hi, I need help on this particular code, its the login script for my site, I'm fairly new to php, any help I can get off a fellow coder would be appreicated
Problem: I can stick my ID in the login form and stick in a INCORRECT password and it still logs me in, the site isnt finished yet which is a releaf, no visitors to gain admin access if I had not of spotted this bug
this is the code im looking at, cant find the problem. below is the whole page's php script
// Check the password
$query = "SELECT password FROM users WHERE username='$username'";
$result = mysql_query($query) or die(mysql_error());
// Encrypt the password and compare them
$password = md5($password);
if (!$result == $password) {
echo 'You have entered an incorrect password!<br>';
include '_includes/login.html';
die();
}
the whole login.php script
<?php
// Start the session
session_start();
// Connect to the database
include '_includes/dbvars.php';
// convert variables to a simpler format
$submit = $_POST['submit'];
$username = $_POST['username'];
$password = $_POST['password'];
// Check if user is already logged in
if ($_SESSION['username']) {
// They're logged in so say hi
echo 'Welcome. '.$_SESSION['username'].'<br>';
echo '<a href="logout.php?confirm=false" alt="Logout" target="_parent">Logout</a>';
} else {
// See if submit has been pressed
if ($submit) {
// Check for null strings
if ((!$username) || (!password)) {
echo 'You didn\'t enter the following information - <br>';
if (!$username) {
echo 'You didn\'t enter a username!<br>';
}
if (!password) {
echo 'You didn\'t enter a password!<br>';
}
include '_includes/login.php';
die();
}
// Search the table for the username
$query = "SELECT username FROM users WHERE username='$username'";
$result = mysql_query($query) or die(mysql_error());
$result = mysql_num_rows($result);
if (!$result > 0) {
echo 'That username does\'t exist!<br>';
include '_includes/login.html';
die();
}
// Check the password
$query = "SELECT password FROM users WHERE username='$username'";
$result = mysql_query($query) or die(mysql_error());
// Encrypt the password and compare them
$password = md5($password);
if (!$result == $password) {
echo 'You have entered an incorrect password!<br>';
include '_includes/login.html';
die();
}
// If its got this far then it has passed the checks
//
// Enter the last logged IP and date/time into the table
$query = "UPDATE users SET ipaddress='$_SERVER[REMOTE_ADDR]', `lastvisited` = UNIX_TIMESTAMP() WHERE username='$username'";
$result = mysql_query($query) or die(mysql_error());
// Get some info from the table
$query = "SELECT email FROM users WHERE username='$username'";
$result = mysql_query($query) or die(mysql_error());
$email = $result;
$query = "SELECT rank FROM users WHERE username='$username'";
$result = mysql_query($query) or die(mysql_error());
$rank = $result;
// Register all the session variable
session_register('username');
$_SESSION['username'] = $username;
session_register('email');
$_SESSION['email'] = $email;
session_register('rank');
$_SESSION['rank'] = $rank;
// Display confirmation message
echo 'You have successfully logged in. You are being redirected to the index. Please Wait!';
} else {
// If submit hasn't been pressed then display login form
include '_includes/login.html';
}
}
?>
<META HTTP-EQUIV="refresh" content="1;URL=index.php?Xplosive=news">
any help would be appreicated
