PHP - Cannot Figure Out Simple Admin Login

hi guys how you doing? i new here so take it easy on me .

basically just need some quick help and i thought this would be the best place to ask. ive been working on a admin login script but cant seem to get it right, i mean i can login in with random passwords :/ and also everytime i go to the index.php it shows the information i dont want it without  being logged in. ive got the script running live just incase anyone wants to see what i mean its at http://www.lukerodham.co.uk/admin

heres the code. Thanks in advance.

index.php
Code: [Select]
<?php 
require_once("login.php"); 

$adminuser = $_SESSION['user'];
?>

<html>
<head>
<title>hoonigans.co.uk</title>
</head>
<body>
<h3 align="center">Welcome to the admin page.</h3>
<span class="maintext"><br />
<p align="center">If you would like to post some news please <a href="news/post.php">click here</a>.<br />
To logout please <a href="logout.php">click here</a></p>
</body>
</html>


login.php
Code: [Select]
<?php

function loginpage($error){
    echo "
    <html>
    <body>
    <div align='center'>
    <form method='post' action='".$_SERVER['REQUEST_URI']."'>
    <label>username: 
    <input type='text' name='username' id='username'><br>
    <label>password: 
    <input type='password' name='password' id='password'><br>
    </label>
    <label>
    <input type='submit' name='submit' id='submit' value='submit'>
    </label>
    </form>
    </div>
    </body>
    </html>
    ";
}

$username = $_POST['username'];
$password = $_POST['password'];
$login = $_post['login'];

$host = *********;
$dbuser = *********;
$dbname = *********;
$dbpass = *********;

mysql_connect("$host","$dbuser","$dbpass");
mysql_select_db("$dbname");

session_start(); 
if($_SESSION['user'] != $username){
if(!$submit){
loginpage(false);
}
    elseif($submit){
        $get = mysql_query("SELECT * FROM users WHERE username='$username'");
        while ($row = mysql_fetch_assoc($get)){
      
           $admin = $row['admin'];
           $passwordmatch = $row['password'];
           
           if ($passwordmatch==$password&&$admin==1){
            
            $_SESSION['user']="$username";
            echo "this worked";
           }
           else{
            die("Sorry wrong information.");
           }
        }
    }
}
?>

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\sas\shoppingcart\adminlogin.php on line 16

Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\sas\shoppingcart\adminlogin.php:16) in C:\xampp\htdocs\sas\shoppingcart\adminlogin.php on line 33

Hello,

I have a problem with my website, Admin login page (http://www.tranceprofile.com/storeadmin/admin_login.php

I can not login to my Admin controle panel.

Login information:
Username: Mitch
Password: schuur111

Username: Admin
Password: poopoo

Can someone help me ?

Here is my admin_login.php source code.
If you need some other source code in my /storeadmin folder please tell
Code: [Select]
<?php 
session_start();
if (isset($_SESSION["manager"])) {
    header("location: index.php"); 
    exit();
}
?>
<?php 
// Parse the log in form if the user has filled it out and pressed "Log In"
if (isset($_POST["username"]) && isset($_POST["password"])) {

$manager = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["username"]); // filter everything but numbers and letters
    $password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password"]); // filter everything but numbers and letters
    // Connect to the MySQL database  
    include "../storescripts/connect_to_mysql.php"; 
    $sql = mysql_query("SELECT id FROM admin WHERE username='$manager' AND password='$password' LIMIT 1"); // query the person
    // ------- MAKE SURE PERSON EXISTS IN DATABASE ---------
    $existCount = mysql_num_rows($sql); // count the row nums
    if ($existCount == 1) { // evaluate the count
     while($row = mysql_fetch_array($sql)){ 
             $id = $row["id"];
 }
 $_SESSION["id"] = $id;
 $_SESSION["manager"] = $manager;
 $_SESSION["password"] = $password;
 header("location: index.php");
         exit();
    } else {
echo 'That information is incorrect, try again <a href="index.php">Click Here</a>';
exit();
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Admin Log In </title>
<link rel="stylesheet" href="../style/style.css" type="text/css" media="screen" />
</head>

