Forum Moderators: coopster
The script is:
<?php
/* Program: Login.php
Desc: Login program for Members Only section of the store area
*/
session_start();
session_register('auth');
session_register('logname');
include("form.inc");
switch (@$do)
{
case "login":
$connection = mysql_connect($host,$user,$password)
or die ("Couldn't connect to server");
$db = mysql_select_db($database, $connection)
or die ("Couldn't select database.");
$sql = "SELECT loginName FROM member
WHERE loginName='$fusername'";
$result = mysql_query($sql)
or die("Couldn't execute query.");
$num = mysql_num_rows($result);
if ($num==1) //login name was found
{
$sql = "SELECT loginName FROM member
WHERE loginName='$fusername'
AND password=password('$fpassword')";
$result2 = mysql_query($sql)
or die("Couldn't execute query.");
$num2 = mysql_num_rows($result2);
if ($num2 > 0) // password is correct
{
$auth="yes";
$logname=$fusername;
$today = date("Y-m-d h:m:s");
$sql = "INSERT INTO login (loginName,loginTime)
VALUES ('$logname','$today')";
mysql_query($sql) or die("Can't execute query.");
header("Location: Member_page.php");
}
what is the exact error with the line number and then which line of code is that?
I think you need to take out the ' around $fpassword and try sticking it around the whole thing...
$sql = "SELECT loginName FROM member
WHERE loginName='$fusername'
AND password='password($fpassword)'";
That's what I'd guess .....Looking at it real fast. Does the password() function return a value?
--Nick
$sql = "SELECT loginName FROM member
$sql='SELECT loginName FROM member
WHERE loginName="' . $fusername . '"
AND password=password("' . $fpassword . '")';
You could probable write this more elegantly with escapes, but this is clearer.
SN
It's working fine now.
