On my site I have a client login form, and Ive made the database, Ive made the login script, BUT it isnt working! Can someone tell me whats wrong or how to find out myself whats wrong? I xxxxxx'd out the password on purpose.

Here is my login script...

<?php

// Connects to your Database 
mysql_connect("localhost", "spaodesi_admin", "xxxxxxx") or die(mysql_error()); 
mysql_select_db("spaodesi_clients") or die(mysql_error()); 


//Checks if there is a login cookie

if(isset($_COOKIE['ID_my_site']))


//if there is, it logs you in and directes you to the members page
{ 
	$username = $_COOKIE['ID_my_site']; 
	$pass = $_COOKIE['Key_my_site'];

$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());

while($info = mysql_fetch_array( $check )) 	
	{

	if ($pass != $info['password']) 
		{

		}

	else
		{
		header("Location: client.php");

		}

	}

}


//if the login form is submitted

if (isset($_POST['submit'])) { // if form has been submitted


// makes sure they filled it in

if(!$_POST['username'] | !$_POST['pass']) {
	die('You did not fill in a required field.');
}

// checks it against the database

if (!get_magic_quotes_gpc()) {
	$_POST['email'] = addslashes($_POST['email']);
}

$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

//Gives error if user dosen't exist

$check2 = mysql_num_rows($check);
if ($check2 == 0) {
		die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>');
				}


while($info = mysql_fetch_array( $check )) 	
{

$_POST['pass'] = stripslashes($_POST['pass']);
	$info['password'] = stripslashes($info['password']);
	$_POST['pass'] = md5($_POST['pass']);

//gives error if the password is wrong

if ($_POST['pass'] != $info['password']) {
	die('Incorrect password, please try again.');
}

else
{
// if login is ok then we add a cookie 

$_POST['username'] = stripslashes($_POST['username']);


$hour = time() + 3600; 
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);	

//then redirect them to the members area
header("Location: client.php");
}

}

} else {	

// if they are not logged in
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml"> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> 
<title>Untitled Document</title> 
<style type="text/css"> 
<!-- 
#background { 
    position:absolute; 
    left:0px; 
    top:0px; 
    width:854px; 
    height:640px; 
    z-index:0; 
    background-image: url(images/background.jpg); 
} 
#clientform { 
    position:absolute; 
    left:691px; 
    top:534px; 
    width:117px; 
    height:95px; 
    z-index:2; 
} 
#navbg { 
    position:absolute; 
    left:607px; 
    top:199px; 
    width:228px; 
    height:440px; 
    z-index:1; 
    background-image: url(images/nav_bg.png); 
} 
#navigation { 
    position:absolute; 
    left:613px; 
    top:198px; 
    width:217px; 
    height:301px; 
    z-index:2; 
} 
body { 
    background-image: url(images/canvas.jpg); 
} 
#error {
	position:absolute;
	left:44px;
	top:163px;
	width:520px;
	height:20px;
	z-index:2;
}
#error {
	position:absolute;
	left:80px;
	top:176px;
	width:440px;
	height:20px;
	z-index:3;
}
--> 
</style> 
<script src="Scripts/AC_RunActiveContent.js" type="text/javascript"></script> 
<script type="text/JavaScript"> 
<!-- 
function MM_preloadImages() { //v3.0 
  var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array(); 
    var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++) 
    if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}} 
} 
//--> 
</script> 
</head> 

<body> 
<div id="background" onload="MM_preloadImages('login/images/background.jpg')"></div> 
<div id="clientform"> 
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> 
  <table width="120" border="0" cellspacing="8" cellpadding="0"> 
    <tr> 
      <td><label> 
        <input name="username" type="text" id="username" size="15" /> 
      </label></td> 
    </tr> 
    <tr> 
      <td><label> 
        <input name="password" type="password" id="password" size="15" /> 
      </label></td> 
    </tr> 
    <tr align=right> 
      <td><label> 
      <input type="submit" name="Submit" value="Login" /> 
      </label></td> 
    </tr> 
  </table> 
  </form>
</div>

<?php 
    if (isset($error_message)){ 
		 echo "<table width="440" border="0" cellpadding="0" cellspacing="0" id="error">"
		 echo "<td><tr>"
		 echo $error_message;
		 echo "</tr></td>"
		 echo "</table>"

