I can't for the life of me get a login script to work. i have created the proper database table and fields, and got this code out of a book. when you hit the log in button, it brings up a blank white screen, no errors or anything. the username, password, database placeholders are filled in properly when the script runs.
a link to the login form: http://www.lawnacenj.com/newlogin/login_form.php
the login form:
Code: Select all
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login Form</title>
</head>
<body>
<h1>Login Form</h1>
<FORM METHOD="POST" ACTION="login_script.php">
<p><strong>Username:</strong><br />
<INPUT TYPE="text" NAME="username" /></p>
<p><strong>Password:</strong><br />
<INPUT TYPE="password" NAME="password" /></p>
<p><INPUT TYPE="SUBMIT" NAME="submit" VALUE="Login" /></p>
</FORM>
</body>
</html>
Code: Select all
<?php
// check for required fields from the form
if ((!$_POST[username]) || (!$_POST[password])) {
header("Location: login_form.php");
exit;
}
// connect to server and select database
$conn = mysql_connect("host", "user", "pass")
or die(mysql_error());
mysql_select_db("dbname",$conn) or die(mysql_error));
// create and issue the query
$sql = "select f_name, l_name from auth_users where username =
'$_POST[username]' AND password = password('$POST[password]')";
$result = mysql_query($sql,$conn) or die(mysql_error());
// get the number of rows in the result set; should be 1 if match
if (mysql_num_rows($result) == 1) {
// if authorized, get the values of f_name l_name
$f_name = mysql_result($result, 0, 'f_name');
$l_name = mysql_result($result, 0, 'l_name');
//set authorization cookie
setcookie("auth", "1", 0, "/", "lawnacenj.com", 0);
//prepare message for printing, and user menu
$msg = "<P>$f_name $l_name is authorized!</p>";
$msg .= "<p>Authorized Users' Menu:";
$msg .= "<ul><li><a href=\"listing15.8.php\">secret page</a></ul>";
}else {
//redirect back to login form if not authorized
header("Location: login_form.php");
exit;
}
?>
<html>
<head>
<title>User Login</title>
</head>
<body>
<?php
print "$msg";
?>
</body>
</html>