location: index.php");
}
else  {
session_unset();
    echo "<meta http-equiv='refresh' content='0;url(http://www.eliteguards.us/login_false.php'>";
    header("Location: login_false.php");
}
?>[/code]

I also set error reporting to E_ALL so you should get some errors if something is wrong.

[sasa]

if you script redirect to login_false.php $rec_num is zero
I think that in your data table columns username and userid is not same
You compare column userid with $username. Is it OK?