PHP - Can't Login

Hi everyone i wonder if you can help me he

I need a script for a login and check login- create cookie.

Here is my form:

<form method="post" action="check_login.php">
<p>
<input type="submit" name="Submit2" value="go" />
</fieldset>
</p>
</form>

that sends it to check_login (which BEFORE i deleted something by accident, used to take me to a username and password box)

But now all it does is send me straight to the memebrs area???


Can i change the check_login.php script to make it work correctly:

Code: [Select]
<?php 
// Connects to your Database 
mysql_connect("server", "user", "password") or die(mysql_error()); 
mysql_select_db("DB") or die(mysql_error()); 

//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site']))

//if there is, it logs you in and directes you to the members page
{ 
$username = $_COOKIE['ID_my_site']; 
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check )) 
{
if ($pass != $info['upassword']) 
{
}
else
 {
header("Location: members_area.php");

  }
  }
 }

 //if the login form is submitted 
 if (isset($_POST['submit'])) { // if form has been submitted

 // makes sure they filled it in
  if(!$_POST['username'] | !$_POST['upassword']) {
  die('You did not fill in a required field.');
  }
  // checks it against the database

  if (!get_magic_quotes_gpc()) {
  $_POST['email'] = addslashes($_POST['email']);
  }
  $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

 //Gives error if user dosen't exist
 $check2 = mysql_num_rows($check);
 if ($check2 == 0) {
  die('That user does not exist in our database. <a href=register.php>Click Here to Register</a>');
  }
 while($info = mysql_fetch_array( $check )) 
 {
 $_POST['upassword'] = stripslashes($_POST['upassword']);
  $info['upassword'] = stripslashes($info['upassword']);
  $_POST['upassword'] = md5($_POST['upassword']);

 //gives error if the password is wrong
  if ($_POST['upassword'] != $info['upassword']) {
  die('Incorrect password, please try again.');
  }
  else 
 { 
 
 // if login is ok then we add a cookie 
   $_POST['username'] = stripslashes($_POST['username']); 
   $hour = time() + 3600; 
 setcookie(ID_my_site, $_POST['username'], $hour); 
 setcookie(Key_my_site, $_POST['upassword'], $hour);  
 
 //then redirect them to the members area 
 header("Location: members_area.php"); 
 } 
 } 
 } 
 else 
{  
 
 // if they are not logged in 
?>
 <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
 <table width="316" height="120" border="0">
 <tr><td colspan=2><h1>Login</h1></td></tr>
 <tr><td>Username:</td><td>
 <input type="text" name="username" maxlength="40">
 </td></tr>
 <tr><td>Password:</td><td>
 <input type="password" name="upassword" maxlength="50">
 </td></tr>
 <tr><td colspan="2" align="right">
 <input type="submit" name="submit" value="Login">
 </td></tr>
 </table>
 </form>
<?php 
 } 
 
?>

Hello, I am once again desperately asking for your help,

I am working on a simple login page and I am having trouble actually getting it  to login. I display error messages for if the user doesn't enter anything but I can't seem to get it to work for if the credentials are wrong. It logs the user in whether the information is right or not and i dont even know what to do now

 

This is the code any suggestions would be greatly appreciated

<?php
    /*
    Name: Deanna Slotegraaf 
    Course Code: WEBD3201
    Date: 2020-09-22
    */

    $file = "sign-in.php";
    $date = "2020-09-22";
    $title = "WEBD3201 Login Page";
    $description = "This page was created for WEBD3201 as a login page for a real estate website";
    $banner = "Login Page";
    require 'header.php';

    $error = "";

    if($_SERVER["REQUEST_METHOD"] == "GET")
    {
        $username = "";
        $password = "";
        $lastaccess = "";        
        $error = "";
        $result = "";
        $validUser = "";
    }
    else if($_SERVER["REQUEST_METHOD"] == "POST")
    {        
    	$conn;
        $username = trim($_POST['username']); //Remove trailing white space
        $password = trim($_POST['password']); //Remove trailing white space

    if (!isset($username) || $username == "") {
      $error .= "<br/>Username is required";
    }
    if (!isset($password) || $password == ""){
      $error .= "<br/>Password is required";
    }
    if ($error == "") {
      $password = md5($password);
      $query = "SELECT * FROM users WHERE EmailAddress='$username' AND Password='$password'";
      $results = pg_query($conn, $query);
      //$_SESSION['username'] = $username;
        //$_SESSION['success'] = "You are now logged in";
        header('location: dashboard.php');
      }else {
        $error .= "Username and/or Password is incorrect";
      }

}

?>

<div class = "form-signin">
    <?php
             echo "<h2 style='color:red; font-size:20px'>".$error."</h2>";
    ?>
<form action = "<?php echo $_SERVER['PHP_SELF'];  ?>" method="post">

      <label for="uname"><b>Login ID</b></label>
      <input type="text" name="username" value="<?php echo $username; ?>"/>
      <br/>
      <label for="psw"><b>Password</b></label>
      <input type="password" name="password" value="<?php echo $password; ?>"/>
      <br/>
        <button type="submit" name="login_user">Login</button>
        <button type="reset">Reset</button></div>
</form>
</div>

<?php require "footer.php"; ?>

 

Hello I was wondering if anyone can spot what I am doing wrong here been trying to get it to work for a good few hours now with no luck! Basically....