<body>
<div align="center" id="mainWrapper">
  <?php include_once("../template_header.php");?>
  <div id="pageContent"><br />
    <div align="left" style="margin-left:24px;">
      <h2>Please Log In To Manage the Store</h2>
      <form id="form1" name="form1" method="post" action="admin_login.php">
        User Name:<br />
          <input name="username" type="text" id="username" size="40" />
        <br /><br />
        Password:<br />
       <input name="password" type="password" id="password" size="40" />
       <br />
       <br />
       <br />
       
         <input type="submit" name="button" id="button" value="Log In" />
       
      </form>
      <p>&nbsp; </p>
    </div>
    <br />
  <br />
  <br />
  </div>
  <?php include_once("../template_footer.php");?>
</div>
</body>
</html>

Ok.. I have made an admin section for a couple of sites, and it works fine, alough i'm almost certain that the way i have done it is not the "proper way".

What I have done is had a form with a password field that sends the password via POST to another script that checks the password is correct via variable, something like this:
Code: [Select]
<?php

  $pass = $_POST["pass"];
  $correct = "imapassword";

  if($pass == $correct){
    
  //display contents of page

  else{
  //return user to login screen
  }
?>

And then it saves the password into a cookie, that dies either over time or when the browser closes. And then on each page it tests wether that cookie is still there and is correct. When the user wants to log out it just destroys the cookie.

This seems like a really hashed up way of doing it, could anybody let me know the bare essentials for making a similar system, but the "right way". Thankyou in advance

Howdy colleagues, Please help! I am writing a WP plugin the boss of the website to be notified when an admin logs in. So far so good, but I can't make the damn code to send the email when the user logs in. If I change the add_action to "admin_notices" the email is being sent, but if I put "wp_login" it does not Please help, here is the code so far...

function _emnoti_get_time_of_login(){
		$time_of_login = date('l F Y');
		return $time_of_login;
	}
#   Get the IP of the user that logged themselves as admin

	function _emnoti_get_ip(){
		$sources = array(
	'REMOTE_ADDR',
	'HTTP_X_FORWARDED_FOR',
	'HTTP_CLIENT_IP',
);
	foreach ($sources as $source) {
		if(!empty($_SERVER[$source])){
			$ip = $_SERVER[$source];
		}
	}
	return $ip;
	}

#   Email all the info above to a pointed email address
	function emnoti_send_email($user_login, $user){
		if(_emnoti_check_if_admin() === true){
		//	print _emnoti_get_time_of_login();
		//	print _emnoti_get_ip();
			wp_mail("MY EMAIL!", "Test subject", 'test body');
		}
	}

add_action('wp_login', 'emnoti_send_email', 10, 2);

?>

Hi all,

Sorry to be a pain, but I've been out of the php game for quite a few years and have just come back to it briefly to help someone out.
I've been using an old admin auth script that I used to use a long time ago but it's not working, and I can't for the life of me work it out :/

I apologise for the noobishness of the code, but as I said, it's been a long time.
Any and all help would be very greatly appreciated.

Here is the code:

<?

   require("config.php");

   mysql_connect($server,$login,$password) or die('Error connecting to server');
   mysql_select_db($base) or die('Error connecting to database');

   $req = mysql_query("SELECT username,mempass,level FROM members WHERE username='$admin_login'");
   $data = @mysql_fetch_array($req);
   $member_name = $data["username"];
   $member_pass = $data["mempass"];
   $member_userlevel = $data["level"];

   if($member_pass == $admin_pass)
      {
      SetCookie("mgdwebby","$member_name:$member_pass:$member_userlevel");
      }

include("header.php");

?>



<?

if($action=="login")
   {

   if($admin_login==""){ echo"Wrong info. "; }
   elseif($admin_pass==""){ echo"Wrong info. "; }
   else{

   require("config.php");

   mysql_connect($server,$login,$password) or die('Error connecting to server');
   mysql_select_db($base) or die('Error connecting to database');

   $req = mysql_query("SELECT username,mempass,level FROM members WHERE username='$admin_login'");
   $data = @mysql_fetch_array($req);
   $member_name = $data["username"];
   $member_pass = $data["mempass"];

   if($member_pass == $admin_pass)
      {

      echo"<head><meta http-equiv=\"refresh\" content=\"2;URL=admin.php\"></head><br><center>Please

