Hi
I am trying to create a login page for my admin area, I have done the following,
create a login page called loginpage.php
<html>
<head>
<title>login page</title>
</head>
<body>
<form method="POST" action="loginproc.php">
<p>username: <input type="text" name="username" size="20"></p>
<p>password: <input type="text" name="password" size="20"></p>
<p><input type="submit" value="submit" name="B1"><input type="reset" value="Reset" name="B2"></p>
</form>
</body>
</html>
I have then created the page loginproc.php
<?
session_start();
$server = "localhost";
$username = "USERNAME";
$password = "MYPass";
$db_name = "DBNAME";
$db = mysql_connect($server,$username,$password) or DIE("Connection to database failed, perhaps the service is down !!");
mysql_select_db($db_name) or DIE("Database name not available !!");
$login = mysql_query("select * from tbuser where (username = '" . $_POST['username'] . "‘) and (password = ‘" . md5($_POST['password']) . "‘)",$db);
$rowcount = mysql_num_rows($login);
if ($rowcount == 1) {
$_SESSION['username'] = $_POST['username'];
header("Location: securedpage.php");
}
else
{
header("Location: loginpage.php");
}
?>
Then I have created the secure page
<?
session_start();
if (!isset($_SESSION['username'])) {
header("Location: loginpage.php");
}
?>
<html>
<head>
<title>secured page</title>
</head>
<body>
<p>secured page with session <? echo $_SESSION['username']; ?></p>
<p><a href="logoutpage.php">logout</a></p>
</body>
</html>
The problem I am having seems to be with line 9? on the loginproc.php page. When I fill in the user name and password and click submit it tries to go to loginproc.php but keeps refreshing loginpage.php with a blank form. Can anyone see anything obviously wrong with the code.
P.S. I have created a table in my database tbuser and added 2 fields username and password....
Any help would be great.
Steve