A customer logs in = isadmin = 0.

It then makes three session vairables:

logged in vairable
username vairable
user id vairable

This all works fine it's only when I try to add the second bit which is after the 3 vairables are created another select statement is done to check if there are any orders by this user in the order table. For example where the session "userid" = the customer id in the order table. If there is an order by this user another session vairable will be created carrying the order id if there are no orders the session vairable will not be set.

All I seem to get is "warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result..."

I hope this makes sense! Don't hesitate to ask if not! Thanks for taking your time having a look.

Code: [Select]
$sqlu = mysql_query("SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword' AND isadmin='0'");
$sqla = mysql_query("SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword' AND isadmin='1'");


if(mysql_num_rows($sqlu)==1)
{
$resultu = mysql_fetch_assoc($sqlu);                   
$_SESSION["loggedin"] = 1;
$_SESSION["gatekeeper"] = $myusername;
$_SESSION['userid'] = $resultu['ID'];


$ordersql = "SELECT id FROM order WHERE customer_id = '".$_SESSION['userid']."' AND status < 2";   


$orderresult = mysql_query($ordersql);

     
$orderrow = mysql_fetch_assoc($orderresult);

session_register("ordernum");
$_SESSION['ordernum'] = $orderrow['id'];

   
header("location:menu.php");     
}

elseif(mysql_num_rows($sqla) == 1)
    {
$resulta = mysql_fetch_assoc($sqla);                   
$_SESSION['admin'] = $myusername;   
header("location:admincentre.php");     
}

else
header("location:tryagain.php");
?>

Hello

Say i register my username as Dragon123 And password As Fatbuss123

How do I make sure the username is spelled perfect and password is perfect before you can enter the new area
because the way it is now you can login with the username dragon123 and password fatbuss123
Or Dragon123 fatbuss123
Or dragon123 Fatbuss123

And both is right all is right but it needs to be wrong unless the username is
Dragon123
And the password is
Fatbuss123

If it has a cap it must be used.
How do I do that?
<?php
ob_start();
include "connect.php";



// Define $myusername and $mypassword 
$username=$_POST['username']; 
$password=$_POST['password']; 

// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

$sql="SELECT * FROM accounts WHERE username='$username' and password='$password'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1)
{
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("username");
session_register("password"); 
echo "&msgText=Entrance Granted!\n";
}
else
{
echo "&msgText=Invalid Login!\n";
}
return false;
ob_end_flush();
?>

I have a user database so members can log in to my site, what I want to do is when they first login, I want a message to pop up for them to confirm they have read something, but once they confirm it has been read I don't want it to pop up anymore after that, how would I do that?

Thanks

hello every1   I am creating a login script using pdo.. The problem i;m facing is that inspite of giving the right login details, it shows "wrong username / password."   The pdo code is shown below

function login_members($uname,$pwd,$type)
    {
        $q = $this->connect()->prepare("SELECT * FROM members WHERE username='?' AND password='?' AND type='?' LIMIT 1");
              $q->bindParam(1, $username,PDO::PARAM_STR);
              $q->bindParam(2, $pwd,PDO::PARAM_STR);
              $q->bindParam(3, $type,PDO::PARAM_STR);
              
              if($q->execute())
              {
                  $row = $q->fetch(PDO::FETCH_ASSOC);
                  if(($row['username']===$uname) && ($row['password']===$pwd))
                  {
                      return TRUE;
                  }
                  else
                  {
                      return FALSE;
                  }                     
              }
              else
              {
                  return FALSE;
              }
    }

in the main page

if($pdo->login_members($uname,$pwd,$type))
   {
        echo "<div class='correct_message' style='display:block'>You have been successfully logged in...</div>";
   }
else
   {
      echo "<div class='error_message' style='display:block'>wrong username / password</div>";
   }

Any help will be greatly appreciated....    

I am trying to change my web site to user only to public view. I still need users to be able to log in so they can edit things. I did a quick fix to allow everyone to view things by removing the ! from the sessions. How ever with that when i try to log in it just loops to login.php. There are links on the page that only admins will be able to see.

