Hi there
I have used a mysql login program as found in the artickes area of this site, however i have modified it a bit.
Whenever a user loggs it seems to be totally random whether they get logged in or not, whether the password is correct or not. I am getting really confused🙁
What could be wrong?
Ive included the 2 main files to he belpful🙂
any help would be great
Jonathan
===============user.php(the main code)====
function user_login($username,$password) {
global $feedback;
if (!$username || !$password) {
$feedback .= ' ERROR - You do not have the correct access privilages to enter this area. Please try again. If you feel you have recieved this message in error, please contact *** (d@**.com) or another of the website administrators to resolve this error. ';
return false;
} else {
$username=strtolower($username);
$password=strtolower($password);
$sql="SELECT * FROM user WHERE username='$username' AND password='". md5($password) ."' AND usergroupid='5' or '6' or '7' or '8'";
$result=db_query($sql);
if (!$result || db_numrows($result) < 1){
$feedback .= ' ERROR - User not found or password incorrect ';
return false;
} else {
if (db_result($result,0,'is_confirmed') == '1') {
user_set_tokens($username);
$feedback .= ' SUCCESS - You Are Now Logged In ';
return true;
} else {
$feedback .= ' ERROR - You haven\'t Confirmed Your Account Yet ';
return false;
}
}
}
}
====================login.php======
<?php
include($DOCUMENT_ROOT.'/include/database.php');
include($DOCUMENT_ROOT.'/include/pre.php');
include($DOCUMENT_ROOT.'/include/user.php');
if (user_isloggedin()) {
user_logout();
$user_name='';
}
if ($submit) {
user_login($user_name,$password);
}
if ($feedback == " SUCCESS - You Are Now Logged In ") {
include("http://www.*******.net/~members/main1.html");
} elseif ($feedback) {
echo '<H2>'.$feedback.'</H2>';
} else {
echo '<H3>Login To **</H3>
<P>
Enter your user name and password and we\'ll set a cookie so we know you\'re logged in.
<P>
<FORM ACTION="'. $PHP_SELF .'" METHOD="POST">
User Name:<BR>
<INPUT TYPE="TEXT" NAME="username" VALUE="" SIZE="10" MAXLENGTH="15">
<P>
Password:<BR>
<INPUT TYPE="password" NAME="password" VALUE="" SIZE="10" MAXLENGTH="15">
<P>
<INPUT TYPE="SUBMIT" NAME="submit" VALUE="Login To PGAC!">
</FORM>
<P>
<A HREF="login.php">[ Login to ! ]</A>
<P>
<A HREF="http://www.*****.net/forums/register.php">[ Register A New Account ]</A>
<P>
<A HREF="changepass.php">[ Change Your Password ]</A>
<P>
<A HREF="lostpass.php">[ Lost Password? Click Here! ]</A>';
}
?>
