session problem
Posted: Thu Nov 02, 2006 1:37 pm
When I try and use my session login script, I keep getting an error around the password part. Here is the login script:
Apparently the $_POST[password] and $info[password] aren't matching up. If I take out the line above that with the md5 in it, I can go to the login screen but none of my session variables are stored. So there has to be a problem in that area. Can anyone help?
Code: Select all
<?php
if ((!$_POST['email']) || (!$_POST['password'])) {
header("Location: login.php");
exit;
}
// authenticate.
if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$sql = "SELECT * FROM `signup` WHERE `email` = '$_POST[email]'";
$result = mysql_query($sql,$db) or die(mysql_error());
$number= mysql_num_rows($result);
$info = mysql_fetch_array($result);
if ($number == 0) {
die('That email does not exist in our database.');
}
// check passwords match
$_POST['password'] = stripslashes($_POST['password']);
$info['password'] = stripslashes($info['password']);
$_POST['password'] = md5($_POST['password']);
if ($_POST['password'] != $info['password']) {
die('Incorrect password, please try again.');
}
// if we get here username and password are correct,
//register session variables and set last login time.
$date = date('m d, Y');
$sql2 = "UPDATE `signup` SET `last_login` = \"$date\", WHERE `email` = '$_POST[email]'";
$result2 = mysql_query($sql2,$db) or die(mysql_error());
$_POST['email'] = stripslashes($_POST['email']);
$_SESSION['email'] = $_POST['email'];
$_SESSION['password'] = $_POST['password'];
?>