 }
?>
</table>
</div>
<div id="navbg"></div> 
<div id="navigation"> 
  <script type="text/javascript"> 
AC_FL_RunContent( 'codebase','http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,19,0','width','217','height','301','src','flash/nav','quality','high','pluginspage','http://www.macromedia.com/go/getflashplayer','wmode','transparent','movie','flash/nav' ); //end AC code 
</script><noscript><object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,19,0" width="217" height="301"> 
    <param name="movie" value="flash/nav.swf" /> 
    <param name="quality" value="high" /> 
    <param name="wmode" value="transparent" /> 
    <embed src="flash/nav.swf" width="217" height="301" quality="high" pluginspage="http://www.macromedia.com/go/getflashplayer" type="application/x-shockwave-flash" wmode="transparent"></embed> 
  </object> 
</noscript></div> 
</body> 
</html> 
<?php
}
?>

    People don't appreciate it if you post the same problem in two places......it's not very helpful and can be confusing.

      .
      as I have told before http://phpbuilder.com/board/showthread.php?t=10325699

      // makes sure they filled it in

if(!$_POST['username'] | !$_POST['pass']) {
    die('You did not fill in a required field.');
} 


// I would use two: ||
 if(!$_POST['username']    ||    !$_POST['pass']) {
        die('You did not fill in a required field.');
    }

      you can also see this, in the script I modified for you http://phpbuilder.com/board/showthread.php?t=10325699
      ( why you dont want to use it - I have no idea :bemused: )
      if(empty($uname) || empty($passw)){
      $error_message = 'Please fill in all the fields.';
      }

      // debug setting, remove later
error_reporting(2047);

// if the login form is submitted
if (isset($_POST['submit'])){ // if form has been submitted
    $error_message = "";
    // makes sure they filled it in
    $uname = trim($_POST['username']);
    $passw = trim($_POST['pass']);
    //email = trim($_POST['email']);

if(empty($uname) || empty($passw)){
    $error_message = 'Please fill in all the fields.';
}

      also, as you see http://phpbuilder.com/board/showthread.php?t=10325699
      // debug setting, remove later
      error_reporting(2047);
      this is good when we try to figure out why things not work
      ( but I guess you are TOO clever to need to use DEBUG :bemused: )

      it is nice, when someone say thanks for a script I spent hours on, to try to make better
      http://phpbuilder.com/board/showthread.php?t=10325699

      but I would feel more honored,if my work was used, in some way

      /halojoy

        I tried yours but for some reason (I must be doing something wrong) it wouldn't except the username and password I was giving or display any of the errors

          Something like this might help:

          1) check to see if a cookie exists and if the value pairs are in the db: if so, redirect user and exit

          2) if the form has not been submitted, display the form

          3) if the form WAS submitted, make sure it was filled out entirely

          4) if it was filled out completely, check the submitted values against values in the db: if successful, set cookies and redirect user.

          
//  if there is a login cookie 
if( isset($_COOKIE['ID_my_site']) &&  isset($_COOKIE['Key_my_site'])) ) 
{ 
    $username = $_COOKIE['ID_my_site']; 
    $pass = $_COOKIE['Key_my_site']; 

// Connects to your Database 
mysql_connect("localhost", "spaodesi_admin", "xxxxxxx") or die(mysql_error()); 
mysql_select_db("spaodesi_clients") or die(mysql_error()); 

$query = "SELECT * 
               FROM users 
               WHERE username = '".mysql_real_escape_string($username)."'
               AND password = '".mysql_real_escape_string($pass)."'
               LIMIT 1";

$result = mysql_query($query) or die(mysql_error()); 

if(mysql_num_rows($result) == 1)
{
    header("Location: http://yourdomain.com/client.php"); 
    exit;
}
else {
    // delete cookies...
}
}


if (!isset($_POST['submit'])) 
{
        // display login form here
}

elseif(trim($_POST['username']) == '' || trim($_POST['pass']) == '') 
{ 
        die('You did not fill in a required field.');
}

else {

// Connects to your Database 
mysql_connect("localhost", "spaodesi_admin", "xxxxxxx") or die(mysql_error()); 
mysql_select_db("spaodesi_clients") or die(mysql_error()); 