Wait.</center><br>";
      $auth = explode(":",$HTTP_COOKIE_VARS["mgdwebby"]);
      if(empty($auth[0]) || empty($auth[1]))
         {
         }
      else
         {
         echo"Welcome<br>";
         include("admin_left.php");
         }
      }
   else
      {
      echo"Wrong info. ";
      }
       }
   }      
else
   {

   echo"<form method='post' action='?action=login'>
   <table width='307' align='center' cellspacing='0' cellpading='0' border='0'>
     <tr>
       <td width='200'>&nbsp;Login : </td>
       <td>&nbsp;<input type='text' name='admin_login'></td>
     </tr>
      <tr>
       <td width='200'>&nbsp;Password : </td>
       <td>&nbsp;<input type='password' name='admin_pass'></td>
     </tr>
     <tr>
       <td colspan='2' align='center'><center><input type='submit' value='Login'></center></td>
   </table> ";

   }

?>



<?

include("footer.php");

?>

Login.php

Code: [Select]
<?php
    mysql_connect("localhost","root") or die(mysql_error());
    mysql_select_db("Regis") or die(mysql_error());


     if (isset($_POST["sub"]))
     {
        $_POST['pass'] = md5($_POST['pass']);
      if (!get_magic_quotes_gpc())
       {
        $_POST['username'] = addslashes($_POST['username']);
        $_POST['pass'] = addslashes($_POST['pass']);
      }


       $usercheck = $_POST["username"];

       $check = mysql_query("SELECT username FROM registration WHERE username = '$usercheck'") or die(mysql_error());

       $check2 = mysql_num_rows($check);
        //if the name exists it gives an error
     if ($check2 != 0)
     {
      echo("<SCRIPT LANGUAGE='JavaScript'>window.alert('Sorry, the username" ." ".$usercheck." ". "is already in use.')</SCRIPT>");
      echo ("<SCRIPT LANGUAGE='JavaScript'>setTimeOut(window.location = 'registration.php',1)</script>");

     }

      else if($_POST['username'] && $_POST['pass'] && $_POST['pass2'] )
     {
      $insert = "INSERT INTO registration (username, password) VALUES ('".$_POST['username']."', '".$_POST['pass']."')";
      $add_member = mysql_query($insert);
      echo("<SCRIPT LANGUAGE='JavaScript'>window.alert('Registration had been succesfully added :)')</SCRIPT>");
     }

     }
     
?>

<html>
<head>
<script type="text/javascript">
 function a()
{
   var x = document.login.username.value;
   var y = document.login.pass.value;

   if(x==""&& y=="")
   {
    alert("Please insert all message!");
    return false;
   }
   if(x=="")
   {
     alert("Please insert an username!");
     return false;
   }
   if(y=="")
   {
     alert("Please insert an password!");
     return false;
   }
}
</script>
</head>
 <body>
 <table border="0">
 <form name="login" method="post" action="form2.php" onsubmit="return a()">
 <tr><td colspan=2><h1>Login</h1></td></tr>
 <tr><td>Username:</td>
 <td><input type="text" name="username" maxlength="40"></td></tr>
 <tr><td>Password:</td>
 <td><input type="password" name="pass" maxlength="50"></td></tr>
 <tr><td><input type="submit" name="submit" value="Register"></a></td>
 <td><input type="submit" name="submit" value="Login"></td></tr>
 </form>
 </body></html>




form2.php

Code: [Select]
<?php
mysql_connect("localhost","root") or die(mysql_error());
mysql_select_db("cute") or die(mysql_error());
$message=$_POST['message'];
$n=$_POST['username'];


if(isset($_POST['submit'])) //if submit button push has been detected

{


   if(strlen($message)>1)
   {
      $message=strip_tags($message);
      $IP=$_SERVER["REMOTE_ADDR"]; //grabs poster's IP
      $checkforbanned="SELECT IP from ipbans where IP='$IP'";
      $checkforbanned2=mysql_query($checkforbanned) or die("Could not check for banned IPS");

    if(mysql_num_rows($checkforbanned2)>0) //IP is in the banned list
    {
     print "You IP is banned from posting.";
    }

    else
    {
     $thedate = date("U"); //grab date and time of the post
     $insertmessage="INSERT into chatmessages (name,IP,postime,message) values('$n','$IP','$thedate','$message')";
     mysql_query($insertmessage) or die("Could not insert message");
    }
   }
}


