...

View Full Version : Login script help!!



westes
08-15-2008, 12:58 AM
I am having problems with this script. When I login correctly it says invalid username or password when it shoud say i have successfully logged in as $user
here is the script


<?php
session_start();
include "./global.php";

echo "<title>Login</title>";
if($_SESSION['uid']) {
echo "You are already logged in if you wish to log out, please <a href=\"./logout.php\">click here</a>!\n";
} else {

if(!$_POST['submit']) {
echo "<table border=\"0\" cellspacing=\"3\" cellpadding\=\"3\">\n";
echo "<form method=\"post\" action=\"./login.php\">\n";
echo "<tr><td>Username</td><td><input type=\"text\" name=\"username\"></td></tr>\n";
echo "<tr><td>Password</td><td><input type=\"password\" name=\"password\"></td></tr>\n";
echo "<tr><td colspan=\"2\" align=\"center\"<input type=\"submit\" name=\"submit\" value =\"Login\"></td></tr>\n";
echo "</form></table>\n";
} else {
$user = mss($_POST['username']);
$pass = $_POST['password'];

if($user && $pass) {
$sql = "SELECT id FROM `users` WHERE `username`='".$user."'";
$res = mysql_query($sql) or die(mysql_error());
if(mysql_num_rows($res) > 0) {
$sql2 = "SELECT id FROM `users` WHERE `username`='".$user."' AND `password`='".md5($pass)."'";
$res2 = mysql_query($sql2) or die(mysql_error());
if(mysql_num_rows($res2) > 0) {
$row = mysql_fetch_assoc($res2);
$_SESSION['uid'] = $row['id'];

echo "You have succsessfully logged in as " . $user; //THIS DOES NOT WORK
} else {
echo "Username and/or password are not valid!"; //THIS IS TAKING ITS PLACE!
}
} else {
echo "The username you supplied does not exist!";
}
} else {
echo "Complete the form!";
}
}

}

?>

ninnypants
08-15-2008, 03:30 AM
What is "mss"
$user = mss($_POST['username']);
I searched the PHP manual and as far as I know it doesn't exist

westes
08-15-2008, 03:56 AM
mss comes in line three
where it includes the file, global.php

here is global.php

<?php

$con = mysql_connect('localhost', 'root', 'root') or die (mysql_error());
$db = mysql_select_db("users", $con);


function mss($value) {
return mysql_real_escape_string(trim(strip_tags($value))); //mss function
}
?>



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum