unidox Posted March 24, 2008 Share Posted March 24, 2008 I have this login script: include("../incs/conf.inc.php"); if ($_SESSION['admin'] == 1) { header("Location: index.php"); // The user is already logged in. } if ($_GET['s'] == 1) { if ($_POST['username'] == "") { header("Location: login.php?e=1"); } elseif ($_POST['password'] == "") { header("Location: login.php?e=2"); } else { // Vars $password = md5($_POST['password']); // Encrypts the password. $username = escape_data($_POST['username']); $admin = $level['admin']; //MySQL Query $q = mysql_query("SELECT * FROM `pcp_users` WHERE password = '$password' && username = '$username' && level <= '$admin'"); $r = mysql_fetch_array($q); if (($username == "username") || ($password == md5("password"))) { header("Location: login.php?e=3"); } elseif (mysql_num_rows($q) != "") { // Makes sure the username and password match up. if ($r['conf'] != 1) { header("Location: index.php?p=login&e=6"); } else { header("Location: index.php"); // Redirects to the user's home page. $_SESSION['admin'] = 1; // The user us logged in. $_SESSION['name'] = $username; // Sets the users username. $_SESSION['lvl'] = $admin; // Sets the users level. So admins can set page level access. } } else { header("Location: login.php?e=4"); } } } But everytime a user logs in with the right username/password is still goes to login.php?e=4. Whats wrong Quote Link to comment Share on other sites More sharing options...
rhodesa Posted March 24, 2008 Share Posted March 24, 2008 My guess is your query is failing because of the && Replace this: $q = mysql_query("SELECT * FROM `pcp_users` WHERE password = '$password' && username = '$username' && level <= '$admin'"); with $q = mysql_query("SELECT * FROM `pcp_users` WHERE password = '$password' AND username = '$username' AND level <= '$admin'"); Quote Link to comment Share on other sites More sharing options...
slushpuppie Posted March 24, 2008 Share Posted March 24, 2008 elseif (mysql_num_rows($q) != "") could this be it? mysql_num_rows will never equal "" will it? it's always going to return 0 or 1 or some other number(hopefully 1 or 0, otherwise you'll have duplicate users). try: elseif (mysql_num_rows($q) == 1) note: i didn't try running this script, but that stuck out as a was reading it. Quote Link to comment Share on other sites More sharing options...
rhodesa Posted March 24, 2008 Share Posted March 24, 2008 Technically, I think != "" will work, but I agree you should use ==1 better yet, use === 1: elseif (mysql_num_rows($q) === 1) Quote Link to comment Share on other sites More sharing options...
unidox Posted March 24, 2008 Author Share Posted March 24, 2008 I tried all of them, none worked Quote Link to comment Share on other sites More sharing options...
unidox Posted March 24, 2008 Author Share Posted March 24, 2008 Thats weird, I had the login in a popup after the user was already logged in, I changed some var names, and now it works. I guess it had some conflicts. Quote Link to comment Share on other sites More sharing options...
slushpuppie Posted March 24, 2008 Share Posted March 24, 2008 have you tried simply outputting your results to the screen? to see what kind of results you're getting from your query? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.