Code: Select all
<?php
if (isset($_POST['submit']))
{
$message = null;
//check for email/username
if (empty($_POST['email']))
{
$em = false;
$message .= "You forgot to enter your email address!";
}
else
{
$em = $_POST['email'];
}
//check for password
if (empty($_POST['password']))
{
$pw = false;
$message .= "You forgot to enter your password!";
}
else
{
$pw = $_POST['password'];
}
//database
if ($em && $pw)
{
$query = "SELECT userID, firstname, lastname FROM userprofile WHERE username='$em' AND password='$pw'";
$result = @mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($result, MYSQL_NUM);
if ($row)
{
$_SESSION['lastname'] = $row[2];
$_SESSION['firstname'] = $row[1];
$_SESSION['userID'] = $row[0];
header ("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/index.php");
exit();
}
else
{
$message = 'The username and password entered do not match.<br>';
}
mysql_close();
}
else
{
$message .= "Try again.";
}
}
if (isset($message))
{
echo '<font color="red">' . $message . '</font>';
}
?>
<form action="<? $_SERVER['PHP_SELF']; ?>" method="post">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>Username:</td>
<td><input type="text" name="username" value="<? if (isset($_POST['email'])) echo $_POST['email']; ?>"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" value="<? if (isset($_POST['password'])) echo $_POST['password']; ?>"></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="Submit" value="Submit" class="buttonformat"></td>
</tr>
</table>
</form>this snippet is included in another page...and in that page, i called the session_start() function and database connection...any help will be greatly appreciated...
thanks..