Hi there. I am totally confused. Ive checked and checked this script through and i cant see anything wrong, but for some reason (even if i enter complete crap) it still varyfies login and sets the session variable! It seems to be totally random! Can anyone see why?
<?php
/*
***********-------.com**********
Script Name: Login.php
Description: Checks entered login
details with database, and assignes
a session variable if correct. *
*/
session_start();
$DBhost = "localhost";
$DBuser = "";
$DBpass = "";
$DBname = "***";
session_register("logged_in");
if ($logged_in == "1") {
print("Your Allready logged in!");
} else {
mysql_connect($DBhost,$DBuser,$DBpass) or die("Unable to connect to database");
mysql_select_db ($DBname);
if ($username && $password) {
$query = mysql_query("SELECT username, password FROM *****_users WHERE username='$username' AND password='". md5($password) ."'");
if(mysql_num_rows($query) != 1) {
session_register("logged_in");
$logged_in = "1";
print("Logged In!");
} else {
print("Invalid Username/Password");
}
} else {
print("A Username and Password Must be entered!");
}
}
?>
