Having a problem with my login script, earlier, it was working fine, but now its just letting anybody log in, even if the records arent in the database :s i cant seem to think where it is going wrong
session_start();
mysql_connect("localhost","razorsh1","********");
mysql_select_db("razorsh1_page");
if(isset($_SESSION['loggedin']))
{
echo("<center>Dude, youve already logged in, <a href='acp.php'>Proceed to heaven</a></center>");
}
if(isset($_POST['submit']))
{
$name = mysql_real_escape_string($_POST['username']);
$pass = mysql_real_escape_string($_POST['password']);
$mysql = mysql_query("SELECT * FROM users WHERE name = '{$name}' AND password = '{$pass}'");
if(mysql_num_rows($mysql) < 1)
{
echo("<center>Password was an epic fail!</center>");
}
$_SESSION['loggedin'] = "YES";
$_SESSION['name'] = $name;
echo("<center>W00p we have success! <a href='acp.php'>Proceed to heaven</a></center>");
}
echo " <center><form type='adminlogin.php' method='post'>
<table width='381' height='90' border='1' cellpadding='0' cellspacing='0'>
<tr>
<td height='22' colspan='2' align='center' bgcolor='#990033'>Admin Login</td>
</tr>
<tr>
<td width='192' height='22'>Username</td>
<td width='183'><input type='text' name='username' id='username' /></td>
</tr>
<tr>
<td height='22'>Password</td>
<td><input type='password' name='password' id='password' /></td>
</tr>
<tr>
<td height='22' colspan='2' align='center'><input type='submit' name='submit' id='submit' value='Submit' /></td>
</tr>
</table>
</form></center>";Anyone see whats wrong with it? Its logging out fine, just letting anyone in
