Well, basically I saw what you were trying to do, and then created code the way I would do it. And yes, I understand why you stick with the code you write... Let me try to break down what I see with your code.
<?php
session_register();
That seems unnecessary. I don't believe you need it here, and if you did, a session_start() would come before session_register()
<?php
$db = mysql_connect("localhost", "username", "password");
if (!$db) {
echo("Could not connect to the database server.");
}
This part of the code can very easily be replaced with the simpler 'mysql_connect or die('reason');', which is what I did.
mysql_select_db("elite_members", $db);
if (!@mysql_select_db("elite_members"))
Having both of those lines of code is redundant. It selects the database twice, which is unnecessary.
{
echo("Could not connect to the database.");
}
Again this can be replaced with 'or die()'
if(!isset($uname) AND !isset($passwd)) {
I replaced the variables here with $POST['uname'] and $POST['passwd'] for security reasons. Because you don't specify that they are post variables, anybody could add '?uname=blah&passwd=blah' to the url, and your code would recognize it. You might not care, but it also is better in case register_globals is not on.
?>
<form method="post" action="<?php echo("$PHP_SELF")?>">
The PHP echo construct has a short syntax, which I prefer in cases like this. Instead of using '<?php echo $var;?>', you can use '<?=$var?>' for the same result. Also, I used $_SERVER['PHP_SELF'] instead of just $PHP_SELF for many of the same reasons above.
Password: <input type="text" name="passwd" class="input">
type="password" suits your needs much better here, I believe, as it will turn the password into *s
exit();
Now I believe this may have been the actual root of your problem. This exit is just sitting in the middle of nowhere, and your script will always stop working at this point.
session_register("uname");
session_register("passwd");
These are useless, because as I mentioned above, you never used session_start(). Either way, though, I don't believe you need them, because you don't call them later.
$login = mysql_query("SELECT * FROM users WHERE username = $uname AND password = md5('$passwd')");
To my knowledge, you cannot call functions within a string. It will interpolate the variables, but not functions themselves. So make sure you end the string before the md5() function, and just concatenate it with a '.'
$num = mysql_num_rows($login);
if ($num != 0) {
$valid_user = 1;
}
else {
$valid_user = 0;
}
Since the very next thing you do after this is check whether or not $valid_user is true, you might as well just combine it into one statement. Just check if $num does not equal 0, follow it with the code you want there, then use an else statement for if it does equal 0.
session_unset();
session_destroy();
Session was never started; no need to destroy it.
Well, I hope I helped you out a little bit. Obviously, I skipped bits & pieces of the code, but since I didn't comment on them, there was no need to include them. You might just want to refer to my code, and try figure out why I arranged it the way I did, etc. Again, hope I could be of some help.
