Hello, I am new to the forums, and I am trying to get my website up and running, but I keep having this reoccurring problem.
after I try and log in on my site, to test to see if the script is working, it tells me that the query was empty.
here is my script for the login page.
So if anyone could help me find out where the error is it would be greatly appreciated!
Thanks in advance,
Jacob W.
<?php
session_start();
include'./global.php';
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>JPiTech - Tech for the rest of us.</title>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="style.css" type="text/css" />
<style type="text/css">
.style1
{
text-align: center;
}
</style>
</head>
<body>
<div id="wrapper">
<div id="header">
<div id="logo">
</div>
<div id="updates">
<span><td colspan="3">Hello and welcome!</td></span>
</div>
<div id="login">
<div id="loginwelcome">
<?php
$errors = array();
if($SESSION['uid']){
$sql1000 = "SELECT * FROM blog WHERE id = '". $SESSION['uid'] . "'";
$res1000 = mysqul_query($sql1000) or die(mysql_error());
while($row1000 = mysql_fetch_assoc($res1000)) {
echo "<p>Welcome, <a href=\"profile.php?id=" . $row1000['id'] . "\"><b>" . $row1000['name'] . "</b></a> | <a href=\"logout.php\">Logout</a></p>\n";
}
}else {
echo "<p>Welcome, <b>Guest</b>! | <a href=\"reg.php\">Register</a> | <a href=\"login.php\">Login</a></p>\n";
}
?>
</div>
</div>
<ul id="navigation">
<li><a href="index.php">Home</a></li>
<li><a href="phpBB3/index.php">Community</a></li>
<li><a href="#">Services</a></li>
<li><a href="#">Blackboard</a></li>
<li><a href="#">Support</a></li>
</ul>
<div id="content">
<h2>JPiTech</h2>
<?php
$step = $_GET['step'];
if($_session['uid']) {
echo "You're already logged in!\n";
}else {
if(!$step) {
echo "<form action=\"login.php?step=2\" method=\"POST\"><table border=\"0\">\n";
echo "<tr><td>Username: </td><td><input type=\"text\" name=\"username\"></td></tr>\n";
echo "<tr><td>Password: </td><td><input type=\"password\" name=\"password\"></td></tr>\n";
echo "<tr><td colspan=\"2\" align=\"right\"><input type=\"submit\" value=\"Login\"></td></tr>\n";
echo "</table></form>\n";
}
}
$username = $POST['username'];
$password = $POST['password'];
$username = mysql_real_escape_string($username);
$username = stripslashes($username);
$password = mysql_real_escape_string($password);
$password = stripslashes($password);
if($step == "2") {
if(!$username) {
$errors[] = "You must supply a <b>Username</b>!\n";
}else {
if(!$password) {
$errors[] = "You must supply a <b>Password</b>!\n";
}else {
$sql = "SELECT FROM blog WHERE username = '$username'";
$res = mysql_query($sql) or die(mysql_error());
if(mysql_num_rows($res) > 0) {
$sql2 = "SELECT FROM blog WHERE username = '$username' && password = '$password'";
$res2 = mysql_query($res2) or die(mysql_error());
if(mysql_num_rows($res2) > 0) {
}else {
$errors[] = "The <b>Username</b> and <b>Password</b> do not match!\n";
}
}else {
$errors[] = "The <b>Username</b> you supplied does not exist!\n";
}
}
}
if(count($errors) > 0) {
echo "The Following Errors Have Occured!\n";
foreach($errors AS $error) {
echo $error . "<br>\n";
}
}else {
$sql3 = "SELECT id FROM blog WHERE username = '$username'";
$res3 = mysql_query($sql3) or die(mysql_error());
while($row = mysql_feth_assoc($res3)) {
$_SESSION['uid'] = $row['id'];
echo "You have successfully logged in!\n";
}
}
}
?>
<p>
</p>
</div>
<div id="footer">
<div id="copyright">© 2009 Jacob Paul Warren. This is not a registered institute, it's just part of the name.
</div>
</div>
</div>
</div>
</body>
</html>
