So I have been trying to figure why my login page keeps logging me in with just the username. I can just type in the username without the password and it logs me in. This is the code:
[php]<?php
include(“config.php”);
session_start();
if($_SERVER[“REQUEST_METHOD”] == “POST”)
// username and password sent from Form
$myusername=mysql_real_escape_string($_POST[‘username’]);
$mypassword=mysql_real_escape_string($_POST[‘password’]);
$passcode=sha1(md5($mypassword)*(12)); // Encrypted Password
$sql=“SELECT id FROM user WHERE username=’”.$myusername."’ and password=’".$passcode."’";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row
if($count==1)
{
$_SESSION[‘username’];
$_SESSION[‘login_user’]=$myusername;
header(“location: welcome.php”);
}
else
{
$error=“Your Login Name or Password is invalid”;
}
?>[/php]
This is the form:
<form action="" method="post">
<p><input type="text" name="username" id="username" placeholder="Username" ></p>
<p><input type="password" name="password" id="password" placeholder="Password" ></p>
<p align="center" class="submit"><input type="submit" name="commit" value="Login"></p>
</form>