Hello, I am trying to work on a login form where you login using a username and password. Since I am just testing it, I personally imputed the username and password (encrypted in SHA256), with PHPMyAdmin. Then I made the following script. (The database connect info and others are not included) $usr = mysql_real_escape_string($_POST['username']); $pas = hash('sha256', mysql_real_escape_string($_POST['password'])); $sql = mysql_query("SELECT * FROM users WHERE username='$usr' AND password='$pas' LIMIT 1"); if(mysql_num_rows($sql) == 1){ $row = mysql_fetch_array($sql); session_start(); $_SESSION['username'] = $row['username']; $_SESSION['password'] = $row['password']; $_SESSION['logged'] = TRUE; header("login/users_page.php"); // Modify to go to the page you would like exit; }else{ header("login/index.php"); exit; } }else{ //If the form button wasn't submitted go to the index page, or login page header("login/index.php"); exit; } PHP: Before, I used to get an error message that says it didn't like it because it was a boolean and it wants a resource or something. But now, the brower just goes to verify.php (the php file written above), and doesn't do anything. Any help would be appreciated. Thanks, Andrew R.
First, learn about mysqli or PDO and you will want this for going to a page header('location: page.php'); PHP: Michael
As well as Michael's comments, you could look at some PHP User authentication Classes. There are a few decent ones around.
As stated above, a big security warning: you really shouldn't directly use the mysql functions in PHP. Pressing on using well known PDO or MySQLi couldn't be done enough. On whatever level you think you are securing your MySQL actions, you are most likely better off using a well-known PHP library. Having said that, you might be just trying this out for educational purposes and not using this in a real life scenario. Like Michael said, your headers are faulty and have to address the name of your header, in this situation "Location". So your header should become "Location: page.php".
Thank you all very much. I used this script from someone's article they posted where they used this script as an example. It already had the location tags but I thought that was just to show you where to put the location names. Anyway, when I put the login page for real, I will use the PDO and MySQLi and a PHP library scripts. Thank you all very much for the help.