I have a login page which passes the username and password of the log-in-er to the processing page which SHOULD check the password against the SQL database, and print text saying that it did so.
Long story short, it doesn't. In fact, it gives me a blank page.
Here's the code:
The login page:
Code: Select all
<form action="login.php" method="post" target="_self">
USERNAME:<INPUT type="text" name="user"><br>
PASSWORD:<INPUT type="password" name="pass"><br>
<input type="submit" value="Login">
</form>Code: Select all
<?php
$user = $_POST['user'];
$pass = $_POST['pass'];
$dbh = mysql_connect(localhost:mysql,web,secret);
mysql_select_db(worldisyours,$dbh);
$sql = "SELECT * FROM users WHERE username = $user";
mysql_escape_string($sql);
$result = mysql_query($sql,$dbh);
$array = mysql_fetch_array($result,MYSQL_ASSOC);
$passcomp = $array['password'];
if($passcomp==$pass){
$_SESSION['user'] = $user;
$_SESSION['pass'] = $pass;
$_SESSION['email'] = $array['email'];
print "Successful login. Welcome, $_SESSION['user']! Your last login: $array['last'].";
$date = date(D j M at i:g:A);
$sql = "UPDATE users SET last=$date WHERE username = $_SESSION['user']";
mysql_escape_string($sql);
$result = mysql_query($sql,$dbh);
}
else
{
print "<a href='index.php'>Incorrect password.</a>";
}
?>Schema: worldisyours
Table: users
Columns: id(INT(10))(PRIMARY KEY), username(VARCHAR(45)), password(VARCHAR(45)), email(VARCHAR(100)), last(VARCHAR(45))
Id being primary key, username and password being obvious, and last being the last login time.
I have one row in there which I test using.
I have already run numerous web searches on syntax and read up on everything I am using including PRINT, SQL Queries, the various sql functions I use, session variables, and it appears to me that I am implementing everything correctly. Obviously I'm not. Suggestions?