Here is my session with the removed !.

Code: [Select]
<?php  session_start(); 
   
if($_SESSION['login']){
$_SESSION['rank'];
$_SESSION['loggedinusername'] = $loggedinusername;
$_SESSION['loggedinuseremail'] = $loggedinuseremail;
header("location:login.php");
}
$rank=$_SESSION['rank'];
$loggedinusername=$_SESSION['loggedinusername'];
$loggedinuseremail=$_SESSION['loggedinuseremail'];
?>

How would i got about allowing eveyone to see this page but the log in still work?

If you need anymore code let me know

Thank you

Hey Guys,

Im trying to work on my login script after successfully doing my register script.

The problem im having trouble is that when i login with false details, it still prompts me with 'You have logged in".

Also if the user is not activated it should say "Account has not been activated."

Could someone help me out. Thanks.

Code: [Select]
<?php include"database.php";?>

<html>
<head>
<title>Login</title>
</head>
<body>

<h1>Manager Login</h1>

<form action="login.php" method="post">
<TABLE BORDER="0">
  <TR>
    <TD>Email:</TD>
    <TD>
    <input type="text" name="email" size="20">
</TD>
  </TR>
  <TR>
  <TD>Password:</TD>
  <TD><INPUT TYPE="password" NAME="password" SIZE="20"></TD>
</TR>
</table>
<P>
<input type="submit" name="login" value="Login" />
</form>

<?php

session_start(); 

if (isset($_POST['login'])) {

if (empty($_POST['email']) || empty($_POST['password'])) {
                $errors[] = "Please fill out all fields.";
                }

    
$email = $_POST['email'];
    $password = $_POST['password'];
    $level = 'level';

$check = mysql_query("SELECT * FROM users WHERE email='".$email."' AND password='".$password."'");
    if (mysql_num_rows($check)>=1) {
$errors[] =  "Wrong Details. Try Again.";
         }

$check = mysql_query("SELECT * FROM users WHERE level='".$level."'");
if (mysql_num_rows($check)>=1) {
if ($level == '0') {
$errors[] =  "Account has not been activated.";
     }}

          if (empty($errors)) {

echo "You have logged in!";

} else {
                         
         foreach($errors as $nErrors){
         echo $nErrors . "<br>";
                         }
                     }
                 }

?>

hi guys me again. kinda stuck, im trying to turn my admin login script in to a user login with the admin side of things, so to keep things separate. for some reason the include function is not working after its checked, if the user is a admin or not. any ideas on why this would not work? have i done something completely wrong or just missing something.

ive left the code below, if it helps aswell the login.php is a included file aswell to index.php.

thanks in advance.

login.php


<?php

$userback = $_SESSION['user'];
$username = $_POST['username'];
$password = md5($_POST['password']);
$login = $_post['submit'];

mysql_connect("db2700.oneandone.co.uk","dbo363845380","notgonnalie12");
mysql_select_db("db363845380") or die(mysql_error());

session_start(); 
if($_SERVER['QUERY_STRING'] == "logout") {

unset($_SESSION['user']);

header("Location: " . $_SERVER['PHP_SELF']);

exit;
}
if(!isset($_SESSION['user'])){
    if(!$submit){

   echo"<div align='center'><b>Please login</b></div><br>";

   echo "
        <html>
        <body>
        <div align='center'>
        <form method='post' action='".$_SERVER['REQUEST_URI']."'>
        <label>username: 
        <input type='text' name='username' id='username'>
        <label>password: 
        <input type='password' name='password' id='password'>
        </label>
        <label>
        <input type='submit' name='submit' id='submit' value='submit'>
        </label>
        </form>
        </div>
        </body>
        </html>
        ";

}
    else {
        $rows = mysql_num_rows(mysql_query("SELECT * FROM users WHERE username='".mysql_real_escape_string($username)."' AND password='".mysql_real_escape_string($password)."'"));
        if($rows>0){
            while ($row = mysql_fetch_assoc($rows)){
                $_SESSION['user']="$username";
            
                $adminpass = $row['admin'];
            
                if($adminpass>=1){
                    include ("admin/index.php");
                }
                else {
                    echo "welcome $user1 you'll be directed in a few seconds.<br> if this doesn't happen please click here.";
                }
            }
        }
        else {
            if($rows<1){
                echo "Sorry no user information found. Please make sure details are correct.";
            }
        }
    }
}
?>

Hello,
I have found this forum very useful and i hope i will get some help from here.

