Hi guys I am trying to setup an authorization system where users enter their username and password into a form that saves to an SQL DB,and then in another form they can log into the system based on their details matching up to their details previously entered.
<form method="post" action="insert.php">
Full Name: (Example: Michael R Maguire) <br />
<input type="text" name="user_name" size="50" maxlength="50"/> (50 Characters Max)
<br />
<br />
User Name: <br />
<input type="text" name="sha_pw" size="20" maxlength="20"/> (20 Characters Max)
<br />
<br />
<input type="submit" value="Create User" />
</form>
<?php
$user_name = $_POST['user_name'];
$sha_pw = $_POST['sha_pw'];
$dbname = "heskdb";
$conn = mysql_connect ("localhost","root","password") or
die ('cannot connect to database error: '.mysql_error());
mysql_select_db ($dbname);
if(empty($user_name) || empty($sha_pw)) {
echo "<h2>Please fill in all fields</h2>\n";
echo "Please use the back button in your browsers and fill in all required fields.\n";
die ();
}
$sql="insert into teamtutorials_test (`User_ID` , `user_name` , `sha_pw`) values ('NULL','$user_name','($sha_pw)')";
mysql_query($sql) or die (mysql_error()." $sql");
echo "user_Name: $user_name";
echo "Password: .($sha_pw)";
?>
<form method="post" action="session.php">
Full Name: (Example: Michael R Maguire) <br />
<input type="text" name="user_name" size="50" maxlength="50"/> (50 Characters Max)
<br />
<br />
User Name: <br />
<input type="text" name="password" size="20" maxlength="20"/>
<br />
<br />
<input type="submit" value="Create User" />
</form>
<?php
session_start();
if (isset($_POST['user_name']) && isset($_POST['password']))
{
$user_name = $_POST['user_name'];
$password = $_POST['password'];
$dbname = "heskdb";
$conn = mysql_connect ("localhost","root","password") or
die ('cannot connect to database error: '.mysql_error());
mysql_select_db ($dbname);
$sql = mysql_query("select * from teamtutorials_test
where user_name = '$user_name' and sha_pw = ('$password')") or die(mysql_error());
$results = mysql_result($sql, 0);
if ($results == 0){
header( 'Location:http://www.yahoo.com');
}
else
{
$_SESSION['valid_user'] = $user_name;
header( 'Location:http://www.google.ie');
}
}
?>
I am able to enter in the details to an SQL DB but whwn I try to login using those details it brings to me to yahoo(meaning I`m unathorized??)
Anybody with any ideas would be much appreciated!!
