I have it setup so if someone tries to log in and inputs the wrong password you get the apporiate error back at the sign in page. The Same results will happen when a non existant username is input into the Username and pass. BUT! When I do input the correct username and pass it works just fine. Here is the code. Any thoughts?
session_start();
session_register('auth');
session_register('logname');
$uname = strtolower($_POST['uname']);
$passwd = md5(strtolower($_POST['passwd']));
//The Required Files to access the data base
include("../../includes/configs/config.cfg");
include("../../includes/configs/select_db.cfg");
$sql = "SELECT loginName FROM Members WHERE loginName='$uname'";
$results = mysql_query($sql) or die();
$num = mysql_numrows($results) or die();
if ($num == 1) // This means if the login was found.
{
$sql2 = "SELECT loginName FROM Members WHERE loginName='$uname' AND password = '$passwd'";
$results2 = mysql_query($sql2) or die ();
$num2 = mysql_numrows($results2) or die();
if ($num2 > 0) // This is true if the password is correct
{
$auth ="yes";
$logname = $uname;
header("Location: members_only.php");
}
else // This is if the Password is incorrect
{
$error_message = "The Password you entered for $uname is incorrect! Please try again.<br>";
include("sign_in.php");
}
}
elseif ($num == 0) // This is if the usename does not exist
{
$error_message ="The Username you have entered does exist! Please try again.<br>";
include("sign_in.php");
}
?>
I purposely put in a wrong password or username I get a blank page rather than the else statements where it go back to the sign in page with the addtional error code, I get a blank page.
http://69.13.156.225/
I will not give out the username and pass to demonstrate the problem I am having.
I have done a similar thing the User sign up page with no problem
http://69.13.156.225/includes/members/sign_up.php
