Hi i am using the following code to log members in, i use a similar code to register users and that works fine. When i try and login it just uses the 'else session'.
and yes i do have the database connection details in the actual script.
PHP:
<?PHP
$uname = "";
$pword = "";
$errorMessage = "";
$ip = $_SERVER['REMOTE_ADDR'];
function quote_smart($value, $handle) {
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
if (!is_numeric($value)) {
$value = "'" . mysql_real_escape_string($value, $handle) . "'";
}
return $value;
}
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
$uname = $_POST['username'];
$pword = $_POST['password'];
$uname = htmlspecialchars($uname);
$pword = htmlspecialchars($pword);
$table_pass = md5($pword);
$connect = mysql_connect("", "", "");
if (!$connect)
{
die(mysql_error());
}
$db_found = mysql_select_db("", $connect);
if ($db_found) {
$uname = quote_smart($uname, $connect);
$pword = quote_smart($pword, $connect);
$SQL = "SELECT FROM users WHERE username = $uname AND password = $table_pass";
$result = mysql_query($SQL);
if (mysql_num_rows($result) == 1) {
session_start();
$_SESSION['logged'] = "logged in";
header ("Location: default.php");
$ip_update = mysql_query("UPDATE users SET last_ip = $ip");
}
else {
session_start();
$_SESSION[''] = "";
header ("Location: login.php");
}
mysql_close($con);
}
else {
echo "Login Error";
}
}
?>
<html>
<head>
<title>Login</title>
</head>
<body>
<FORM NAME ="form1" METHOD ="POST" ACTION ="login.php">
Username: <INPUT TYPE = 'TEXT' Name ='username' value="<?PHP print $uname;?>" maxlength="18">
Password: <INPUT TYPE = 'PASSWORD' Name ='password' value="<?PHP print $pword;?>" maxlength="16">
<P align = center>
<INPUT TYPE = "Submit" Name = "Submit1" VALUE = "Login">
</P>
</FORM>
<P>
<?PHP print $errorMessage;?>
</body>
</html>
and yes i do have the database connection details in the actual script.