Update:
Looks like things are working now. I sent some bits of code to Marc and he did his own searching online as well. Now he has some clean up coding to do.
FYI - Here's the scripts that I wrote this afternoon...
admin.html:
PHP Code:
<HTML>
<HEAD>
<TITLE>Test MySQL/PHP login page</TITLE>
</HEAD>
<BODY>
<FORM METHOD=POST ACTION="verify.php">
Username: <INPUT TYPE=TEXT NAME="var_un"><BR />
Password: <INPUT TYPE=PASSWORD NAME="var_pw"><BR />
<INPUT TYPE=SUBMIT NAME=login VALUE=Login>
</FORM>
</BODY>
</HTML>
---------------------------------------
verify.php
PHP Code:
<?php
//include("db_connect.inc");
mysql_connect("SERVER","test_username","test_password") or
die ("could not connect to database");
mysql_select_db("test_db") or
die ("Ack!");
if (isset($_POST['login'])) {
// Check to see if both fields are filled in.
if(!$_POST['var_un'] | !$_POST['var_pw']) {
die('You did not fill in a required field.');
}
$check = mysql_query("SELECT * FROM info WHERE username = '".$_POST['var_un']."'")or die('Error');
// Error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('That user does not exist in our database. <a href=admin.html>Try Again.</a>');
}
while($info = mysql_fetch_array( $check ))
{
$_POST['var_pw'] = stripslashes($_POST['var_pw']);
$info['password'] = stripslashes($info['password']);
$_POST['var_pw'] = $_POST['var_pw'];
// Error if the password is wrong
if ($_POST['var_pw'] != $info['password']) {
die('Incorrect password, please try again.');
} else {
// If all is good, then redirect them to the members area
header("Location: members.php");
}
}
}else{
// If user tries to access this page directly, redirect.
// print "You must login first<BR />";
// print "please visit - <A HREF=\"admin.html\">login</A>";
header("Location: admin.html");
}
?>
----------------------------------------------------
members.php *No error checking on this little test page*
PHP Code:
<HTML>
<HEAD>
<TITLE> Members only!</TITLE>
</HEAD>
<BODY>
Welcome to the members area!
</BODY>
</HTML>
Dave