I am nill in php so if someone help i am thankful, I actually want to know how to add facebook login in php files.. I have 2 pages of sms script one is index.php where is form like name, number, textbox and captcha then send button.. and second file is send.php where has api to send sms. I have seen some sites there is button login with facebook after login there sms form shows and in name field there person name already written and field locked and in number field there we have to write number and text box, captcha.. without login sms form not showing... So how to do this can someone help me? if some one really want to help i can also give him sample of site where i have seen this and i need exact like this pm me for sample...

Alrite I have a script that creates a new php script for each user, but thats a huge security risk because i have the Username and Password box saved into the php script and checked against the login.php page; I am a total newb with MySQL, but i have the database, but i have no idea what tables to create with fields and datatype etc :3

Also, I dont know how to check the username and password via SQL;
Any help would be greatly appreciated

<?php

/*** begin the session ***/
session_start();

if(!isset($_SESSION['user_id']))
{
    $message = 'You must be logged in to access this page';

}
else
{
    try
    {
        /*** connect to database ***/
        /*** mysql hostname ***/
        $mysql_hostname = 'localhost';

        /*** mysql username ***/
        $mysql_username = 'root';

        /*** mysql password ***/
        $mysql_password = 'root';

        /*** database name ***/
        $mysql_dbname = 'login';


        /*** select the users name from the database ***/
        $dbh = new PDO("mysql:host=$mysql_hostname;dbname=$mysql_dbname", $mysql_username, $mysql_password);
        /*** $message = a message saying we have connected ***/

        /*** set the error mode to excptions ***/
        $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

        /*** prepare the insert ***/
        $stmt = $dbh->prepare("SELECT phpro_username FROM phpro_users 
        WHERE phpro_user_id = :phpro_user_id");

        /*** bind the parameters ***/
        $stmt->bindParam(':phpro_user_id', $_SESSION['user_id'], PDO::PARAM_INT);

        /*** execute the prepared statement ***/
        $stmt->execute();

        /*** check for a result ***/
        $phpro_username = $stmt->fetchColumn();

        /*** if we have no something is wrong ***/
        if($phpro_username == false)
        {
            $message = 'Access Error';
        }
        else
        {
            $message = 'Welcome '.$phpro_username;
        }
    }
    catch (Exception $e)
    {
        /*** Error!! ***/
        $message = 'We are unable to process your request. Please try again later"';
    }
}


?>

<html>
<head>
<title>My Account</title>
<link rel="stylesheet" type="text/css" href="css/main.css" />
</head>
<body>
<h3><?php echo $message; ?></h3>


</body>
</html>

members.php

<html> <head> <title>Log in</title> </head> <body> <h2>Login Here</h2> <form action="login_submit.php" method="post"> <fieldset> <p> <label for="phpro_username">Username</label> <input type="text" id="phpro_username" name="phpro_username" value="" maxlength="20" /> </p> <p> <label for="phpro_password">Password</label> <input type="text" id="phpro_password" name="phpro_password" value="" maxlength="20" /> </p> <p> <input type="submit" value="Login" /> </p> </fieldset> </form> </body> </html>

login.php

<?php

/*** begin our session ***/
session_start();

/*** check if the users is already logged in ***/
if(isset( $_SESSION['user_id'] ))
{
    $message = 'Users is already logged in';
}
/*** check that both the username, password have been submitted ***/
if(!isset( $_POST['phpro_username'], $_POST['phpro_password']))
{
    $message = 'Please enter a valid username and password';
}
/*** check the username is the correct length ***/
elseif (strlen( $_POST['phpro_username']) > 20 || strlen($_POST['phpro_username']) < 4)
{
    $message = 'Incorrect Length for Username';
}
/*** check the password is the correct length ***/
elseif (strlen( $_POST['phpro_password']) > 20 || strlen($_POST['phpro_password']) < 4)
{
    $message = 'Incorrect Length for Password';
}
/*** check the username has only alpha numeric characters ***/
elseif (ctype_alnum($_POST['phpro_username']) != true)
{
    /*** if there is no match ***/
    $message = "Username must be alpha numeric";
}
/*** check the password has only alpha numeric characters ***/
elseif (ctype_alnum($_POST['phpro_password']) != true)
{
        /*** if there is no match ***/
        $message = "Password must be alpha numeric";
}
else
{
    /*** if we are here the data is valid and we can insert it into database ***/
    $phpro_username = filter_var($_POST['phpro_username'], FILTER_SANITIZE_STRING);
    $phpro_password = filter_var($_POST['phpro_password'], FILTER_SANITIZE_STRING);

    /*** now we can encrypt the password ***/
    $phpro_password = sha1( $phpro_password );
    
    /*** connect to database ***/
    /*** mysql hostname ***/
    $mysql_hostname = 'localhost';

    /*** mysql username ***/
    $mysql_username = 'root';

    /*** mysql password ***/
    $mysql_password = 'root';

