Forum Moderators: coopster
( I numbered the 2 lines)
Thank you
Henry
BTW do I really need to start a session when using $_SESSION, doesn't PHP make it automatic?
<?
$db = mysql_connect("foo", "foo", "foo") or die ("Couldn't connect to the database.");
mysql_select_db("foo") or die("Couldn't select the database");
// Add slashes to the username, and make a md5 checksum of the password.
/*LINE 12 */
$_POST['username'] = addslashes($_POST['username']);
/*LINE 13 */
$_POST['userpass'] = md5($_POST['userpass']);
$result = mysql_query("SELECT count(userid) FROM members WHERE userpass='$PHP_AUTH_PW' AND
username='$PHP_AUTH_USER'") or die("Couldn't query the user-database.");
$num = mysql_result($result, 0);
if (!$num) {
// if the query didn't return anything, // display the login form.
echo "<h3>User Login</h3>
<form action='$_SERVER[PHP_SELF]' method='post'>
Username: <input type='text' name='username'><br>
Password: <input type='password' name='userpass'><br><br>
<input type='submit' value='Login'> </form>";
}
else
{
// Start the login session
// We've already added slashes and MD5'd the password
session_start();
$_SESSION['username'] = $_POST['username'];
$_SESSION['userpass'] = $_POST['userpass'];
echo "<h1>Congratulations</h1>";
echo "You're now logged in. <a href='page2.php'>Page 2</a>.";
}
?>
Have you tried..
print_r($_POST);
...to see what exactly was posted?
$username = (isset($_POST['username']))? $_POST['username'] : '';
$userpass = (isset($_POST['userpass']))? $_POST['userpass'] : '';
// Make sure you give your submit button a name:
<input type='submit' name='process' value='Login'>
--
-- then you can check to see if a submit was requested:
--
if (isset($_POST['process'])) {
// process my form
}
Henry
<<edit
BTW, indeed your solution is more elegant
just before I also figured that the var was empty
so I tried to remove the form part and first send
my data within the login.php
which did OK, but was more one "Spaghetti side :)"
>>>
