unidox Posted March 24, 2008 Share Posted March 24, 2008 I have this login script: include("../incs/conf.inc.php"); if ($_SESSION['admin'] == 1) { header("Location: index.php"); // The user is already logged in. } if ($_GET['s'] == 1) { if ($_POST['username'] == "") { header("Location: login.php?e=1"); } elseif ($_POST['password'] == "") { header("Location: login.php?e=2"); } else { // Vars $password = md5($_POST['password']); // Encrypts the password. $username = escape_data($_POST['username']); $admin = $level['admin']; //MySQL Query $q = mysql_query("SELECT * FROM `pcp_users` WHERE password = '$password' && username = '$username' && level <= '$admin'"); $r = mysql_fetch_array($q); if (($username == "username") || ($password == md5("password"))) { header("Location: login.php?e=3"); } elseif (mysql_num_rows($q) != "") { // Makes sure the username and password match up. if ($r['conf'] != 1) { header("Location: index.php?p=login&e=6"); } else { header("Location: index.php"); // Redirects to the user's home page. $_SESSION['admin'] = 1; // The user us logged in. $_SESSION['name'] = $username; // Sets the users username. $_SESSION['lvl'] = $admin; // Sets the users level. So admins can set page level access. } } else { header("Location: login.php?e=4"); } } } But everytime a user logs in with the right username/password is still goes to login.php?e=4. Whats wrong Link to comment https://forums.phpfreaks.com/topic/97630-login/ Share on other sites More sharing options...
rhodesa Posted March 24, 2008 Share Posted March 24, 2008 My guess is your query is failing because of the && Replace this: $q = mysql_query("SELECT * FROM `pcp_users` WHERE password = '$password' && username = '$username' && level <= '$admin'"); with $q = mysql_query("SELECT * FROM `pcp_users` WHERE password = '$password' AND username = '$username' AND level <= '$admin'"); Link to comment https://forums.phpfreaks.com/topic/97630-login/#findComment-499541 Share on other sites More sharing options...
slushpuppie Posted March 24, 2008 Share Posted March 24, 2008 elseif (mysql_num_rows($q) != "") could this be it? mysql_num_rows will never equal "" will it? it's always going to return 0 or 1 or some other number(hopefully 1 or 0, otherwise you'll have duplicate users). try: elseif (mysql_num_rows($q) == 1) note: i didn't try running this script, but that stuck out as a was reading it. Link to comment https://forums.phpfreaks.com/topic/97630-login/#findComment-499544 Share on other sites More sharing options...
rhodesa Posted March 24, 2008 Share Posted March 24, 2008 Technically, I think != "" will work, but I agree you should use ==1 better yet, use === 1: elseif (mysql_num_rows($q) === 1) Link to comment https://forums.phpfreaks.com/topic/97630-login/#findComment-499552 Share on other sites More sharing options...
unidox Posted March 24, 2008 Author Share Posted March 24, 2008 I tried all of them, none worked Link to comment https://forums.phpfreaks.com/topic/97630-login/#findComment-499554 Share on other sites More sharing options...
unidox Posted March 24, 2008 Author Share Posted March 24, 2008 Thats weird, I had the login in a popup after the user was already logged in, I changed some var names, and now it works. I guess it had some conflicts. Link to comment https://forums.phpfreaks.com/topic/97630-login/#findComment-499556 Share on other sites More sharing options...
slushpuppie Posted March 24, 2008 Share Posted March 24, 2008 have you tried simply outputting your results to the screen? to see what kind of results you're getting from your query? Link to comment https://forums.phpfreaks.com/topic/97630-login/#findComment-499559 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.