so i have a database set up. it has 3 fields. 1 is id, 2nd is uername, and 3rd is password. i already create a one username and password.
in index.php for some reason it always goes inside else statment. and it skips the if part.
-------------------- index.php --------------
<?php
//session_start();
include("connect.php");
//check, if user is loged in or not
if(isset($_session['username']))
{
//log in(member)
echo
"
YOU ARE LOGED IN
<input type='submit' action = 'logout.php' value='logoff'>
";
}
else
{
//not loged in(not member)
echo
"
YOU ARE NOT LOG IN!
<form name='form' method='post' action='login.php'>
<strong>Member Login </strong><br/>
<p id = 'error'>Print Errors here</p>
Username:<input name='username' type='text' id='username'><br/>
Password: <input name='password' type='password' id='password'><br/>
<input type='submit' value='Login'>
<input type='submit' action='register.php' value='register'>
</form>
";
}
?>
-----------------------------------login.php-----------------------------------------
<?php
session_start();
include("connect.php");
$post_username = $_POST['username'];
$post_password = $_POST['password'];
if($post_username && $post_password)
{
if(strlen($post_username) > 20 || strlen($post_password) > 20)
{
die("Username or Password character length is too long!");
}
else
{
//convert password to md5
$port_password = md5($post_password);
//query the database
$login = sprintf("SELECT * FROM user WHERE username='%s' AND password ='%s'", mysql_real_escape_string($post_username),mysql_real_escape_string($post_password));
$rowcount = mysql_num_rows(mysql_query($login));
$fieldarray= mysql_fetch_assoc(mysql_query($login));
$id= $fieldarray['user_id'];
if($rowcount == 1)
{
//log the user in
$_SESSION['username'] = $post_username;
$_SESSION['user_id'] = $id;
header('Location: index.php');
//echo $_SESSION['username'].", you hava been logged in! <a href='index.php'>Return</a>";
}
else
die("Incorrect username or password combination!");
}
}
else
die("Username and password required");
?>