Hi,
I have literally exhausted myself trying to fix this problem. any help would be very much appreciated!
Basically the login script of my website is not working and is probably a small error but I cant find it.
Basically when the user trys to login(they are registered in the database) the information does not match and it goes to my error within the php script that the user does not match any in the database(they are definitely in the database)
Here is the code:
<?php // Start Session to enable creating the session variables below when they log in session_start(); mysql_connect("mysql798.cp.blacknight.com","u1116811","password"); mysql_select_db("db1116811_members"); error_reporting(E_ALL); ini_set('display_errors', '1'); //----------------------------------------------------------------------------------------------------------------------------------- // Initialize some vars $errorMsg = ''; $email = ''; $password = ''; $remember = ''; $id = ''; if (isset($_POST['email'])) { $email = $_POST['email']; $password = $_POST['password']; if (isset($_POST['remember'])) { $remember = $_POST['remember']; } $email = stripslashes($email); $password = stripslashes($password); $email = strip_tags($email); $password = strip_tags($password); // error handling conditional checks go here if ((!$email) || (!$password)) { $errorMsg = 'Please fill in both fields'; } else { // Error handling is complete so process the info if no errors include 'connect_to_mysql.php'; // Connect to the database $email = mysql_real_escape_string($email); // After we connect, we secure the string before adding to query $password = mysql_real_escape_string($password); // After we connect, we secure the string before adding to query $password = md5($password); // Add MD5 Hash to the password variable they supplied after filtering it // Make the SQL query $sql = mysql_query("SELECT * FROM members WHERE email='$email' AND password='$password'"); $login_check = mysql_num_rows($sql); // If login check number is greater than 0 (meaning they do exist and are activated) if($login_check != 0){ while($row = mysql_fetch_array($sql)){ // Create session var for their raw id $id = $row["id"]; $_SESSION['id'] = $id; // Create the idx session var $_SESSION['idx'] = base64_encode("g4p3h9xfn8sq03hs2234$id"); // Create session var for their username $username = $row["username"]; $_SESSION['username'] = $username; mysql_query("UPDATE members SET last_log_date=now() WHERE id='$id' LIMIT 1"); } // close while // Remember Me Section if($remember == "yes"){ $encryptedID = base64_encode("g4enm2c0c4y3dn3727553$id"); setcookie("idCookie", $encryptedID, time()+60*60*24*100, "/"); // Cookie set to expire in about 30 days setcookie("passCookie", $password, time()+60*60*24*100, "/"); // Cookie set to expire in about 30 days } // All good they are logged in, send them to homepage then exit script header("location: index2.php?test = $id"); exit(); } else { // Run this code if login_check is equal to 0 meaning they do not exist $errorMsg = "Incorrect login data, please try again"; // Print login failure message to the user and link them back to your login page print 'No match in our records, try again
Click here to go back to the login page.'; exit(); } } // Close else after error checks } ?>