 ?>
<html>
<head>
<script type="text/javascript">
function addsmiley(code)
{
var pretext = document.smile.message.value;
              this.code = code;
              document.smile.message.value = pretext + code;
}

function a()
{
 var x = document.smile.message.value;
 if(x=="")
 {
  alert("Please insert an message!");
  return false;
 }

}

</script>
<style type="text/css">
body{ background-color: #d8da3d }
</style>
</head>
<body>
  <form name="smile" method="post" action="form2.php" onSubmit="return a()" >
   Your message:<br><textarea name='message' cols='40' rows='2'></textarea><br>
   <img src="smile.gif" alt=":)" onClick="addsmiley(':)')" style="cursor:pointer;border:0" />
   <img src="blush.gif" alt=":)" onClick="addsmiley('*blush*')" style="cursor:pointer;border:0" />
   <input type="hidden" name="username" value="<?php echo $n;?>">
   <input type='submit' name='submit' value='Send' class='biasa'  ></form>

   
 
  <br> <br>
  </body>
</html>

My problem is in login.php in form section, can one form can be used user or admin because just now im doing is for user if user login it goes to form2.php but im want also in the same form if admin the form post to form3.php any way to do that thank you

Hey guys,

I'm kind of a n00b with PHP and i'm trying to practice by building a mock e-comm site, but i'm having a problem with my admin login form. When the information is submitted the form just clears and doesn't redirect me to the index.php file i have set-up. My knowledge of php isn't where i'd like it to be yet, so i'm here for help! I'll post the code for bpoth the admin login page and the index.php file.

ADMIN LOGIN PAGE
            |
            |
            V
<?php
session_start();
if (isset($_SESSION["username"])) {
    header("location: index.php");
    exit();
}

?>
<?php

if (isset($_POST["username"]) && isset($_POST["password"])){

   $username = $_POST["username"]; // filter everything but numbers and letters
    $password = $_POST["password"]; // filter everything but numbers and letters

    include "../storescripts/connect_to_mysql.php";
    $sql = mysql_query("SELECT id FROM admin WHERE username='$username' AND password='$password' LIMIT 1");

    $existCount = mysql_num_rows($sql); // count the row nums
    if ($existCount == 1) { // evaluate the count
        while($row = mysql_fetch_array($sql)){
             $id = $row["id"];
       }
       $_SESSION["id"] = $id;
       $_SESSION["username"] = $username;
       $_SESSION["password"] = $password;
       header("location: index.php");
         exit();
    } else {
      echo 'That information is incorrect, try again <a href="index.php">Click Here</a>';
      exit();
   }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
      <title>Store Admin Area</title>
        <link rel="stylesheet" type="text/css" href="../css/main_style.css" />
   </head>

   <body>
           <div id="wrapper">
                  <div id="text"><br />
                     <div align="left" style="margin-left:100px; margin-top:100px;">
                        <h2>Please Login To Manage The Store</h2>
                        <br /><br />
                        <form id="form1" name="form1" method="post" action="admin_login.php">
                        <strong>Username</strong>
                           <input name="username" type="text" id="username" size="40" />
                        <br /><br />
                        <strong>Password</strong>
                           <input name="password" type="password" id="password" size="40" />
                        <br />
                        <br />
                           <input type="submit" name="button" id="button" value="Login" />
                        </form>
                     </div>
           </div><!--closes wrapper-->
   </body>
</html>



INDEX.PHP FILE
           |
           |
           V

<?php
session_start();
if (!isset($_SESSION["username"])) {
    header("location: admin_login.php");
    exit();
}

$usernameID = preg_replace('#[^0-9]#i', '', $_SESSION["id"]);
$username = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["username"]);
$password = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["password"]);

include "../storescripts/connect_to_mysql.php";
$sql = mysql_query("SELECT * FROM admin WHERE id='$usernameID' AND username='$username' AND password='$password' LIMIT 1"); // query the person

$existCount = mysql_num_rows($sql); // count the row nums
if ($existCount == 0) { // evaluate the count
    echo "Your login session data is not on record in the database.";
     exit();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
      <title>Store Admin Area</title>
        <link rel="stylesheet" type="text/css" href="../css/main_style.css" />
   </head>

   <body>
          <div id="wrapper">
                  <div id="text"><br />
                     <div align="left" style="margin-left:100px; margin-top:100px;">
                        <h2>Hello store manager, what would you like to do today?</h2>
                        <p><a href="inventory_list.php">Manage Inventory</a><br />
                        <a href="#">Manage Blah Blah </a></p>
                     </div>
                     <br />
                  <br />
                  <br />
                </div><!--closes wrapper-->
   </body>
</html>

Any help and suggestions are greatly appreciated! Thanks!

