Hey Guys,
Go easy on me as I am new(ish) to PHP. I'm writing a register / login script for a CMS and the register functions as it should. The username, encrypted password, and email are stored in the database. When I run the query to select the match in the login script, I continuously get my echo statement ('Invalid login') which is set to echo only when the mysql_fetch_row variable comes up empty. Here is the script...
Code:
<?php
// session start
session_start();
// includes
include('./includes/config.php');
if (isset($_POST['login']))
{
// set up some variables to make this easier
$username = $_POST['username'];
$password = $_POST['password'];
// let's deal with empty fields
if (empty($username) || empty($password))
{
echo '<li>Please make sure to fill in all fields!</li>';
} else
{
// they filled it all in and submitted
// let's clean up the username and password
$username = mysql_real_escape_string($_POST['username']);
$password = md5($_POST['password']);
// search for the combination
$query = mysql_query("SELECT id FROM users WHERE username = '".$username."' AND password = '".$password."' ") or die(mysql_error());
list($user_id) = mysql_fetch_row($query);
if (empty($user_id))
{
echo '<li>Incorrect login!</li>';
} else
{
// we found a match and we login them in
// WITH a session
$_SESSION['user_id'] = $user_id;
echo '<meta http-equiv="Refresh" Content="0; URL=index.php">';
}
}
}
?>
This is really basic. I'm going to add email validation, and only allow certain string lengths for the username and password. But, can someone help me figure out why it's not getting past the if(empty($user_id)) seeing as I fill in the correct log in information.
Also, I always have to use the meta http-equiv refresh as opposed to the header() function because it never runs. Is that dependable on anything?
Thanks,
Threaded Mode