    /*** database name ***/
    $mysql_dbname = 'login';

    try
    {
        $dbh = new PDO("mysql:host=$mysql_hostname;dbname=$mysql_dbname", $mysql_username, $mysql_password);
        /*** $message = a message saying we have connected ***/

        /*** set the error mode to excptions ***/
        $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

        /*** prepare the select statement ***/
        $stmt = $dbh->prepare("SELECT phpro_user_id, phpro_username, phpro_password FROM phpro_users 
                    WHERE phpro_username = :phpro_username AND phpro_password = :phpro_password");

        /*** bind the parameters ***/
        $stmt->bindParam(':phpro_username', $phpro_username, PDO::PARAM_STR);
        $stmt->bindParam(':phpro_password', $phpro_password, PDO::PARAM_STR, 40);

        /*** execute the prepared statement ***/
        $stmt->execute();

        /*** check for a result ***/
        $user_id = $stmt->fetchColumn();

        /*** if we have no result then fail boat ***/
        if($user_id == false)
        {
                $message = 'Login Failed';
        }
        /*** if we do have a result, all is well ***/
        else
        {
                /*** set the session user_id variable ***/
                $_SESSION['user_id'] = $user_id;

                /*** tell the user we are logged in ***/
                $message = 'You are now logged in';
		
        }


    }
    catch(Exception $e)
    {
        /*** if we are here, something has gone wrong with the database ***/
        $message = 'We are unable to process your request. Please try again later"';
    }
}
?>

<html>
<head>
</head>
<body>
<p><?php echo $message; ?>

</body>
</html>

login_sumbit.php       I am unable to see the    $message = 'Welcome '.$phpro_username;   that the successful login should be generating

how to submit registration to database....for it to follow through?
also how to get the login to really go thorugh?

please help






<html>

<?php session_start(); require_once 'database.php'; if (isset($_SESSION['user'])){ echo "Welcome ".$_SESSION['user']; ?>   <?php } elseif(isset($_SESSION['admin'])){ echo"Welcome ".$_SESSION['admin']; echo"<br><br>You are logged in as an Admin"; ?>  <?php }else{ ?>      <?php } ?>

<link rel="shortcut icon" type="image/x-icon" href="/favicon.ico">




<form id='login' action="login2.php" method='post' accept-charset='UTF-8'>
<body>
<body bgcolor="#E6E6FA">






<fieldset >






<div align="right"/>
<legend> Login </legend>




<input type='hidden' name='submitted' id='submitted' value='1'/>





<label for='username' >UserName*:</label>





<input type='text' name='username' id='username'  maxlength="50" />





<label for='password' >Password*:</label>





<input type='password' name='password' id='password' maxlength="50" />





<input type='submit' name='Submit' value='Submit' />




<div align="right"/>
</fieldset>

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head><H1><div align="center"/>WELCOME TO UNDERGROUND RECRUITS!</H1>
   <title>SIGN UP</title>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<style type="text/css">
body, label,a
{
   font-family : Arial, Helvetica, sans-serif;
   font-size : 12px;
}
.formcontainer
{
text-align:left;
width:330px;
border-top: 1px solid;
border-bottom: 1px solid;
padding:10px;
margin: auto;
}
.para
{
margin-bottom: 10px;
}
</style>
<link rel="STYLESHEET" type="text/css" href="pwdwidget.css" />
<script src="pwdwidget.js" type="text/javascript"></script>

</head>

<body >
<div class='formcontainer'>
<h1>Register</h1>
<form method="post"  action="database.php">
   <div class='para'>
      <label for='name'>Name: </label><br />
      <input type="text" id='name' name="name"/>
   </div>
   <div class='para'>
      <label for='email'>Email:</label><br />
      <input type="text" id='email' name="email"/>

</div>
   <div class='para'>
      <label for='username'>Username:</label><br />
      <input type="text" id='username' name="username"/>




   </div>
   <div class='para'>
      <label for='regpwd'>Password:</label> <br />
      <div class='pwdwidgetdiv' id='thepwddiv'></div>
                   <input type="password" id='password' name="password"/>


      <script  type="text/javascript" >
      var pwdwidget = new PasswordWidget('thepwddiv','regpwd');
      pwdwidget.MakePWDWidget();
      </script>
      <noscript>
      <div><input type='password' id='regpwd' name='regpwd' /></div>      
      </noscript>
   </div>
   <div class='para'><br /><br />
   <input type="submit" name='submit' value="submit" />
   </div>
</form>
</div>






</form>
</body>
</html>

okay so i have a file called login.php but when you login it stay's on the same page... + i want it to go to a different page... so a user log's in from login.php and i want it to go to a new file called main.php i have some code below i was wondering if someone could help me separate the code to make it 2 pages...