<?php
session_start( );
include_once( dirname( __FILE__ )."/../inc/func/get_sth.php" );
include_once( _ABSPATH_."/inc/func/header.php" );
if ( $_GET["f"] == "login" )
{
    $adminuser = strtolower( strip_tags( trim( $_POST["adminuser"] ) ) );
    $r_0 = strtolower( strip_tags( trim( $_SESSION["r"] ) ) );
    $r_1 = strtolower( strip_tags( trim( $_POST["r"] ) ) );
    if ( $r_0 == $r_1 )
    {
        $result = mysql_query( "SELECT password FROM admin where adminuser='".$adminuser."'" );
        $val = mysql_fetch_array( $result );
        if ( !$val["password"] )
        {
            $loginfail = 1;
        }
        else
        {
            if ( $val[password] === md5( $_POST["password"] ) )
            {
                $_SESSION['admin'] = $adminuser;
                header( "Location: ./" );
                exit( );
            }
            $loginfail = 1;
        }
    }
    else
    {
        $loginfail = 2;
    }
}
$page_title = l( "Administration Login" )." | ".get_sitename( );
$smarty->assign( "page_title", $page_title );
$smarty->assign( "loginfail", $loginfail );
$smarty->display( "mgt/login.tpl" );
?>

Login.php

Code: [Select]
<?php
    session_start();
    mysql_connect("localhost","root") or die(mysql_error());
    mysql_select_db("cute") or die(mysql_error());
    $username = $_POST['username'];
    $password = $_POST['pass'];
    if (isset($_POST["submit"]))
    {
     $log = "SELECT * FROM regis WHERE username = '$username'";
     $login = mysql_query($log);  
     $row = mysql_fetch_array($login);
     $number = mysql_num_rows($login);
     if ($number > 0)
     {


        $_SESSION['username'] = $row['username'];
        $_SESSION['userlevel'] = $row['userlevel'];
        
         
        if($_SESSION['userlevel']==1)
       {
        $_SESSION['is_logged_in'] == 1;
        header("Location: form2.php");
       }
        else if($_SESSION['userlevel']== 0)
       {
         $_SESSION['is_logged_in'] == 1;
         header("Location: registration.php");
       }
     }

Registration.php

Code: [Select]
<?php
echo 'Welcome:' .$_SESSION['is_logged_in'];?>
form2.php

Code: [Select]
<?php
session_start();
if (empty($_SESSION['is_logged_in']))
{
 header("Location:chatframe.php");
 die();     // just to make sure no scripts execute
}
?>
<?php
mysql_connect("localhost","root") or die(mysql_error());
mysql_select_db("cute") or die(mysql_error());
$message=$_POST['message'];
$a=$_SESSION['username'];



if(isset($_POST['submit'])) //if submit button push has been detected

{


   if(strlen($message)>1)
   {
      $message=strip_tags($message);
      $IP=$_SERVER["REMOTE_ADDR"]; //grabs poster's IP
      $checkforbanned="SELECT IP from ipbans where IP='$IP'";
      $checkforbanned2=mysql_query($checkforbanned) or die("Could not check for banned IPS");

    if(mysql_num_rows($checkforbanned2)>0) //IP is in the banned list
    {
     print "You IP is banned from posting.";
    }

    else
    {
     $thedate = date("U"); //grab date and time of the post
     $insertmessage="INSERT into chatmessages (name,IP,postime,message) values('$a','$IP','$thedate','$message')";
     mysql_query($insertmessage) or die("Could not insert message");
    }
   }
}


 ?>
<html>
<head>
<script type="text/javascript">
function addsmiley(code)
{
var pretext = document.smile.message.value;
              this.code = code;
              document.smile.message.value = pretext + code;
}

function a()
{
 var x = document.smile.message.value;
 if(x=="")
 {
  alert("Please insert an message!");
  return false;
 }

