jemgames Posted May 17, 2007 Share Posted May 17, 2007 All the database connections work - i've tried them. I just get a blank page with this though. <?php include("database.php"); // session_start(); $user = $_POST['username']; $pass = $_POST['password']; // checkin if the user exists $sql_user_check = "SELECT * FROM phpbb2_users WHERE username='$user'"; $result_name_check = mysql_query($sql_user_check); $usersfound = mysql_num_rows($result_name_check); // if user not found, note that and end if ($usersfound < 1) { $error = "User $user not found."; // if user does exist, continue with processing } else { // checking if passwords match $sql_pass_get = "SELECT user_password FROM phpbb2_users WHERE username='$user'"; $user_pass = mysql_query($sql_pass_get); // if doesn't match, note that and end if (!$user_pass = md5($pass)) { $error = "Invalid password. Try again."; // if do match, let in and pass on info to session variables } else { $sql="UPDATE phpbb2_users SET user_online = 1 WHERE username='$user'"; $blah=mysql_query($sql); if (!$blah) { $error = "Unable to login"; } else{ // $_SESSION['userid'] = $user_info['user_id']; $_SESSION['username'] = $user_info['username']; $_SESSION['password'] = $user_info['user_password']; $_SESSION['email'] = $user_info['user_email']; $_SESSION['website'] = $user_info['user_website']; $_SESSION['spheres'] = $user_info['user_cashspheres']; $_SESSION['avatar'] = $user_info['user_avatar']; $_SESSION['timezone'] = $user_info['user_timezone']; $_SESSION['forumposts'] = $user_info['user_posts']; //WIP //$database=mysql_select_db("jamieft_denizencontent"); //$sql="SELECT * FROM content WHERE username = '$user'"; //$content_info = mysql_fetch_array(mysql_fetch_array(mysql_query($sql))); //WIP }} } if (!$_SESSION['username']) { if ($error) { echo $error; include("index.php"); } } else { include("index.php"); } ?> Quote Link to comment Share on other sites More sharing options...
per1os Posted May 17, 2007 Share Posted May 17, 2007 <?php // change to empty as testing if it is false can be deceiving. if (empty($_SESSION['username'])) { if ($error) { echo $error; include("index.php"); }else { echo 'You have reached the place of no-return!'; } } else { include("index.php"); } Try that, it may not being going into the error if. Also it could be the index.php unsure. Quote Link to comment Share on other sites More sharing options...
hitman6003 Posted May 17, 2007 Share Posted May 17, 2007 Your code is very inefficient...there's no reason to do so many sql queries... <?php session_start(); include("database.php"); $user = $_POST['username']; $pass = $_POST['password']; $query = "UPDATE phpbb2_users SET user_online = 1 WHERE username = '$user' AND user_password = '" . md5($pass); mysql_query($query) or die(mysql_error()); if (mysql_affected_rows() == 1) { $_SESSION['userid'] = $user_info['user_id']; $_SESSION['username'] = $user_info['username']; $_SESSION['password'] = $user_info['user_password']; $_SESSION['email'] = $user_info['user_email']; $_SESSION['website'] = $user_info['user_website']; $_SESSION['spheres'] = $user_info['user_cashspheres']; $_SESSION['avatar'] = $user_info['user_avatar']; $_SESSION['timezone'] = $user_info['user_timezone']; $_SESSION['forumposts'] = $user_info['user_posts']; } else { echo "Unable to verify username and password"; } include("index.php"); ?> Quote Link to comment Share on other sites More sharing options...
grlayouts Posted May 17, 2007 Share Posted May 17, 2007 although the code is messy it works, check index.php Quote Link to comment Share on other sites More sharing options...
phast1 Posted May 17, 2007 Share Posted May 17, 2007 I'm not sure if it has anything to do with your current problem, but I do see that this line has an error: if (!$user_pass = md5($pass)) { it should be: if ($user_pass != md5($pass)) { Although, I see that $user_pass is also not being set properly.. You need to change this line: $user_pass = mysql_query($sql_pass_get); to something like this: $result = mysql_query($sql_pass_get); if (!$result) { die('Invalid query: ' . mysql_error()); } $row = mysql_fetch_assoc($result); $user_pass = $row['user_password']; Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.