$query=  "SELECT * 
                FROM users 
                WHERE username = '".mysql_real_escape_string($_POST['username'])."'
            AND password = '".mysql_real_escape_string($_POST['pass'])."'
            LIMIT 1";

$result = mysql_query($query) or die(mysql_error()); 

if(mysql_num_rows($result) == 0)
{
    die('invalid login');
}

else {
    $hour = time() + 3600; 
    setcookie('ID_my_site', $_POST['username'], $hour); 
    setcookie('Key_my_site', $_POST['pass'], $hour);     
    //then redirect them to the members area 
    header("Location: client.php"); 
    exit;
}
}

            Look at this code and my remarks

            <?php
//The below will never work because you have never created an $error_message nor set it anywhere
    if (isset($error_message)){//where is the $error_message getting set (I dont see it)
         echo "<table width="440" border="0" cellpadding="0" cellspacing="0" id="error">"
         echo "<td><tr>"
         echo $error_message;
         echo "</tr></td>"
         echo "</table>"

 }
?>

            Also the only error that will show in your code are when you kill the script is a password or cookie doesn't match, plus what is this code supposed to do? I added a comment where you had ... nothing

            while($info = mysql_fetch_array( $check ))     
            
        {
        if ($pass != $info['password'])
            {
//what is supposed to be in this block there is nothing tere except my comment?       
            
            }
        else
            {
            header("Location: client.php");
            }
        }

              I rewrote that part in my posted version
              in the other TOPIC http://phpbuilder.com/board/showpost.php?p=10736715&postcount=7

              while($info = mysql_fetch_array( $check ))     
              
        {
        if ($pass != $info['password'])
            {
//what is supposed to be in this block there is nothing tere except my comment?       
              
            }
        else
            {
            header("Location: client.php");
            }
        }

              in the other topic: http://phpbuilder.com/board/showpost.php?p=10736715&postcount=7

              <?php
// Connects to your Database
mysql_connect("localhost", "spaodesi_admin", "greybeau") or die(mysql_error());
mysql_select_db("spaodesi_clients") or die(mysql_error());

// Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site'])){ // if there is, it logs you in and directes you to the members page
    $username = $_COOKIE['ID_my_site'];
    $pass = $_COOKIE['Key_my_site'];
    $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
    while($info = mysql_fetch_array($check)){
        if ($pass == $info['password']){
            header("Location: client.php");
            exit;
        }
    }
}

// debug setting, remove later
error_reporting(2047);
// if the login form is submitted
if (isset($_POST['submit'])){ // if form has been submitted

                thankyou very much for all the help, sorry if I appear to be jerky in anyway, Im just very inexperienced with PHP and its kinda making me go crazy, haha.

                  This is what Halojoy gave me...did I make any errors?

                  <?php 
// Connects to your Database 
mysql_connect("localhost", "spaodesi_admin", "greybeau") or die(mysql_error()); 
mysql_select_db("spaodesi_clients") or die(mysql_error()); 
// Checks if there is a login cookie 
if(isset($_COOKIE['ID_my_site'])){ // if there is, it logs you in and directes you to the members page 
    $username = $_COOKIE['ID_my_site']; 
    $pass = $_COOKIE['Key_my_site']; 
    $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); 
    while($info = mysql_fetch_array($check)){ 
        if ($pass == $info['password']){ 
            header("Location: client.php"); 
            exit; 
        } 
    } 
} 

// debug setting, remove later 
error_reporting(2047); 

$error_message = ""; // will display if submitted data was not correct 
// makes sure they filled it in 
$uname = trim($_POST['username']); // put POST into some variables 
$passw = trim($_POST['pass']);         // trim eventual spaces 
//$email = trim($_POST['email']);// disabled as form has no email submit 



