Deanznet Posted April 16, 2007 Share Posted April 16, 2007 This is my php code for the login page. <? include("include/common.php"); if( $_POST['username'] && $_POST['password'] ){ $failed = 1; $username = $_POST['username']; $password = $_POST['password']; $query = "SELECT * FROM users WHERE username='$username' AND password='$password'"; # echo $query; $result = mysql_query($query) or die ("Error in query: $query. " . mysql_error()); if ( ($result) && (mysql_num_rows($result) > 0) ){ $row = mysql_fetch_object($result); $adlogin = $row->username; $myname = $row->username; $adpassword = $row->password; $myuid = $row->uid; # echo $adlogin." ----".$adpassword."<br>"; if ( ($username != $adlogin) || ($password != $adpassword) ){ $failed = 1; }else{ $failed = 0; $loggedin = 1; session_register("loggedin"); session_register("myuid"); session_register("myname"); } }else{ $failed = 1; } } if($loggedin){ ob_start(); header("Location: account.php"); } include("include/header.php"); ?> It wont login tho... Every time i hit submit it gose back to the login page... Any idea? Quote Link to comment Share on other sites More sharing options...
freakstyle Posted April 16, 2007 Share Posted April 16, 2007 hey Deanznet, when you uncomment this line # echo $adlogin." ----".$adpassword." is the correct pw's returned? side notes: for security, you should never check for a pw in your query. The users's username should be a unique key your table, so you can just query for the username in your statement: if ( ($username != $adlogin) || ($password != $adpassword) ) you already verified the username, so you don't need another check, this would be more efficient and cleaner style: if ($password != $adpassword) { $failed = true once you change those, try it out... if still not working, look at your session info, here's how it should work based on what you've posted: $failed = false; $loggedin = true @session() $_SESSION["loggedin"] = $loggedin; $_SESSION["myuid"] = $myuid; $_SESSION["myname"] = $myname; still not working? try it w/o the output buffer and add an exit(); after you call the header (again just cleaner style) Quote Link to comment Share on other sites More sharing options...
Deanznet Posted April 16, 2007 Author Share Posted April 16, 2007 Ya still not working and it shows the username and pw on the top... now <? include("include/common.php"); if( $_POST['username'] && $_POST['password'] ){ $failed = 1; $username = $_POST['username']; $password = $_POST['password']; $query = "SELECT * FROM users WHERE username='$username' AND password='$password'"; # echo $query; $result = mysql_query($query) or die ("Error in query: $query. " . mysql_error()); if ( ($result) && (mysql_num_rows($result) > 0) ){ $row = mysql_fetch_object($result); $adlogin = $row->username; $myname = $row->username; $adpassword = $row->password; $myuid = $row->uid; echo $adlogin." ----".$adpassword." "; if ( ($username != $adlogin) || ($password != $adpassword) ){ $failed = 1; }else{ $failed = 0; $loggedin = 1; session_register("loggedin"); session_register("myuid"); session_register("myname"); } }else{ $failed = 1; } } if($loggedin){ ob_start(); header("Location: account.php"); } include("include/header.php"); ?> Thats what i got so far... i really dont understand the other stuff you said LOl Quote Link to comment Share on other sites More sharing options...
Deanznet Posted April 16, 2007 Author Share Posted April 16, 2007 anyone can help edit this code. i really dont know what im doing Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.