PF2G Posted December 17, 2011 Share Posted December 17, 2011 Hi, PHPFreaks I'm trying to do a login system, and i have this code: <?php session_start(); $username = "root"; $password = ""; $hostname = "localhost"; $database = "escola_musica"; $connect = mysql_connect($hostname, $username, $password) or die("Erro na ligação à Base de Dados."); $username = $_POST['username']; $pass = $_POST['pass']; mysql_select_db($database, $connect); $sql="SELECT username, password FROM alunos WHERE username='$username'"; $resultado = mysql_query($sql, $connect) or die(mysql_error()); $num = mysql_num_rows($resultado); if ($num>0) { $row = mysql_fetch_assoc($resultado); } if ($num > 0 AND ($username == true AND $pass == true)) { header("Location: index.php"); } else { header("Location: login_form.php"); } mysql_close($con); ?> but even if i put the correct user and pass OR incorrect it goes to 'index.php' anyway. Can someone help me, please? Thank you PF2G Quote Link to comment Share on other sites More sharing options...
melloorr Posted December 17, 2011 Share Posted December 17, 2011 It doesn't make sense. At the top of you code you have the variable $username as "root" which is to log into you database, and at the bottom you have this: if ($num > 0 AND ($username == true AND $pass == true)) { header("Location: index.php"); } else { header("Location: login_form.php"); } Which, i THINK says, if you have the variable $username, then you can log in (same goes for password) Also, do you have a login form? If yes post the code please Quote Link to comment Share on other sites More sharing options...
PF2G Posted December 17, 2011 Author Share Posted December 17, 2011 Holy crap, the program was confused about the two variables (what a stupid basic mistake) :S But now i changed and it gives me the same thing: <?php session_start(); $dbuser = "root"; $dbpass = ""; $dbhost = "localhost"; $dbname = "escola_musica"; $connect = mysql_connect($dbhost, $dbuser, $dbpass) or die("Erro na ligação à Base de Dados."); $username = $_POST['username']; $pass = $_POST['pass']; mysql_select_db($dbname, $connect); $sql="SELECT username, password FROM alunos WHERE username='". $username. "'"; $resultado = mysql_query($sql, $connect) or die(mysql_error()); $num = mysql_num_rows($resultado); if ($num>0) { $row = mysql_fetch_assoc($resultado); } if ($num > 0 AND ($username == true AND $pass == true)) { header("Location: index.php"); } else { header("Location: login_form.php"); } mysql_close($con); ?> Quote Link to comment Share on other sites More sharing options...
melloorr Posted December 17, 2011 Share Posted December 17, 2011 See if this works: [code]<?php session_start(); $dbuser = "root"; $dbpass = ""; $dbhost = "localhost"; $dbname = "escola_musica"; $connect = mysql_connect($dbhost, $dbuser, $dbpass) or die("Erro na ligação à Base de Dados."); $username = $_POST['username']; $pass = $_POST['pass']; mysql_select_db($dbname, $connect); $sql="SELECT username, password FROM alunos WHERE username='". $username. "'"; $resultado = mysql_query($sql, $connect) or die(mysql_error()); $num = mysql_fetch_assoc($resultado); if ($username == $num['username'] AND $pass == $num['password']) { header("Location: index.php"); } else { header("Location: login_form.php"); } mysql_close($con); ?> [/code] Quote Link to comment Share on other sites More sharing options...
PF2G Posted December 17, 2011 Author Share Posted December 17, 2011 OMG it worked. Thank you, man. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.