websitestarter Posted May 11, 2013 Posted May 11, 2013 (edited) though i <?php session_start(); require "database.php"; $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $enc_password = md5($password); if($username&&$password) { $query = mysql_query("SELECT * FROM users WHERE username='$username'"); $numrow = mysql_num_rows($query); if($numrow!=0) { while($row = mysql_fetch_assoc($query)) { $db_username = $row['username']; $db_password = $row['password']; } if($username==$db_username&&$enc_password==$db_password) { //echo "Logged in <a href='members.php'>Click here to enter the members area</a>"; $_SESSION['username']=$db_username; header("location: members.php"); } else { header("location: index.php?error=Incorrect Password"); } } else { header("location: index.php?error=That user doesn't exist"); } } else { header("location: index.php?error=All fields are required"); } ?> btw database.php is database connect if you have the file and database.php is <?php mysql_connect("host","usernmae","password") or die ("Couldnt connect to database"); mysql_select_db("") or die ("Couldnt find database"); ?> Edited May 11, 2013 by Dominion multiple posts Quote
websitestarter Posted May 11, 2013 Author Posted May 11, 2013 <?php mysql_connect("host","usernmae","password") or die ("Couldnt connect to database"); mysql_select_db("") or die ("Couldnt find database"); ?> Quote
Guest Posted May 11, 2013 Posted May 11, 2013 Use urlencode for strings on the header, and use isset() to check if the user actually is set otherwise it will just through errors. MD5 is pointless, look into PHPass, or some other form of encryption. Quote
lightning Posted May 11, 2013 Posted May 11, 2013 (edited) ...,,,,,,,,,,,,,,,,,,, Edited May 11, 2013 by lightning ,,, Quote
lightning Posted May 11, 2013 Posted May 11, 2013 (edited) ....................... Edited May 11, 2013 by lightning ............ Quote
Nemesiidae Posted May 27, 2013 Posted May 27, 2013 <?php mysql_connect("host","usernmae","password") or die ("Couldnt connect to database"); mysql_select_db("") or die ("Couldnt find database"); ?> Might want to change "usernmae" to "username". ;) Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.