Code: Select all
<?php
// Start session
session_start();
// Include database connection details
include "config.php";
include "functions.php";
// Validation error flag
$errflag = false;
// Strip the POST values of any potential SQL injections
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$cryptpass = crypt($password);
// Did we get a user and or pass?
if($username == '') {
errormsg(1);
$error = true;
}
if($password == '') {
errormsg(2);
$error = true;
}
// If the user/pass fails, back to index.php
if($error) {
session_write_close();
header("location: index.php");
exit();
}
// Query the DB
$qry = "SELECT * FROM users WHERE username='$username' AND password='$cryptpass'";
$result = mysql_query($qry);
// Check whether the query was successful or not
if ($result){
if (mysql_num_rows($result) == 1){
// Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['FNAME_NAME'] = $member['fname'];
session_write_close();
header("location: home.php");
exit();
}else {
// Login failed
echo "Username or Password was incorrect.<br>";
echo $username;
echo "<br>";
echo $cryptpass;
exit();
}
}else {
die("Query failed");
}
?>
EDIT: With the outputted variables, the password shows that it changes every time I try to login, so it will not match what is in the database.
To insert my username/pass into the DB what I had done was created a simple script:
Code: Select all
<?
include "config.php";
$username = "Devon";
$password = crypt('pass');
$fname = "Devon";
$lname = "L";
$email = "mine@gmail.com";
$query = "INSERT INTO users(`username`, `password`, `fname`, `lname`, `email`)
VALUES('$username', '$password', '$fname', '$lname', '$email')";
mysql_query($query);
?>