I am designing a login system, and am having troubles letting people login. I will post the code below, any questions feel free to ask, hopefully you can see where i am going wrong.
Andy
Code: Select all
<?php
//reset output variables
$pageoutput = "";
$timeout = 1800;
if(isset($_POST['username']) AND isset($_POST['password'])) {
$user = $_POST['username'];
$pass = crypt($_POST['password'], 'ln');
$row = mysql_fetch_assoc(mysql_query("SELECT * FROM bb_users WHERE UserName = '$user'"));
if($pass == $row['UserPass']) {
//woo logged in
$userid = $row['UserID'];
mysql_query("DELETE FROM bb_sessions WHERE UserID = '$userid'");
while($countr['thenumber'] = 0){
//make me a session
$sid = rand();
$count = mysql_query("SELECT COUNT(*) as thenumber FROM bb_sessions WHERE SessionID = '$sid'");
$countr = mysql_fetch_array($count);
mysql_query("INSERT INTO bb_sessions SET UserID = '$userid', SessionID = '$sid'");
//set session cookie
setcookie("SID", $sid, time()+$timeout);
$me = "http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];
header("Refresh: 0; URL = $me");
$errormessage = "Logged in S=".$s."sid=".$sid;
}
} else {
$errormessage = "Error: Password or Username invalid";
}
}
$pageoutput.=<<<POUT
Members, login by filling in the form below:<br>
If you are not a member, click <a href="index.php?pid=3">here</a> to sign up.<br><br>
{$errormessage}
<form method="post" action="">
<table width="100%" border="0">
<tr>
<td width="100">User Name:</td>
<td><input name="username" size="20" value="{$_POST['username']}" type="text" maxlength="20"></td>
</tr>
<tr>
<td>Password:</td>
<td><input name="password" size="20" value="" type="password" maxlength="20"></td>
</tr>
<tr>
<td colspan="2"><input type="submit" name="login" value="Login"></td>
</tr>
</table>
</form>
POUT;
?>