Hi all,
I'm pretty new to php, but I was making a login script for my website, the script worked beautifully but it was enclosed in an IF statement to stop the username/password wrong message appearing the first time the page was loaded. This login worked fine again but i disabled the IF statement for testing - only it still logs in!
I've pasted my code below but it has me stumped as to why this code block runs at all?
Please help!
Code:
<?php
if ($_POST["Username1"] != $_POST["Username1"]){
// To protect MySQL injection
$myusername = $_POST["Username1"];
$mypassword = $_POST["Password1"];
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT PID FROM login WHERE username='$myusername' and password='$mypassword'";
$pid=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($pid);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['UID']=$myusername;
$_SESSION['PID']=$pid;
echo '<script language="Javascript">';
echo 'window.location="main.php"';
echo '</script>';
}
else {
echo "Wrong Username or Password";
}
}
?>
the working code before was identical, but the top line read
Code:
if ($_POST["Username1"] != null){
Finally, i tried to make a redirect that moved the user back to the login page if they had not logged in.
Code:
<?php if ($_SESSION['UID'] == "") {
echo '<script language="Javascript">';
echo 'window.location="login.php"';
echo '</script>';
}
?>
only it redirects back regardless? (i've also tried == null.. and "dog" to check the if - and it still runs! (there is no "dog" user)
I figure it must be my syntax, but i'm really stumped - the actual authentication if works - any help anyone can give would be immensely appreciated.
Before you post, read our: 
Can't even get an IF statement to work - please help!
