direction problem!

influx

Hey all, I have a bit of code that I would like to show you, that yields odd results, I'll ask my question after this:

<?php 
require 'db.php'; //database connect script...includes session_start() and $logged_in

if(!$logged_in) {
?>                        </p>
                      <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">

<input type="text" name="uname" maxlength="40"><br>
<input type="password" name="passwd" maxlength="50><br>
<input type="submit" name="submit" value="Log in!">

</form>
<?php
}
if (isset($_POST['submit'])) { // if form has been submitted


/* check they filled in what they were supposed to and authenticate */
if(!$_POST['uname'] | !$_POST['passwd']) {
    die('You did not fill in a required field.');
}

// authenticate.

if (!get_magic_quotes_gpc()) {
    $_POST['uname'] = addslashes($_POST['uname']);
}

$check = $db_object->query("SELECT username, password FROM users WHERE username = '".$_POST['uname']."'");

if (DB::isError($check)) {
    die('That username does not exist in our database.');
}

$info = $check->fetchRow();

// check passwords match

$_POST['passwd'] = stripslashes($_POST['passwd']);
$info['password'] = stripslashes($info['password']);
$_POST['passwd'] = md5($_POST['passwd']);

if ($_POST['passwd'] != $info['password']) {
    die('Incorrect password, please try again.');
}

// if we get here username and password are correct, 
//register session variables and set last login time.

$date = date('m d, Y');

$update_login = $db_object->query("UPDATE users SET last_login = '$date' WHERE username = '".$_POST['uname']."'");
$_POST['uname'] = stripslashes($_POST['uname']);
$_SESSION['username'] = $_POST['uname'];
$_SESSION['password'] = $_POST['passwd'];

header("Location: [url]http://www.example.com/login_success.php[/url]");
} ?>

With this, when I am not logged in, it shows the text fields perfectly. When I log in with the right username and password, it takes me back to the same exact page with the textfields...and if I type in the wrong information, it will execute the correct if statement (i.e. it will echo "Your password is incorrect")...

Anybody know what's wrong?

THANKS! -INFLUX

tomwerner

I think this may be the problem:

if(!$logged_in) {

I can't see anywhere this variable being set so that is always going to evaluate to true. You need to set it along with the other variables near the bottom, I am also guessing that you need to change $logged_in to $_SESSION["logged_in"], I may be wrong because I don't know how the whole of your site works.