Login bug
Posted: Wed Nov 15, 2006 12:33 pm
I've been trying to resolve this issue for some time but haven't been able to figure out why my code is doing what it is. I have a simple login page 'login.php' that contains a form with 2 fields 'username' and 'password', and the Login button. When the form is submitted, the authentication takes place in another page called 'logincheck.php' (this is the page that 'login.php' posts to)
I've written lines of code on my 'logincheck.php' page that will first check if valid data has been entered on the login page. If valid username and password are entered, the user is redirected to a page 'welcome.php' or else warnings are shown to the user, such as "Username does not exist", "Please Enter Password".
Everything works fine except if a valid username and an invalid password have been entered. My code issues a warning for the following cases: if nothing is entered in either field, if an invalid username is entered, if an invalid username and invalid password are entered, if valid username and no password is entered. But if i input a valid username and an invalid password, nothing happens - i see a blank page...
I can't seem to figure out what i'm doing wrong here...
I've written lines of code on my 'logincheck.php' page that will first check if valid data has been entered on the login page. If valid username and password are entered, the user is redirected to a page 'welcome.php' or else warnings are shown to the user, such as "Username does not exist", "Please Enter Password".
Everything works fine except if a valid username and an invalid password have been entered. My code issues a warning for the following cases: if nothing is entered in either field, if an invalid username is entered, if an invalid username and invalid password are entered, if valid username and no password is entered. But if i input a valid username and an invalid password, nothing happens - i see a blank page...
Code: Select all
$username=mysql_real_escape_string($_POST['username']);
$password=mysql_real_escape_string($_POST['password']);
$query = "SELECT username, password, first_name, last_name FROM users WHERE username='$username'";
$result = @mysql_query ($query);
$row = mysql_fetch_array ($result);
if(strlen($username) > 0){
if ($row) {
$username = stripslashes($username);
}
else
{$msg=$msg."Please Enter Valid Username<BR>";}
}
else{
$msg=$msg."Please Enter Username<BR>";
$status= "NOTOK";
}
if(strlen($password) > 0){
if ($password == $row[1]) {
$passworddec = stripslashes($password);
}
else
{$msg=$msg."Please Enter Valid Password<BR>";}
}
else{
$msg=$msg."Please Enter Password<BR>";
$status= "NOTOK";
}