I've been trying to solve this since four days and so far nothing but headaches.
At this point I just need a fresh set of eyes, as I just can't see the error. I posted the files in question below.
login.php
Code: Select all
<?php
session_start();
ob_start();
include("include/dbinfo.inc.php");
mysql_connect($mysql_host,$username,$password);
@mysql_select_db($database) or die('Unable to connect to the database because: ' . mysql_error());
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$username=mysql_real_escape_string($username);
$password=mysql_real_escape_string($password);
$result = mysql_query("SELECT * FROM users WHERE username = '$username' LIMIT 1");
$qdata1 = mysql_fetch_object($result);
if ( (!empty ($_POST['username'])) && (!empty ($_POST['password'])) ) {
if ($qdata1->password == "$password") {
$userprofile = $qdata1;
include "include/newsession.php";
echo "<p> <center>Successfully,Logged in<br>
<br><a href='logout.php'> Log OUT </a><br>
<br><a href='main.php'>Click here if your browser is not redirecting automatically or you don't want to wait.</a><br></center>"
;
print "<script>";
print " self.location='main.php';"; // Comment this line if you don't want to redirect
print "</script>";
}}
else {
session_unset();
echo "<font face='Verdana' size='3' color=red>Wrong Login. Use your correct username and password and try again. <br><br><input type='button' value='Retry' onClick='history.go(-1)'>";
}
mysql_close();
?>
Code: Select all
<?php include("include/checklogin.php");?>
<p><strong>Client:</strong> <? echo "$company"; ?></p>
<p><strong>Contact:</strong> <? echo "$contact"; ?></p>
<p><strong>Project:</strong> <? echo "$project"; ?></p>
<p><strong>Start Date:</strong> <? echo "$proposal_date"; ?></p>
<p><strong>Estimated Costs: $</strong><? echo "$estimate"; ?></p>
<p><strong>Deposit:</strong> $<? echo "$deposit"; ?></p>
<p><strong>Notes: </strong><? echo "$notes"; ?></p>
checklogin.php
Code: Select all
<?php
session_start();
# Prevent the cacheing of pages and make it ewxpire instantly
Header('Cache-Control: no-cache');
Header('Pragma: no-cache');
header("Cache-control: private"); //IE6+ fix
# Protect page from being called directly from web browser
$back = "<div align=center>You must <a href='xxxx'>login</a> to access this page.</div>";
$acc_denied = "<br>
<br>
<br>
<br>
<div align=center><h3>Access Denied</h3></div>".$back;
if (!isset($_SESSION["id"])) { die($acc_denied); }
# Connect to Database
include("include/dbinfo.inc.php");
mysql_connect($mysql_host,$username,$password);
@mysql_select_db($database) or die('Unable to connect to the database because: ' . mysql_error());
$result = mysql_query("SELECT * FROM content WHERE id='$userprofile->id'");
$row = mysql_fetch_assoc($result);
$company = $row['company'];
$email = $row ['email'];
$contact = $row ['contact'];
$project = $row ['project'];
$proposal_date = $row ['proposal_date'];
$estimate = $row ['estimate'];
$deposit = $row ['deposit'];
$notes= $row ['notes'];
$projecturl= $row ['projecturl'];
//and if multiple rows returned:
while($row = mysql_fetch_assoc($result))
mysql_close($conn);
?>