login.php
Code: [Select]
<?php

include("include/session.php");
global $database;
$config = $database->getConfigs();
?>

<html>
<head>
<link rel="stylesheet" href="include/style.css" type="text/css">
<title><?php echo $config['SITE_NAME']; ?> - Login Page</title>

</head>
<body>
<div id="mainborder">
<tr>

    <td>
    <div class="image">
      <p align="center"><a href="index.php"><img src="images/logo.gif" width="850" height="130"></a>
      <div class="sidebox">
      </div>
      </div>
      <p align="left">
     
           
      <table width="95%" class="topbar">

<tr>

<td>

<marquee scrollamount='3'>Welcome to pokemon RPG please report all bugs/errors to the site admin:) #Rate</marquee> </td>

</tr>

</table>

        <table width="100%" border="0" cellpadding="0" cellspacing="0">
      </p>
      <tr>

      <td valign="top" width="150">

    <div style="height:7px;"></div>


<div class="headbox">Navigation</div>
  <a class="leftmenu" href="index.php">Home</a>
  <a class="leftmenu" href="login.php">Login</a>
  <a class="leftmenu" href="register.php">Register</a>
  <a class="leftmenu" href="#">About/FAQ</a>
  <a class="leftmenu" href="#">Forum</a>
          <a class="leftmenu" href="#">Chat Box</a><br>


<br />

<td valign="top">

            <table border="0" cellspacing="0" cellpadding="0" width="100%">

              <tr>

                <td width="10"></td>

                <td valign="top" class="mainbox">
<div class="contentcontent">  </div>
<div id="mainContent">
<table class="content">
<br />


<?php
/**
 * User has already logged in, so display relavent links, including
 * a link to the admin center if the user is an administrator.
 */
if($session->logged_in){
   echo "<h1>Logged In</h1>";
   echo "Welcome <b>$session->username</b>, you are logged in. <br><br>"
       ."[<a href=\"userinfo.php?user=$session->username\">My Account</a>] &nbsp;&nbsp;"
       ."[<a href=\"useredit.php\">Edit Account</a>] &nbsp;&nbsp;";
   if($session->isAdmin()){
      echo "[<a href=\"admin/index.php\">Admin Center</a>] &nbsp;&nbsp;";
   }
   echo "[<a href=\"process.php\">Logout</a>]";
}
else{
?>


<?php
/**
 * User not logged in, display the login form.
 * If user has already tried to login, but errors were
 * found, display the total number of errors.
 * If errors occurred, they will be displayed.
 */
if($form->num_errors > 0){
   echo "<font size=\"2\" color=\"#ff0000\">".$form->num_errors." error(s) found</font>";
}
?>

<div class="loginbox">
Member Login
</div>
<form action="process.php" method="POST" autocomplete="on">
<tr>
<table class="contentcontent" align="left" border="0" cellspacing="0" cellpadding="3">
<tr><td>Username:</td><td><input type="text" name="user" maxlength="30" value="<?php echo $form->value("user"); ?>"></td><td><?php echo $form->error("user"); ?></td></tr>
<tr><td>Password:</td><td><input type="password" name="pass" maxlength="30" value="<?php echo $form->value("pass"); ?>"></td><td><?php echo $form->error("pass"); ?></td></tr>
<tr><td colspan="2" align="left"><input type="checkbox" name="remember" <?php if($form->value("remember") != ""){ echo "checked"; } ?>>
Remember me &nbsp;&nbsp;&nbsp;&nbsp;
<input type="hidden" name="sublogin" value="1">
<input type="submit" value="Login"></td></tr>
<tr><td colspan="2" align="left"><br><font size="2">[<a href="forgotpass.php">Forgot Password?</a>]</font></td><td align="right"></td></tr>

</form>




<table width="875">



<tr>


<br />
<br />
    <td width="902" height="20" colspan="2" align="center" class="maincontent"><br /><div class="contentcontent">This site is not affiliated with Nintendo, Creatures Ink, Gamefreak or any other organisation. Legal Info
</br><?php }
echo "";
include("include/view_active.php");?></div>
    </td>
  </tr>
 
</table>



</body>
</html>

process.php
Code: [Select]
<?php

include("include/session.php");

class Process
{
   /* Class constructor */
   function Process(){
      global $session;
      /* User submitted login form */
      if(isset($_POST['sublogin'])){
         $this->procLogin();
      }
      /* User submitted registration form */
      else if(isset($_POST['subjoin'])){
         $this->procRegister();
      }
      /* User submitted forgot password form */
      else if(isset($_POST['subforgot'])){
         $this->procForgotPass();
      }
      /* User submitted edit account form */
      else if(isset($_POST['subedit'])){
         $this->procEditAccount();
      }
      /**
       * The only other reason user should be directed here
       * is if he wants to logout, which means user is
       * logged in currently.
       */
      else if($session->logged_in){
         $this->procLogout();
      }
      /**
       * Should not get here, which means user is viewing this page
       * by mistake and therefore is redirected.
       */
       else{
          header("Location: ".$config['WEB_ROOT'].$config['home_page']);
       }
   }

