Hey, I changed my login script a bit, and it broke. Every time I post the correct login details, the script doesn't execute. Whenever I post incorrect details, it executes? It's probably a stupid error that I keep missing.
Anyone see anything wierd?
The echo'ed comments are to check how far it got.PHP Code:session_start();
$status_font_color = '990000';
$status = 'Please login.';
if(!empty($_GET['f'])) {
$page = $domain . $_GET['f'];
} else {
$page = $domain . '/affiliates/account.php';
}
if(!empty($_SESSION['user_id']) && !empty($_SESSION['username'])) {
Redirect($domain . '/affiliates/account.php');
}
if(isset($_POST['Login'])) {
echo '<!-- Made Pt 1 -->';
$username = addslashes($_POST['username']);
$password = md5($_POST['password']);
if(empty($_POST['username']) || empty($_POST['password'])) {
$continue = false;
$status = 'Empty username or password.';
$status_font_color = 990000;
}
if($continue !== false) {
if(!preg_match("/^[a-z0-9_]/", $_POST['username'])) {
$continue = false;
$status = 'Invalid syntax. Only use letters "A" through "Z", and numbers "1" through "10".';
$status_font_color = 990000;
}
}
if($continue !== false) {
$SELECT = mysql_query("SELECT * FROM affiliate_users WHERE username = '$username' AND password = '$password'") or die($error);
echo '<!-- Made Pt 2 -->';
if(mysql_num_rows($SELECT) == 1) {
$_SESSION['username'] = $_POST['username'];
$_SESSION['user_id'] = $fetched_userid;
$_SESSION['last_move'] = time() + 300;
Redirect($page);
} else {
$status = 'Invalid username/password combination. Please try again.';
$status_font_color = 990000;
}
}
}
- Monster!
Bookmarks