}

</script>
<style type="text/css">
body{ background-color: #d8da3d }
</style>
</head>
<body>
  <form name="smile" method="post" action="form2.php" onSubmit="return a()" >
   Your message:<br><textarea name='message' cols='40' rows='2'></textarea><br>
   <img src="smile.gif" alt=":)" onClick="addsmiley(':)')" style="cursor:pointer;border:0" />
   <img src="blush.gif" alt=":)" onClick="addsmiley('*blush*')" style="cursor:pointer;border:0" />
   <input type='submit' name='submit' value='Send' class='biasa'  ></form>

   
 
  <br> <br>
  </body>
</html>
In this registration.php when im called back its appear nothing im means the number is not showing and the login code even im had also put the "$_SESSION['is_logged_in'] == 1;" outside if else userlevel statement and then i put $d=  $_SESSION['is_logged_in'] == 1;   and im echoing back but it is nothing im thinks something wrong in session is login

 and also still it cannot redirect to admin -form2.php when session is login in is 1

Hi guy's,

I'm having problems adjusting a script to add a level (user rights) function. When i login with a admin or normal user it gives a blank page (not redirecting to home.php). It even does'nt return an echo that user / pass is incorrect. I'm breaking my head over this for day's now. Can you help me out?

Code: [Select]
<?php
session_start();

//Login form (index.php)

include "db_connect.php";
if(!$_POST['submit'])
{
?>

<html>
<head>
<!--[if IE]>
<link rel="stylesheet" type="text/css" href="style.css" />
<![endif]-->
<![if !IE]>
<link rel="stylesheet" type="text/css" href="firefox.css" />
<![endif]>
</head>
<body>
<div id="wrapper">
<div id="header">
<?php include('header.php'); ?>
</div>
<div class="divider">

<strong>Login</strong>
<form method="post" action="index.php">

<div class="formElm">
<label for="username">Klantnummer:</label>
<input id="username" type="text" name="username" maxlength="16">
</div>

<div class="formElm">
<label for="password">Wachtwoord:</label>
<input type="password" name="password" maxlength="16">
</div>

<input type="submit" name="submit" value="Login">
</form>

</div>
<div id="footer"> 
<?php include('footer.php'); ?>
</div>
</div>
</html>

<?php
}
else
{
  $user = protect($_POST['username']);
  $pass = protect($_POST['password']);
  $level = protect($_POST['level']);
 
if($user && $pass && $level)
{
$pass = md5($pass); //compare the encrypted password
$sql1 ="SELECT id,username FROM `users` WHERE `username`='$user' AND `password`='$pass' AND `level`='1'"; 
$sql2 ="SELECT id,username FROM `users` WHERE `username`='$user' AND `password`='$pass' AND `level`='9'";
$queryN=mysql_query($sql1) or die(mysql_error());
$queryA=mysql_query($sql2) or die(mysql_error());

if(mysql_num_rows($queryN) == 1)
    {
      $resultN = mysql_fetch_assoc($queryN);
  $_SESSION['id'] = $resultN['id'];
      $_SESSION['username'] = $resultN['username'];   
header("location:home.php");     
    }
    elseif(mysql_num_rows($queryA) == 1)
    {
      $resultA = mysql_fetch_assoc($queryA); 
  $_SESSION['id'] = $resultA['id'];
      $_SESSION['username'] = $resultA['username'];  
header("location:home.php"); 
}

else{
echo "Wrong Username or Password";
}
}
}
?>
and the mysql code:

Code: [Select]
CREATE TABLE `user` (
  `id` int(4) unsigned NOT NULL auto_increment,
  `username` varchar(32) NOT NULL,
  `password` varchar(32) NOT NULL,
  `level` int(4) default '1',
  PRIMARY KEY  (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=27 DEFAULT CHARSET=latin1;

Hi Guys, having one of them "why wont it work" nightmares whilst doing some updates on a web page someone else has coded, its a simple php and mysql insert string that has some validation on but no matter what I do it wont add a new property, it updates fine, i have only added three new fields to the original source files, property_county, property_size, property_status, it should have been a simple job but has got me stumped, anyone got any suggestions?

