What I am trying to accomplish is:
When a user logs in the username / password is checked
against the database. Once that is done, I need it to load a page.
I am getting an error using the following code.
<?php
require_once('core/db.php');
// Check if login form was submitted
if (isset($_POST['submit']))
{
// Check for a matching username and password in the database
$check = mysql_query("SELECT id,username,password FROM $prefix"."_admin WHERE
username='" . $_POST ['username'] . "' AND password='" . $_POST['password'] . "'");
if (mysql_num_rows($check) != 1)
{
// inform user username or password is incorrect
echo "Please check the username / password and try again";
} else {
// Retrieve userinfo
$user_info = mysql_fetch_array($check);
// Login was successful set session variables
$_SESSION["userid"] = $user_info['id'];
$_SESSION["username"] = $user_info['username'];
header('location:home.php');
// echo "<a href=home.php?aut=1>ENTER</a>";
}
// Display Login Form
} else {
echo "<html>";
echo "<head><title></title>";
echo "<link rel='stylesheet' type='text/css' href='inc/style.css' />";
echo "</head>";
echo "<div class='container'>";
echo "<div class='header'><img src='i/heading.jpg' width='755' height='89' alt='header image'></div>";
echo "<div class='title'>Company Name <br /><br /> Administration</div>";
echo "<div class='form'>";
echo "<form action=index.php method='post' class='form'>";
echo "<table align='center'>";
echo "<tr>";
echo "<td align='left'>";
echo "<b>Username</b>:<br /><input type='text' name='username'>";
echo "</td>";
echo "</tr>";
echo "<tr>";
echo "<td>";
echo "<b>Password</b>:<br /><input type='password' name='password' >";
echo "</td>";
echo "</tr>";
echo "<tr>";
echo "<td>";
echo "<input type='submit' name='submit' value='Submit'> |
<input type='submit' name='lost_pass' value='Get Password'>";
echo "</tr>";
echo "</table>";
echo "</form>";
echo "</div>";
echo "</body>";
echo "</div>";
echo" </html>";
}
?>
Here is the code that I use to check the user/pass
<?php
// Check if login form was submitted
if (isset($_POST['submit']))
{
// Check for a matching username and password in the database
$check = mysql_query("SELECT id,username,password FROM $prefix"."_admin WHERE username='" . $_POST['username'] . "' AND password='" . $_POST['password'] . "'");
if (mysql_num_rows($check) != 1) {
// inform user username or password is incorrect
echo "Incorrect username or password<br>";
} else {
// Retrieve userinfo
$user_info = mysql_fetch_array($check);
// Login was successful set session variables
$_SESSION["userid"] = $user_info['id'];
$_SESSION["username"] = $user_info['username'];
?>
And I am unsure if i need this but it is supposed to make sure a person is logged in before a user is allowed to view the requested page
<?php
session_start();
if(isset($_SESSION['id'])) {
} else {
// user is not logged in
//header("Location: http://localhost/cms/index.php");
exit();
}
?>