php login script help

[silversinner]

Hey there im setting up a website for customers, and basicly i need to use a login script in php as a form of customer managment, im new to php, and since im self employed i dont have anyone to look to, i created a mysql database with the correct tables and feilds and i got the php script and edited ect so it would connect to my database but when i intergrate this script into my index.php this come up:

 

Click Here to Register'); } while($info = mysql_fetch_array( $check )) { $_POST['pass'] = stripslashes($_POST['pass']); $info['password'] = stripslashes($info['password']); $_POST['pass'] = md5($_POST['pass']); //gives error if the password is wrong if ($_POST['pass'] != $info['password']) { die('Incorrect password, please try again.'); } else { // if login is ok then we add a cookie $_POST['username'] = stripslashes($_POST['username']); $hour = time() + 3600; setcookie(ID_my_site, $_POST['username'], $hour); setcookie(Key_my_site, $_POST['pass'], $hour); //then redirect them to the members area header("Location: members.php"); } } } else { // if they are not logged in ?>

 

Ive rechecked the code and didnt find any errors, but there has to be like a variable or something isnt definded right i will supply the code for people to have a look at:

 

<?php

// Connects to your Database 
mysql_connect("crudewars.athost.net", "6124", "") or die(mysql_error()); 
mysql_select_db("6124") or die(mysql_error()); 


//Checks if there is a login cookie

if(isset($_COOKIE['ID_my_site']))


//if there is, it logs you in and directes you to the members page
{ 
$username = $_COOKIE['ID_my_site']; 
$pass = $_COOKIE['Key_my_site'];

$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());

while($info = mysql_fetch_array( $check )) 	
	{

	if ($pass != $info['password']) 
		{

		}

	else
		{
		header("Location: members.php");

		}

	}

}


//if the login form is submitted

if (isset($_POST['submit'])) { // if form has been submitted


// makes sure they filled it in

if(!$_POST['username'] | !$_POST['pass']) {
	die('You did not fill in a required field.');
}

// checks it against the database

if (!get_magic_quotes_gpc()) {
	$_POST['email'] = addslashes($_POST['email']);
}

$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

//Gives error if user dosen't exist

$check2 = mysql_num_rows($check);
if ($check2 == 0) {
	die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>');
			}


while($info = mysql_fetch_array( $check )) 	
{

$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);

//gives error if the password is wrong

if ($_POST['pass'] != $info['password']) {
	die('Incorrect password, please try again.');
}

else
{
// if login is ok then we add a cookie 

$_POST['username'] = stripslashes($_POST['username']);


$hour = time() + 3600; 
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);	

//then redirect them to the members area
header("Location: members.php");
}

}

} else {	

// if they are not logged in
?>

<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>Username:</td><td>
<input type="text" name="username" maxlength="40">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
<?php
}


?>

 

im not sure what to do at this stage, im stuck, its just im lacking in php knowledge.

 

If anyone can find the problem id be more that appreciated

 

Marcus McClorey

[tauchai83]

1st of all, REMOVE WHILE loop.