   /**
    * procLogin - Processes the user submitted login form, if errors
    * are found, the user is redirected to correct the information,
    * if not, the user is effectively logged in to the system.
    */
   function procLogin(){
      global $session, $form;
      /* Login attempt */
      $retval = $session->login($_POST['user'], $_POST['pass'], isset($_POST['remember']));
      
      /* Login successful */
      if($retval){
         header("Location: ".$session->referrer);
      }
      /* Login failed */
      else{
         $_SESSION['value_array'] = $_POST;
         $_SESSION['error_array'] = $form->getErrorArray();
         header("Location: ".$session->referrer);
      }
   }
   
   /**
    * procLogout - Simply attempts to log the user out of the system
    * given that there is no logout form to process.
    */
   function procLogout(){
      global $database, $session;
      $config = $database->getConfigs();
      $retval = $session->logout();
      header("Location: ".$config['WEB_ROOT'].$config['home_page']);
   }
   
   /**
    * procRegister - Processes the user submitted registration form,
    * if errors are found, the user is redirected to correct the
    * information, if not, the user is effectively registered with
    * the system and an email is (optionally) sent to the newly
    * created user.
    */
   function procRegister(){
      global $database, $session, $form;
      $config = $database->getConfigs();
  
  /* Checks if registration is disabled */
  if($config['ACCOUNT_ACTIVATION'] == 4){
   $_SESSION['reguname'] = $_POST['user'];
        $_SESSION['regsuccess'] = 6;
header("Location: ".$session->referrer);
  }
  
      /* Convert username to all lowercase (by option) */
      if($config['ALL_LOWERCASE'] == 1){
         $_POST['user'] = strtolower($_POST['user']);
      }
      /* Hidden form field captcha deisgned to catch out auto-fill spambots */
      if (!empty($_POST['killbill'])) { $retval = 2; } else {
      /* Registration attempt */
      $retval = $session->register($_POST['user'], $_POST['pass'], $_POST['conf_pass'], $_POST['email'], $_POST['conf_email']);
      }
      
      /* Registration Successful */
      if($retval == 0){
         $_SESSION['reguname'] = $_POST['user'];
         $_SESSION['regsuccess'] = 0;
         header("Location: ".$session->referrer);
      }
      /* E-mail Activation */
      else if($retval == 3){
         $_SESSION['reguname'] = $_POST['user'];
         $_SESSION['regsuccess'] = 3;
         header("Location: ".$session->referrer);
      }
      /* Admin Activation */
      else if($retval == 4){
         $_SESSION['reguname'] = $_POST['user'];
         $_SESSION['regsuccess'] = 4;
         header("Location: ".$session->referrer);
      }
      /* No Activation Needed but E-mail going out */
      else if($retval == 5){
         $_SESSION['reguname'] = $_POST['user'];
         $_SESSION['regsuccess'] = 5;
         header("Location: ".$session->referrer);
      }
      /* Error found with form */
      else if($retval == 1){
         $_SESSION['value_array'] = $_POST;
         $_SESSION['error_array'] = $form->getErrorArray();
         header("Location: ".$session->referrer);
      }
      /* Registration attempt failed */
      else if($retval == 2){
         $_SESSION['reguname'] = $_POST['user'];
         $_SESSION['regsuccess'] = 2;
         header("Location: ".$session->referrer);
      }
   }
   
   /**
    * procForgotPass - Validates the given username then if
    * everything is fine, a new password is generated and
    * emailed to the address the user gave on sign up.
    */
   function procForgotPass(){
      global $database, $session, $mailer, $form;
      $config = $database->getConfigs();
      /* Username error checking */
      $subuser = $_POST['user'];
      $subemail = $_POST['email'];
      $field = "user";  //Use field name for username
      if(!$subuser || strlen($subuser = trim($subuser)) == 0){
         $form->setError($field, "* Username not entered<br>");
      }
      else{
         /* Make sure username is in database */
         $subuser = stripslashes($subuser);
         if(strlen($subuser) < $config['min_user_chars'] || strlen($subuser) > $config['max_user_chars'] ||    
            !preg_match("/^[a-z0-9]([0-9a-z_-])+$/i", $subuser) ||
            (!$database->usernameTaken($subuser))){
            $form->setError($field, "* Username does not exist<br>");
          } 
          else if ($database->checkUserEmailMatch($subuser, $subemail) == 0){
           $form->setError($field, "* No Match<br>");
       }
      }
      
