Code: Select all
<html>
<head>
<title>Login</title>
</head>
<body>
<form method="POST" action="login3.php">
Username: <input type="text" name="username" size="20">
Password: <input type="password" name="password">
<input type="submit" value="Submit" name="login">
</form>
</body>
</html>Code: Select all
<?PHP
//convert the field values to simple variables
//add slashes to the username and md5() the password
$user = addslashes($_POST['username']);
$pass = $_POST['password'];
//check that the user is calling the page from the login form and not accessing it directly
//and redirect back to the login form if necessary
if (!isset($user) || !isset($pass)) {
echo "0";
#header( "Location: http://localhost/login.htm" );
}
//check that the form fields are not empty, and redirect back to the login page if they are
elseif (empty($user) || empty($pass)) {
echo "!";
#header( "Location: http://localhost/login.htm" );
}
else{
echo "$user<br>";
echo "$pass<br>";
$pass = md5($_POST['password']);
echo "$pass<br>";
include ("animalhunt.php");
$sql = "select * from users where loginName='$user' AND password='$pass'";
$result= mysql_query($sql) or die(mysql_error()) ;;
//check that at least one row was returned
$rowCheck = mysql_num_rows($result);
if($rowCheck > 0){
while($row = mysql_fetch_array($result)){
//start the session and register a variable
session_start();
session_register('user');
//successful login code will go here...
echo 'Success!';
//we will redirect the user to another page where we will make sure they're logged in
header( "Location: checkLogin.php" );
}
}
else {
//if nothing is returned by the query, unsuccessful login code goes here...
echo 'Incorrect login name or password. Please try again.';
echo $rowCheck;
}
}
?>AAAAAAAAAAAAAAAAAAAAAHHHHHHHH!!!!!!!
Am i missing something stupid???
This is annoying me, just a little!
This will be used to access a database editing part of the website, with only certain folk allowed to change certain things.... Please help!