// if the login form is submitted 
if (isset($_POST['submit'])){ // if form has been submitted 
    $error_message = ""; 
    // makes sure they filled it in 
    $uname = trim($_POST['username']); 
    $passw = trim($_POST['pass']); 
    //email = trim($_POST['email']); 
    if(empty($uname) || empty($passw)){ 
        $error_message = 'Please fill in all the fields.'; 
    }else{ 
        // checks it against the database 
        //if (!get_magic_quotes_gpc()){ 
        //    $email = addslashes($email); 
        //} 
        $check = mysql_query("SELECT * FROM users WHERE username = '" . $uname . "'")or die(mysql_error()); 
        // Gives error if user dosen't exist 
        $check2 = mysql_num_rows($check); 
        if ($check2 == 0){ 
            $error_message = 'That user does not exist in our database.'; 
        }else{ 
            while($info = mysql_fetch_array($check)){ 
                $passw = stripslashes($passw); 
                $info['password'] = stripslashes($info['password']); 
                $passw = md5($passw); 
                // gives error if the password is wrong 
                if ($passw != $info['password']){ 
                    $error_message = 'Incorrect password, please try again.'; 
                }else{ 
                    // if login is ok then we add a cookie 
                    $uname = stripslashes($uname); 
                    $hour = time() + 3600; 
                    setcookie(ID_my_site, $uname, $hour); 
                    setcookie(Key_my_site, $passw, $hour); 
                    // then redirect them to the members area 
                    header("Location: members.php"); 
                    exit; 
                } 
            } 
        } 
    } 
}else{ 
    // if they are not logged in 
    ?> 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml"> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> 
<title>Untitled Document</title> 
<style type="text/css"> 
<!-- 
#background { 
    position:absolute; 
    left:0px; 
    top:0px; 
    width:854px; 
    height:640px; 
    z-index:0; 
    background-image: url(images/background.jpg); 
} 
#clientform { 
    position:absolute; 
    left:691px; 
    top:534px; 
    width:117px; 
    height:95px; 
    z-index:2; 
} 
#navbg { 
    position:absolute; 
    left:607px; 
    top:199px; 
    width:228px; 
    height:440px; 
    z-index:1; 
    background-image: url(images/nav_bg.png); 
} 
#navigation { 
    position:absolute; 
    left:613px; 
    top:198px; 
    width:217px; 
    height:301px; 
    z-index:3; 
} 
body { 
    background-image: url(images/canvas.jpg); 
} 
--> 
</style> 
<script src="Scripts/AC_RunActiveContent.js" type="text/javascript"></script> 
<script type="text/JavaScript"> 
<!-- 
function MM_preloadImages() { //v3.0 
  var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array(); 
    var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++) 
    if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}} 
} 
//--> 
</script> 
</head> 

<body> 
<div id="background" onload="MM_preloadImages('login/images/background.jpg')"></div> 
<div id="clientform"> 
  <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> 
  <table width="120" border="0" cellspacing="8" cellpadding="0"> 
    <tr> 
      <td><label> 
        <input name="username" type="text" id="username" size="15" /> 
      </label></td> 
    </tr> 
    <tr> 
      <td><label> 
        <input name="pass" type="password" id="pass" size="15" /> 
      </label></td> 
    </tr> 
    <tr align=right> 
      <td><label> 
      <input type="submit" name="Submit" value="Login" /> 
      </label></td> 
    </tr> 
  </table> 
  </form> 
<?php 
    if (isset($error_message)){ 
        echo '<span style="color:red">'; 
        echo $error_message; 
        echo '</span>'; 
    } 
?> 
</div> 
<div id="navbg"></div> 
<div id="navigation"> 
  <script type="text/javascript"> 
AC_FL_RunContent( 'codebase','http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,19,0','width','217','height','301','src','flash/home nav','quality','high','pluginspage','http://www.macromedia.com/go/getflashplayer','wmode','transparent','movie','flash/home nav' ); //end AC code 
</script><noscript><object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,19,0" width="217" height="301"> 
    <param name="movie" value="flash/home nav.swf" /> 
    <param name="quality" value="high" /> 
    <param name="wmode" value="transparent" /> 
    <embed src="flash/home nav.swf" width="217" height="301" quality="high" pluginspage="http://www.macromedia.com/go/getflashplayer" type="application/x-shockwave-flash" wmode="transparent"></embed> 
  </object> 
</noscript></div> 
</body> 
</html> 
<?php 
} 

?>
                    Write a Reply...