      /* Errors exist, have user correct them */
      if($form->num_errors > 0){
         $_SESSION['value_array'] = $_POST;
         $_SESSION['error_array'] = $form->getErrorArray();
      }
      /* Generate new password and email it to user */
      else{
         /* Generate new password */
         $newpass = $session->generateRandStr(8);
         
         /* Get email of user */
         $usrinf = $database->getUserInfo($subuser);
         $email  = $usrinf['email'];
         
         /* Attempt to send the email with new password */
         if($mailer->sendNewPass($subuser,$email,$newpass,$config)){
            /* Email sent, update database */
            $usersalt = $session->generateRandStr(8);
           $newpass = sha1($usersalt.$newpass);
            $database->updateUserField($subuser,"password",$newpass);
            $database->updateUserField($subuser,"usersalt",$usersalt);
            $_SESSION['forgotpass'] = true;
         }
         /* Email failure, do not change password */
         else{
            $_SESSION['forgotpass'] = false;
         }
      }
      
      header("Location: ".$session->referrer);
   }
   
   /**
    * procEditAccount - Attempts to edit the user's account
    * information, including the password, which must be verified
    * before a change is made.
    */
   function procEditAccount(){
      global $session, $form;
      /* Account edit attempt */
      $retval = $session->editAccount($_POST['curpass'], $_POST['newpass'], $_POST['conf_newpass'], $_POST['email']);

      /* Account edit successful */
      if($retval){
         $_SESSION['useredit'] = true;
         header("Location: ".$session->referrer);
      }
      /* Error found with form */
      else{
         $_SESSION['value_array'] = $_POST;
         $_SESSION['error_array'] = $form->getErrorArray();
         header("Location: ".$session->referrer);
      }
   }
};

/* Initialize process */
$process = new Process;

?>

Thankyou for your help in advance.

Hi ive been trying to get this login to work but it doesn't seem to work please help:

login.php:
<?php

//ob
ob_start();

//session
session_start();

if (isset($_SESSION['username']))
{
header("Location: main.php");
exit();
}

//connect
$error = 'Could not connect to the database';
mysql_connect('localhost','************','***************') or die($error);
mysql_select_db('********') or die($error);

if ($_POST['login'])
{
//get form data
$username = addslashes(strip_tags(strtolower($_POST['username'])));
$password = addslashes(strip_tags(md5($_POST['password'])));

if (!$username||!$password)
echo "Please enter a username and password<p />";
else
{
//find username
$find = mysql_query("SELECT * FROM ********** WHERE username='$username' AND password='$password'");
if (mysql_num_rows($find)==0)
echo "Username or password is incorrect<p />";
else
{
$_SESSION['username']=$username;
header("Location: main.php");
exit();
}
}
}
?>

main.php
<?
// You may copy this PHP section to the top of file which needs to access after login.
session_start(); // Use session variable on this page. This function must put on the top of page.
$username = $_SESSION['username']
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel=StyleSheet href="style.css" type="text/css" media=screen>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>

<body>
<div id="nomargin"><img src="banner.jpg" alt="" /></div>
<div id="login"><form name="login" method="post" action="login.php">
<table border="0" width="220" align="center">
<tr>
<? if(!session_is_registered("username")){ // if session variable "username" does not exist.
echo "<td width='71'>Username:</td>
<td width='139'><input type='text' name='username' size='16' style='font-family: Times New Roman, Times, serif; font-size: 11pt;' /></td>
</tr>
<tr>
<td width='71'>Password:</td>
<td width='139'><input type='password' name='password' size='16' style='font-family: Times New Roman, Times, serif; font-size: 11pt;' /></td>
</tr>
<tr>
<td colspan='2' align='center'><input name='signup' type='submit' value='Log In' style='background-color: #900002; border-color: #555555; color: #FFFFFF; font-weight: bold; width: 60px;' /></td>";
}else{
echo "<td><b>Welcome $username</b>
<a href='logout.php'><b>Logout</b></a></td>";
}
?>
</tr>
</table>
</form></div>
<div id="menutext"><span class="class1"><a href="**************">Home</a> <a href="http://www.fightwatcher.com">News</a> <a href="http://www.fightwatcher.com">Profile</a> <a href="http://www.fightwatcher.com">Friends & Fighters</a> <a href="http://www.fightwatcher.com">Videos</a> <a href="http://www.fightwatcher.com">Groups</a> <a href="http://www.fightwatcher.com">Forum</a></span></div>
</body>
</html>