Logging in problem

lanceox

Hi guys,

I got a little bit of an issue. I have a register page, which works fine and submits to itsself, however i also have a login page which currently has no errors but allow logging in.

If some1 can see why that will be great, as this is causing so many issues. This is the last step i cant get past.

Here is the code


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
	<title>Forensics E-learning Package</title>
    <script type="text/javascript" src="start.js"></script>

<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<div id="wrapper">
<div id="header">
	<div id="toplinks">


</div>
  </div>
<div id="menu">
		<ul>
			<li><a class="selected" href="index.html">Home</a></li>
			<li><a href="index.php">Initial Quiz</a></li>
			<li><a href="about.php">About</a></li>
            <li><a href="member.php">Member Section</a></li>


	</ul>
  </div>
	<div id="content">
		<div id="main">

<h1>Forensics E-Learning Package</h1><BR /></head>
        Login to the User Profiled E-Learning Course which is specifically aimed to raise awareness in computer forensics.  
<?php
$submit =&$_POST['submit'];


if(isset($submit))
{
	if($username && sha1($password))
	{
		$username =&$_POST['username'];
		$password =&$_POST['password'];

	$_SESSION['$username'] = $username;
	$_SESSION['$password'] = sha1($password);

	$connect = mysql_connect("localhost","root", "") or die ("Couldn't Connect!");
	mysql_select_db("userlogin", $connect) or die("Couldn't find db");

	//$con = mysql_connect('userscores.db.7767668.hostedresource.com','userscores','L3tt3r09');
	//mysql_select_db('userscores', $con);

	$query = mysql_query("SELECT * FROM users WHERE username=' $username'");
	$numrows = mysql_num_rows($query);

	if ($numrows!=0)
	{
		//code to login
		while ($row = mysql_fetch_assoc($query))
		{
			$dbusername = $row['username'];
			$dbpassword = $row['password'];
			$dbscore = $row['score'];
			$dbdclty = $row['dclty'];
			$dbid = $row['id'];
			$dbnewdclty = $row['newdclty'];
		}

		$_SESSION['id'] = $dbid;
		$_SESSION['PreviousScore'] = $dbscore;
		$_SESSION['dclty'] = $dbdclty;
		$_SESSION['newdclty'] = $dbnewdclty;



		if ($username==$dbusername&&sha1($password)==$dbpassword)
		{
			$username==$dbusername;	
		}
		else
		{
			echo ("Incorrect Password!");
		}
	}
	else
	{
		echo("That user doesn't exist!");

	}


}
else
{
	echo("Please enter a username and password!");
}

echo ("You Successfully Logged In!");
}
else
{
	?><BR /><BR /><?php
	echo("Please Log In!");

}
if ($submit)
echo "Logged In Successfully!";
?>

<BR /><BR />

<form action='index.php' method='POST'>
    Username:
      <input type='text' name='username'><BR />
    Password: 
     <input type='password' name='password'><BR />
    <input type='submit' value='Log In'>
</form> <p><BR /><BR />
<a class="button" href='register.php'><span><button class="button" id="save">Register</button></span></a>

	</div>
	<div id="right">
	<h2>Right Menu</h2>
	<div class="rightitem">
		<ul>
		<li><a class="selected" href="index.html">Home</a></li>
		<li><a href="index.php">Initial Quiz</a></li>
		<li><a href="about.php">About</a></li>
        <li><a href="member.php">Members Area</a></li>
        <li><a href="contact.php">Leave Feedback</a></li>
		</ul>
	</div>
	</div>
  </div>
	<div class="clearbottom"></div>
	<div id="footer"></div></div>
</body>
</html>

Thanks for any help 🙂

Lance

Undrium

Do you mean that it allows logging in even though that the password and username is incorrect?