This is Login script..
I also has register script which works fine adds some fields to database including
password with just md5 encryption.
when i try to login with email and password, this script always shows incorrect password message when i
type correct password and shows me member area when i type wrong password.
i couldnot find any error. pls help
<?php
// Connects to your Database
mysql_connect("localhost", "root", "dhiraj") or die(mysql_error());
mysql_select_db("test") or die(mysql_error());
session_start();
$e_id;
$pwd;
if(!isset($_POST['submit']))
{
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>Email Id:</td><td>
<input type="text" name="email" maxlength="60">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
<?php
}
else
{
// if form has been submitted
$SESSION['e_id']=$POST['email'];
$SESSION['pwd']=$POST['pass'];
// makes sure they filled it in
if(!$_POST['email'] | !$_POST['pass'])
{
die('You did not fill in a required field.');
}
// checks it against the database
$check = mysql_query("SELECT * FROM users WHERE u_email = '".$_POST['email']."'")or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0)
{
unset($_SESSION['e_id']);
unset($_SESSION['pwd']);
die('That user does not exist in our database. <a href=enter.php>Click Here to Register</a>');
}
while($info = mysql_fetch_array( $check ))
{
$_POST['pass'] = md5($_POST['pass']);
//gives error if the password is wrong
if ($_POST['pass'] != $info['u_pass'])
{
die('Incorrect password, please try again.');
//this gets executed when supply correct password.
}
else
{
//then redirect them to the members area
header("Location: members.php");
//this gets executed when i supply wrong password.
}
}
}
?>