Hi there,
If i try to login with the script below without any username or password, it logs me in as a user that is already in the database! Cant see why it would do that though when it should just show an error… There is another page, but that is just a form with no predeffined values that will affect the form!
Fet
[code=php]
<? session_start();
ob_start();
$username=$_REQUEST[‘username’];
$password=base64_encode($_REQUEST[‘password’]);
$sql_reg=”select * from tbl_register where username='”.$username.”‘ and password='”.$password.”‘ and status=’1′”;
$fet=mysql_query($sql_reg) or die(“The Following error occired: <br>”.mysql_error());
if(mysql_num_rows($fet)>0)
{
$_SESSION[‘user’]=$username;
ob_start();
header(“location:home.php”);
exit;
}
else
{
$msg=1;
}
?>