Can anyone tell me why this might not be working. It stops if the uname is not valid, doesn't stop if the pwd and uname do not match. It just reads the uname and logs in without the pwd.
PHP Code:$uname = $_POST['uname'];
$pwd = $_POST['pwd'];
$epwd = md5('$pwd');
printConnect();
$query = "SELECT * FROM login";
$result = mysql_query($query)
or die ("Couldn't query data" . mysql_error());
$row = mysql_fetch_assoc($result);
if($uname != $row['username']) {
$_SESSION['error'] = 'Username does not exist!!';
header('Location: index.php');
}
else {
$query = "SELECT * FROM login WHERE username = '$uname'";
$result = mysql_query($query)
or die ("Couldn't query data" . mysql_error());
$row = mysql_fetch_assoc($result);
$pwdc = $row['password'];
if($epwd != $pwdc) {
$_SESSION['error'] = 'Username does not exist!!';
header('Location: index.php');
}
else {
$_SESSION['loggedIn'] = TRUE;
$_SESSION['uname'] = $uname;
}
header('Location: index.php');
}
Reply With Quote
Bookmarks