What's wrong with my code?

[jemgames]

All the database connections work - i've tried them. I just get a blank page with this though.

 

<?php
include("database.php");
//
session_start();
$user = $_POST['username'];
$pass = $_POST['password'];
// checkin if the user exists
$sql_user_check = "SELECT * FROM phpbb2_users WHERE username='$user'";
$result_name_check = mysql_query($sql_user_check);
$usersfound = mysql_num_rows($result_name_check);
// if user not found, note that and end
if ($usersfound < 1) {
    $error = "User $user not found.";
// if user does exist, continue with processing
} else {
    // checking if passwords match
    $sql_pass_get = "SELECT user_password FROM phpbb2_users WHERE username='$user'";
    $user_pass = mysql_query($sql_pass_get);
    // if doesn't match, note that and end
    if (!$user_pass = md5($pass)) {
        $error = "Invalid password.  Try again.";
    // if do match, let in and pass on info to session variables
    } else {
        $sql="UPDATE phpbb2_users SET user_online = 1 WHERE username='$user'";
	$blah=mysql_query($sql);
	if (!$blah)
	{
	$error = "Unable to login";
	}
	else{
	//
	$_SESSION['userid'] = $user_info['user_id'];
        $_SESSION['username'] = $user_info['username'];
        $_SESSION['password'] = $user_info['user_password'];
        $_SESSION['email'] = $user_info['user_email'];
        $_SESSION['website'] = $user_info['user_website'];
	$_SESSION['spheres'] = $user_info['user_cashspheres'];
	$_SESSION['avatar'] = $user_info['user_avatar'];
	$_SESSION['timezone'] = $user_info['user_timezone'];
	$_SESSION['forumposts'] = $user_info['user_posts'];
	//WIP
	//$database=mysql_select_db("jamieft_denizencontent");
	//$sql="SELECT * FROM content WHERE username = '$user'";
	//$content_info = mysql_fetch_array(mysql_fetch_array(mysql_query($sql)));
	//WIP

    }}
}
if (!$_SESSION['username']) {
    if ($error) {
        echo $error;
        include("index.php");
    }
} else {
    include("index.php");
} 
?>

[per1os]

<?php
// change to empty as testing if it is false can be deceiving.
if (empty($_SESSION['username'])) {
    if ($error) {
        echo $error;
        include("index.php");
    }else {
        echo 'You have reached the place of no-return!';
    }
} else {
    include("index.php");
} 

 

Try that, it may not being going into the error if. Also it could be the index.php unsure.

[hitman6003]

Your code is very inefficient...there's no reason to do so many sql queries...

 

<?php
session_start();

include("database.php");

$user = $_POST['username'];
$pass = $_POST['password'];

$query = "UPDATE phpbb2_users SET user_online = 1 WHERE username = '$user' AND user_password = '" . md5($pass);
mysql_query($query) or die(mysql_error());

if (mysql_affected_rows() == 1) {

$_SESSION['userid'] = $user_info['user_id'];
$_SESSION['username'] = $user_info['username'];
$_SESSION['password'] = $user_info['user_password'];
$_SESSION['email'] = $user_info['user_email'];
$_SESSION['website'] = $user_info['user_website'];
$_SESSION['spheres'] = $user_info['user_cashspheres'];
$_SESSION['avatar'] = $user_info['user_avatar'];
$_SESSION['timezone'] = $user_info['user_timezone'];
$_SESSION['forumposts'] = $user_info['user_posts'];

} else {
echo "Unable to verify username and password";
}

include("index.php");

?>

[grlayouts]

although the code is messy it works, check index.php

[phast1]

I'm not sure if it has anything to do with your current problem, but I do see that this line has an error:

 

if (!$user_pass = md5($pass)) {

 

it should be:

 

if ($user_pass != md5($pass)) {

 

Although, I see that $user_pass is also not being set properly.. You need to change this line:

 

$user_pass = mysql_query($sql_pass_get);

 

to something like this:

 

$result = mysql_query($sql_pass_get);
if (!$result) {
   die('Invalid query: ' . mysql_error());
}

$row = mysql_fetch_assoc($result);
$user_pass = $row['user_password'];