Login script – Not doing its job!

Hi there,

[url]www.loddonexplorers.co.uk/RegLogin.php[/url]

Dosent seem to want to work! Any user/password combo i type in works fine!
Any ideas why as im stumped!

Cheers,
Fet

[code=php]
<?php
session_start();
if (array_key_exists(‘Username’, $_SESSION)) {
process_form(1);
}
else {
if ($_POST[‘_submit_check’]) {
if ($form_errors = validate_form()) {
show_form($form_errors);
}
else {
process_form(0);
}
}
else {
show_form();
}
}

function show_form($errors = ”) {
print ‘<form name=”authForm” method=”POST” action=”‘.$_SERVER[‘PHP_SELF’].'”>’;
if ($errors) {
print ‘<span style=”color:red”><ul><li><b>’;
print implode(‘</b></li><li><b>’,$errors);
print ‘</b></li></ul></span>’;
}
print ‘Username’;
print ‘<input type=”text” name=”Username” value=”‘;
print htmlentities($_POST[Username]) . ‘”> <br />’;
print ‘Password’;
print ‘<input type=”password” name=”Password” value=”‘;
print htmlentities($_POST[Password]) . ‘”> <br />’;

print ‘<input type=”submit” name=”login” value=”Login” />’;
print ‘<input type=”hidden” name=”_submit_check” value=”1″/>’;
print ‘</form>’;
print ‘<a href=”index.php”>Click</a> here if you want to leave this form.’;
}

function validate_form() {
$errors = array();
$UserID=$_POST[‘Username’];
$UserPass=$_POST[‘Password’];
/****************************************************************************
* Check username and password in database *
****************************************************************************/
$userconn = @mysql_connect(“**”, “**”, “**”) or
die(“ERROR: Unable to establish database connection”);

$dbconn = @mysql_select_db(“**”) or
die( “Unable to select database”);

$text = “”;
$text = @mysql_query(“SELECT * FROM tblExplorerGroup WHERE Username=’$UserID’ AND Password=sha1(‘$UserPass’)”) ;
if ($text == “”) {
$errors[] = ‘Enter a valid username and password!’;
}
return $errors;
}

function process_form($logged_in) {
if ($logged_in == 0) {
// Add the username to the session
$_SESSION[‘Username’] = $_POST[‘Username’];
}
print ‘You are logged in as: <b>’.$_SESSION[‘Username’].'</b>’.str_repeat(‘&nbsp;’, 10).'<a href=”RegLogout.php”>Logout</a><br />’;
print ‘<p>You can continue processing as a logged-in user …………</p>’;
}
?>
[/code]

Also in #PHP _↴