I've created a members only area using php before and it has worked ok..now using the same code nothing is happening...

The data exists in the database although its not reading it..

The page just redirects to admin.php?error=incorrect which is the page for if the username and password don't exist in the database

The code for the page that processes the login is...

PHP Code:

<?

session_start(); 

if((!$username) || (!$password)){ 
header("Location: admin.php?error=empty"); 
exit(); 
} 

//connect mysql
include 'db_connect.php';

// Convert password to md5 hash 
$password = md5($password); 

// check if the user info validates the db 

$sql = mysql_query("SELECT * FROM review_users WHERE username='$username' AND password='$password'"); 
$login_check = mysql_num_rows($sql); 


if($login_check > 0){ 
    while($row = mysql_fetch_array($sql)){ 
    foreach( $row AS $key => $val ){ 
        $$key = stripslashes( $val ); 
    } 
        // Register some session variables!
        session_register('first_name'); 
        $_SESSION['username'] = $username; 
  
header("Location: control.php"); 
    } 

} else { 
header("Location: admin.php?error=incorrect"); 
} 

?>

Ive changed the code and echoed the '$login_check' value and it is ending up as zero..which is what is cauing it to goto the admin.php?error=incorrect page...

Any suggestions in what could be wrong with the code??

Also the code for the page that the login details are sent from is...

PHP Code:

<?php

$error = $_GET['error'];

echo "<div align='center'><table border='0' width='500' bgcolor='white' class='logintable'>";

if( $error == 'login' ) {
echo "<tr><td><p align='center'>Please Login</p></td></tr>";
}

if( $error == 'incorrect' ) {
echo "<tr><td><p align='center'>Incorrect username or password</p></td></tr>";
}

if( $error == 'empty' ) {
echo "<tr><td><p align='center'>Please enter a username and password</p></td></tr>";
}

echo"
    <tr>
        <td align='left' valign='top'><form name='form1' method='post' action='login.php'>
            <p align='center'>&nbsp;<input type='text' name='username'
              class='login_fields'> 
            <input type='password' name='password'
             class='login_fields'> &nbsp;<input type='submit' value='Login' class='login_fields'></form></td>
    </tr>
</table></div>";

?>

Thanks

-James :P

Sorry for posting a blank thread first... Pressed the Enter key by mistake

If I say, "Whats the question". Do I get to then go...

$postcount++;

Quote:

Originally Posted by cptnwinky

If I say, "Whats the question". Do I get to then go...

$postcount++;

Sorry pressed the enter key by mistake after typing the title

-James

Your not getting a mysql error so my best bet is that register globals is turned off on your server. For security reasons even if its turned on would be to change $username and $password to their $_POST[] equivalent. Also I would check out addslashes() and stripslashes() for extra security. As it sits right now I could easily inject your code.

Finaly solved this problem..a few weeks ago

Just a stupid mistake..

I had set the password field in MySQL as maximum 12 characters thinking thats how long I want the password to be... But of course it had to MD5 it..So the whole of the password wasnt fitting in

Thanks for the suggestions anyway

-James