index.php <?php include("header.php"); if ($HTTP_SESSION_VARS["login_status"]="IN"){ ?> <form name="flogin" id="flogin" method="post" action="login.php"> <table width="100%" border="0" align="center" cellpadding="2" cellspacing="0" class="f1b"> <tr align="center"> <td colspan="2"><p> </p></td> </tr> <tr> <td width="46%" align="right">User Name</td> <td width="54%"><input name="uname" type="text" id="uname"></td> </tr> <tr> <td align="right">Password</td> <td><input name="pwd" type="password" id="pwd"></td> </tr> <tr> <td align="right"> </td> <td><input type="submit" value="Login"></td> </tr> </table> </form> <?php } else { echo "<br><br><center>Welcome <b>".$HTTP_SESSION_VARS["admin_name"]."</b> !<center></br></br>"; } include("footer.php"); ?> Code (markup): login.php <?php require_once('../Connections/gkp.php'); ?> <?php if ($act=="OUT"){ session_unregister("login_status"); session_unregister("admin_name"); session_unregister("admin_id"); } else { mysql_select_db($database_gkp, $gkp); $query_rsadmin = "select * from admins where uname='".$uname."' and pwd='".$pwd."'"; $rsadmin = mysql_query($query_rsadmin, $gkp) or die(mysql_error()); $row_rsadmin = mysql_fetch_assoc($rsadmin); $totalRows_rsadmin = mysql_num_rows($rsadmin); if ($totalRows_rsadmin>0) { session_register("login_status"); $HTTP_SESSION_VARS["login_status"]="IN"; session_register("admin_name"); $HTTP_SESSION_VARS["admin_name"]=$row_rsadmin['full_name']; session_register("admin_id"); $HTTP_SESSION_VARS["admin_id"]=$row_rsadmin['admin_id']; } mysql_free_result($rsadmin); } header("location:index.php"); ?> Code (markup): i run this at : Apache(1.3.23), MySQL(3.23.48) and PHP(4.1.1). is there something wrong with that script ?? the problem is when i push login button with the correct id and pass, i cant login.
Well, from what I see your variables "uname" and "pwd" aren't set. Try adding this above the query line: $uname = $_POST['uname']; $pwd = $_POST['pwd'];
Where did you add them? Can you update your original post (and change the tags to [php] to make it easier to read fast)? Thanks. Code (markup):
<?php require_once('../Connections/gkp.php'); ?> <?php if ($act=="OUT"){ session_unregister("login_status"); session_unregister("admin_name"); session_unregister("admin_id"); } else { mysql_select_db($database_gkp, $gkp); [COLOR="Red"]$uname = $_POST['uname']; $pwd = $_POST['pwd'];[/COLOR] $query_rsadmin = "select * from admins where uname='".$uname."' and pwd='".$pwd."'"; $rsadmin = mysql_query($query_rsadmin, $gkp) or die(mysql_error()); $row_rsadmin = mysql_fetch_assoc($rsadmin); $totalRows_rsadmin = mysql_num_rows($rsadmin); if ($totalRows_rsadmin>0) { session_register("login_status"); $HTTP_SESSION_VARS["login_status"]="IN"; session_register("admin_name"); $HTTP_SESSION_VARS["admin_name"]=$row_rsadmin['full_name']; session_register("admin_id"); $HTTP_SESSION_VARS["admin_id"]=$row_rsadmin['admin_id']; } mysql_free_result($rsadmin); } header("location:index.php"); ?> Code (markup):
This may seem like a stupid question, but: Do you have the info in the database? If you do, move to the next step of debugging: Echo out the variables and whatever info is supposed to be added to the sessions/cookies (instead of setting the sessions/cookies) And make sure the info appears as it should. Also, word of advice: don't store a password bare in your database, or send it though posts bare. You need to hash it with a proper salt before you send it, and have it stored in the database as hashed. Then compare the hashes rather than the passwords.