Don't quite know what i'm doing wrong...

Ok.. what I am trying to do is have my customer put in a username and password, then

if username = 0 rows in "users" database
echo Invalid user

if username=1 row in "users" database
make sure password matches

if password matches
start session valid_user and reload page

if password doesn't match
echo invalid password

otherwise
echo there is more than one user with that username. Call us to fix the problem.

I am using the include command on other pages to load this page, so when it starts the session and reloads the page it should reload the page that I am trying to use.

login.php:

<?php

if ($_POST)
{
include ('db_con.php');
include ('make_safe.php');
    $username = make_safe($_POST["username"]);
    $password = make_safe($_POST["password"]);
    $query = "SELECT * FROM users WHERE Username='$username'";
    $result = mysql_query($query);
    $num_rows = mysql_num_rows($result);
        if ($num_rows = '0')
        {
            echo "Incorrect username.";
            exit;
        }

        if ($num_rows = 1)
        {
        
        $u_and_p = "SELECT * FROM users WHERE Username='" . $username . "' && Password='" . $password . "'";
        $result = mysql_query($u_and_p);
            if ($row = mysql_fetch_array($result))
            {
                session_start();
                $_SESSION["valid_user"] = $valid_user;
                $_SESSION["valid_time"] = time();
                    header("location: " . $_SERVER['PHP_SELF']);
                    exit;
            }
            
            

        }
        
        else
        {
            echo "There is more than one user with that username.  Please call us immediately to resolve the issue.";
        }

}

else
{
?>


<html>
<title>MCS</title>

<?php include ('index.php'); ?>
<center>
    <form action="" method="post">
        <label>Username:</label><input type="text" size="20" maxlength="20" name="username"
    <?php if (isset($_POST['username'])) { ?> value="<?php echo $_POST['username']; ?>" <?php } ?>/><br />
        <label>Password:</label><input type="password" size="20" maxlength="10" name="password" /><p />
        <input type="submit" name="login" value="Login" class="right" />
    </form>
    </center>
<?php
}
?>

</div>
</body>
</html>

PHP:

here is the code that i have on the page i am trying to secure with a password...

<?php
if (isset($_SESSION['valid_user']))
//function (drop_down_box)
{
include ('index.php');
?>

<title> Customer Search </title>

<center>
<?php
echo "<form name='jump' method='GET'>";
echo "<select name='menu' onChange='location=document.jump.menu.options[document.jump.menu.selectedIndex].value;' value='GO'>";
echo "<option selected value='searchby.php'>Search By</option>";
echo "<option value='s_cust_no.php'>Customer Number</option>";
echo "<option value='s_shop_name.php'>Company Name</option>";
echo "<option value='s_type.php'>Type (P/F)</option>";
echo "<option value='s_city.php'>City</option>";
echo "<option value='s_state.php'>State</option>";
echo "<option value='s_zip.php'>Zip</option>";
echo "<option value='s_phone_num.php'>Phone Number</option>";
echo "<option value='s_contract.php'>Contract</option>";
echo "<option value='s_sup_amt.php'>Support Amount</option>";
echo "<option value='s_after_hours.php'>After Hours</option>";
echo "<option value='s_os.php'>Operating System</option>";
echo "</select>";
echo "</form>";
echo "</center>";
}
else
include ('login.php');

?> 

PHP:

 

Use two equal signs to compare.

 

Don't you just hate when you do that? I did that once and was banging my head on the keyboard trying to figure out what I was doing wrong once, and I was like DAMN, when I found out I did a = instead of == ! haha

I would write as such.

if(0 == mysql_num_rows($result))
{
}
else { }

PHP:

Put the constant in front not the varible. That way if you ever forget to do the double == then it will error out on you.

 

Please go through all your if statement parentesis again but this time with your thinking cap on. People next door shuold here when you bang your held on your pc after finding your mistake

I meant to be funny

 

I do hate it when i do stuff like that .. and now it is going to the correct part of the code depending on the login info, but there is something wrong with the session_start() or something because it isn't carrying the info over to the searchby page... any ideas? It is setting the valid_user, because i can do an echo of it on the loginbox page, without the redirect and it shows the user.

 

Thanks for the info exodus... i'll do that the next time :-D

 

#1: You did not start_session(); in the page your trying to load.
#2: $_SESSION["valid_user"] = $valid_user; Is $valid_user defined or is it nulled?

 

#1 - do I have to start_session() on every page that I want the session to be on?
#2 - I defined $valid_user after posting this, so yes it is defined.

 

Got it!! Thanks to everybody for your help.. this probably won't be the last time you see me on here .. i'm relatively new to PHP!!