I don't get it, the code below is a login page. Even if I have the right user/pass, it still won't log me in. Why? I see nothing wrong with this code.
<?php
ini_set('session.cookie_lifetime', 604800);
ini_set('session.gc_maxlifetime', 604800);
session_start();
header("Cache-control: private");
include('required/config.php');
include('required/language.php');
//Check and see if session exists
if($_SESSION['loggedin'] == true && isset($_SESSION['userid']))
{
//Attempt to login user
$sql = "SELECT * FROM users WHERE userid = '" . $_SESSION['userid'] . "'";
$query = mysql_query($sql) or die("Error: ". mysql_error());
$row = mysql_fetch_array($query);
//If database finds a match
if (mysql_num_rows($query) > 0)
{
$status = $row['status'];
//If user hasn't been activated, turn 'em away!
if($status == 1)
{
echo $login['not_activated'];
exit();
}
//If they have been activated, welcome them with open webpages!
else
{
//Create variables with data
$type = $row['type'];
$first_name = $row['first_name'];
//Create session variables
$_SESSION['type'] = $type;
$_SESSION['first_name'] = $first_name;
header('Location: ' . $full_domain . 'index.php');
exit();
}
}
}
elseif ($_POST['submit']=='Login')
{
$username = $_POST['username'];
$password = $_POST['password'];
$MD5 = md5($password);
//If the username or password isn't set...
if(!$username || !$password)
{
echo $loginMISSING;
include('required/login_form.php');
}
else
{
//Attempt to login...
$sql = "SELECT username, password FROM users WHERE username = '$username' AND password = '$MD5'";
$query = mysql_query($sql) or die("Error: ". mysql_error());
$row = mysql_fetch_array($query);
//If database finds a match...
if (mysql_num_rows($query) > 0)
{
$status = $row['status'];
//If user hasn't been activated, turn 'em away!
if($status == 1)
{
echo $login['not_activated'];
exit();
}
//If they have been activated, welcome them with open webpages!
else
{
//Create variables with data
$userid = $row['userid'];
$type = $row['type'];
$first_name = $row['first_name'];
//If they want the website to remember their login information, create cookies...
if($remember)
{
$_SESSION['loggedin'] = true;
}
//Create session variables
$_SESSION['userid'] = $userid;
$_SESSION['type'] = $type;
$_SESSION['first_name'] = $first_name;
//Send the user to the index.php page
header('Location: ' . $full_domain . 'index.php');
exit();
}
}
//If the database couldn't find a match...
else
{
echo $login['denied'];
include('required/login_form.php');
exit();
}
}
}
//Check and see if the user is ALREADY logged in
elseif(isset($_SESSION['userid']) && isset($_SESSION['type']) && isset($_SESSION['first_name']))
{
header('Location: index.php');
}
else
{
echo $login['first'];
include('required/login_form.php');
}
?>
And this is the form (login_form.php):
<form action="<?php $PHP_SELF; ?>" method="post" name="login_form">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr align="left" valign="top">
<td>Username:</td>
<td><input name="username" type="text" value="<?php echo $username; ?>" size="20"></td>
</tr>
<tr align="left" valign="top">
<td>Password:</td>
<td><input name="password" type="password" size="20"></td>
</tr>
<tr align="left" valign="top">
<td>Remember Info?</td>
<td><input name="remember" type="checkbox" value="remember"></td>
</tr>
<tr align="left" valign="top">
<td colspan="2"><input name="submit" type="submit" value="Login"></td>
</tr>
</table>
</form>
Does anyone see ANYTHING wrong???
