Hi, i have a field in a database called Password. It is based on 'password' that a query on the rest of the database is run. The query uses sesions. I attempt to login to thru a login page with my 'email' and 'password'.
This is the page which checks that the login details are correct and it creates the session
<?
session_start();
include 'db.php';
$email = $_POST['email'];
$password = $_POST['password'];
if((!$email) || (!$password)){
echo "Please enter ALL of the information! <br />";
include 'login_form.html';
exit();
}
$sql = mysql_query("SELECT * FROM test101 WHERE email='$email' AND password='$password' ");
$login_check = mysql_num_rows($sql);
if($login_check > 0){
while($row = mysql_fetch_array($sql)){
foreach( $row AS $key => $val ){
$$key = stripslashes( $val );
}
$_SESSION['password'] = $password;
$_SESSION['email'] = $email
header("Location: your_ticket.php");
}
} else {
echo "Error!<br />";
include 'login_form.html';
}
?>
The following is the page which the user is redirected to after a sucsessful login and it queries the db based on the session.
<?
session_start();
include 'db.php';
session_checker();
?>
<?php
$query = "SELECT password, name FROM test101 WHERE password = '{$_SESSION['password']}'";
$result = mysql_query($query) or die('Error : ' . mysql_error());
if(mysql_num_rows($result))
{
$row = mysql_fetch_assoc($result);
echo "Password: {$row['password']}, Name: {$row['name']}";
}
else
{
// handle no match found error here
}
if(isset($_POST['name']))
{
$password = $_POST['password'];
$name = $_POST['name'];
}
?>
Unfortunetly no error messages