The script uses three files,
properties.php - which is the page which holds the form
class.properties.php - which contains the functions - this is where i think the problem is....
and
property_form.php - which is just the form, this is fine, just the above two that seem to be causing the problem!!

any suggestions would be greatly appreciated.
Thanks
Matt

Hello, im very green to php and I am having trouble creating a simple log in script. Not sure why this is not working, maybe a mysql_query mistake? I am not receiving any errors but nothing gets updated in the members table and my error message to the user displays.  any help is appreciated! here is my php:


<?php
session_start();

$errorMsg = '';
$email = '';
$pass = '';

if (isset($_POST['email'])) {
   $email = ($_POST['email']);
   $pass = ($_POST['password']);
   
   $email = stripslashes($email);
    $pass = stripslashes($pass);
   $email = strip_tags($email);
   $pass = strip_tags($pass);
   
if ((!$email) || (!$pass)) {
   $errorMsg = '<font color="#FF0000">Please fill in both fields</font>';
}else {
   include 'scripts/connect_db.php';
   $email = mysql_real_escape_string ($email);
   $pass = md5($pass);
   
   $sql = mysql_query("SELECT * FROM members WHERE email='$email' AND password='$pass'");
   
   $log_check = mysql_num_rows($sql);
   
if ($log_check > 0) {
    while($row = mysql_fetch_array($sql)) {
      
      $id = $row["id"];
      $_SESSION['id'];
      $email = $row["email"];
      $_SESSION['email'];
      $username = $row["username"];
      $_session['username'];
      
      mysql_query("UPDATE members SET last_logged=now() WHERE id='$id' LIMIT 1");
      
   }//Close while loop
   echo "You are logged in";
             exit();
}
else {
   $errorMsg = '<font color="#FF0000">Incorrect login data, please try again</font>';
}


     }
}
?>



and the form:

<?php echo $errorMsg; ?>
<form action="log_in.php" method="post">
Email:<br />
<input name="email" type="text" /><br /><br />
Password:<br />
<input name="password" type="password" /><br /><br />
<input name="myBtn" type="submit" value="Log In" />
</form>

Dear PHPFreaks,
I am new to PHP. Currently I'm trying to get a PHP login to write to file and use that file to register member and then allow users to login by reading through the file. Here is the code so far. Any help would be grateful.

<body> 
    <form action="register.php" method="post">
        <h2>Register:</h2>
        <p>
            <label for="runame">Username:</label>
            <input name="runame" id="runame" value="" type="text" />
        </p>
        <p>
            <label for="rpword">Password:</label>
            <input name="rpword" id="rpword" type="password" />
        </p>
        <p>
            <input name="register" value="Register here" type="submit" />
        </p>
    </form>             
</body>

register.php
<?php
if (isset($_POST['submit']))
{
    $runame = $_POST['uname'];
    $rpword = $_POST['pword'];
    $category = "user";
}
$fh = fopen("password.txt","a+");
$data = $runame . ":" . $rpword . ":" . $category . "\n";

fwrite($fh, $data);

fclose($fh);
?>

Hello,

I created a simple login script, taht has a hard coded user/pass. Yet for some reason it will not work, keeps redirecting to the main login page

Here is the code

Login Page
Code: [Select]
<table width='400' border='0' align='center' cellpadding='0' cellspacing='0'> 
  <tr> 
    <td>UserName:</td> 
    <td><form action="loginscript.php" method="post"> <input name="username" type="text" size="10"></td> 
  </tr> 
  <tr> 
    <td>Password:</td> 
    <td><input name="password" type="password" size="10"></td> 
  </tr> 
  <tr> 
    <td colspan='2' align='center'><input name="Submit" type="submit" value="Submit"></form></td> 
  </tr> 
</table>


Login Script
Code: [Select]
<?php 
session_start(); 

$pass = strtolower($_POST['password']); 
$name = strtolower($_POST['username']); 

if($name == "test" && $pass == "test"){ 
header ("location: select.php"); 
} 
else{ 
// invalid login, so go back ... 
header ("location: index.php"); 
} 

?>

Select.php
Code: [Select]
<?php 
session_start(); 
if(isset($_SESSION['myuser'])){ 
 
} 
else{ 
header ("location: index.php"); 
} 
?>

ANy ideas why it is not working. It doesnt seem like it is going through the login on the loginscript as all it does is redirect back to index page over and over again