I developed a login script, and the login script does what its supposed to (checks the - username & password)
The problem is, Im getting an error, which is: "Username Does Not Exist" - Im pretty sure the script is working and I can't find anything wrong with it - I was curious if anyone had any suggestions:
The login script is pretty big, so Ill post it, but before I post it Ill post where I think the problem is: - Any suggestions?
Code: Select all
$SQL = "SELECT * FROM `users` WHERE uid = '".$username."' LIMIT 1";
$QUERY = mysql_query($SQL) or die(mysql_error());
if(mysql_num_rows == 0) {
$error[] = "Your username doesnt exist";Code: Select all
?php
##session_start();
$con = mysql_connect("****","****","****") or die('Could not connect: ' . mysql_error());
mysql_select_db("logins", $con);
if(!$_POST['submit']){
echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\">\n";
echo "<form method=\"post\" action=\"login.php\">\n";
echo "<tr><td>Username</td><td><input type=\"text\" name=\"username\"></td></tr>\n";
echo "<tr><td>Password</td><td><input type=\"password\" name=\"password\"></td></tr>\n";
echo "<tr><td colspan=\"2\" align=\"right\"><input type=\"submit\" value=\"Login\" name=\"submit\"></td></tr>\n";
echo "</form></table>\n";
}else {
if(empty($_POST['username'])) {
$error[] = "Your username was empty!";
}
else if(empty($_POST['password'])) {
$error[] = "Your password was empty!";
}
else {
$username = trim(htmlspecialchars(strip_tags($_POST['username'])));
$password = trim(htmlspecialchars(strip_tags($_POST['password'])));
$SQL = "SELECT * FROM `users` WHERE uid = '".$username."' LIMIT 1";
$QUERY = mysql_query($SQL) or die(mysql_error());
if(mysql_num_rows == 0) {
$error[] = "Your username doesnt exist";
}
else {
$ROW = mysql_fetch_array($QUERY);
echo "<pre>"; print_r($ROW); echo "</pre>";
if($password != $ROW['password']) {
$error[] = "Your password was incorrect";
}
else {
if((bool)$ROW['activated'] == FALSE) {
$error[] = "Your account is not activated!";
}
}
}
}
## $user = mysql_real_escape_string(trim($_POST['username']));
## $pass = mysql_real_escape_string(trim($_POST['password']));
## $errors = array();
##
## if(!$user){
## $error[] = "You did not supply a username!";
## }else {
## if(!$pass){
## $error[] = "You did not supply a password!";
## }else {
## $sql = "SELECT count(*) FROM `users` WHERE `uid`='".$uid."'";
## $res = mysql_query($sql) or die(mysql_error());
## echo "<pre>"; print_r(mysql_fetch_Array($res)); echo "</pre><br><br> DIE"; die();
##
## if(mysql_num_rows($res) == 0){
## $errors[] = "Username does not exist!";
## }else {
## $sql2 = "SELECT uid, activated, accesslevel, pass FROM `users` WHERE `uid`='".$user."' AND `pass`='".md5($pass)."' LIMIT 1";
## $res2 = mysql_query($sql2); echo mysql_error();
## if(mysql_num_rows($res2) == 0){
## $errors[] = "Incorrect username and password combination!";
## }else {
## $row = mysql_fetch_array($res2);
## echo mysql_error();
## $array = array();
## #$array[] = "message";
##
## echo " The script will die after this.<br><br>";
## echo "<pre>"; print_r($row); echo "</pre><br><br> DIE"; die();
##
## if((bool)$row['activated'] == FALSE){
## $errors[] = "Your account is not activated! VALUE = ".$row['activated']." ::";
## }
## }
## }
## }
## }
if(count($error) > 0){
foreach($error AS $error){
echo $error . "<br>\n";
}
}else {
$_SESSION['uid'] = $ROW['uid'];
echo "<html><head><script language = 'JavaScript' type = 'text/javascript'>\n";
switch($ROW['accesslevel']){
case 1:
#header("Location: /new/index.php");
echo "window.location = '/pilots/index.php';\n";
break;
case 2:
#header("Location: /admin/index.php");
echo "window.location = '/directors/index.php';\n";
break;
case 3:
#header("Location: /manager/index.php");
echo "window.location = '/manager/index.php';\n";
break;
case 4:
#header("Location: /manager/index.php");
echo "window.location = '/vps/index.php';\n";
break;
case 5:
#header("Location: /manager/index.php");
echo "window.location = '/exec/index.php';\n";
break;
default:
#header("Location: /members/index.php");
echo "window.location = 'index.php';\n";
}
echo "</script></head><body></html>";
}
}
?>