I have a script that asks the user to enter in the login name and password, along with some other information. If their password is incorrect, the form displays an error message and the form itself to the user again for them to enter their password.
If the password is correct, it should take all the information entered by the user and forward it to another page. This is not happening. Here is the section of code at fault:
if ($submit) {
//Pull user name from POST vars
$post_username = $_POST['username'];
//Get password for user name used on form
$pass_query = "SELECT password FROM user WHERE username = '$post_username'";
$login_result = mysql_query($pass_query);
$login_value = mysql_fetch_array($login_result);
//Check that password is the same as in database
if ($login_value['password'] != md5($_POST['password'])) {
//Setup error message if passwords not the same
$error_msg = "<blockquote><p><strong><font color=\"red\">Error: The password you have entered is incorrect. Please re-enter your password.</font></strong></p></blockquote><br><br>";
display_page($error_msg,$_POST,$row_value);
} else {
//If correct, Send form data to next page
?>
<form name="frmMain" method="post" action="tapnrenew2.php">
<input type="hidden" name="username" value="<?=$_POST['username']; ?>">
<input type="hidden" name="password" value="<?=$_POST['password']; ?>">
<input type="hidden" name="firstname" value="<?=$_POST['field6']; ?>">
<input type="hidden" name="lastname" value="<?=$_POST['field7']; ?>">
<input type="hidden" name="comment1" value="<?=$_POST['field3']; ?>">
<input type="hidden" name="comment2" value="<?=$_POST['field4']; ?>">
<input type="hidden" name="phone" value="<?=$_POST['phone']; ?>">
</form>
<script language="javascript">
<!--
function submitForm() {
document.frmMain.submit();
}
// -->
</script>
<?
}
} else {
//Display data entry form
display_page($error_msg,$_POST,$row_value);
}
Does anyone have any ideas why this is not working?
Thanks!
