Alright, here is my login script. There are 2 problems with it: A) it displays both the error page and the protected page...😎 it displays the error page even with the right password. PLEASE HELP!!!
<?php
if (!isset($HTTP_COOKIE_VARS["id"]))
{
if (!isset($PHP_AUTH_USER))
{
// If empty, show login/signup page
include ('http://crosse5.com/members/invalidlogin.php');
die("Not Found.");
}
else
{
$username = $PHP_AUTH_USER;
$password = $PHP_AUTH_PW;
}
}
else {
$username = $HTTP_COOKIE_VARS["id"];
$password = $HTTP_COOKIE_VARS["pass"];
}
setcookie("id",$username,mktime(0,0,0,0,0,2020),"/",".crosse5.com",0);
setcookie("pass",$password,mktime(0,0,0,0,0,2020),"/",".crosse5.com",0);
// Check to see if PHP_AUTH_USER already contains info
// If non-empty, check the database for matches
// connect to MySQL
mysql_connect("localhost", "user", "password")
or die ("Unable to connect to database.");
// select database on MySQL server
mysql_select_db("db")
or die ("Unable to select database.");
// Formulate the query
$sql = "SELECT *
FROM users
WHERE user='$username' and password='$password'";
// Execute the query and put results in $result
$result = mysql_query($sql);
// Get number of rows in $result. 0 if invalid, 1 if valid.
$num = mysql_numrows($result);
if ($num = "0") {
$sql = "SELECT *
FROM users
WHERE user='$PHP_AUTH_USER' and password='$PHP_AUTH_PW'";
// Execute the query and put results in $result
$result = mysql_query($sql);
// Get number of rows in $result. 0 if invalid, 1 if valid.
$num = mysql_numrows($result);
if ($num = "0") {
include ('http://crosse5.com/members/invalidlogin.php');
die("Not Found."); }
else if ($num != "0") {
$logged="yes";
}
else {}
}
if ($num != "0")
{
$logged="yes";
}
else
{ include ('http://crosse5.com/members/invalidlogin.php');}
?>
