My [URL=”http://iaccount.wizardsdnd.com/login.php”]login page
[CODE]<?php
@@UrlFormat@@(‘/Connections/iSphere.php’);
// *** Start the session
if (!session_id()) session_start();
// *** Validate request to log in to this site.
$FF_LoginAction = $HTTP_SERVER_VARS[‘PHP_SELF’];
if (isset($HTTP_SERVER_VARS[‘QUERY_STRING’]) && $HTTP_SERVER_VARS[‘QUERY_STRING’]!=””) $FF_LoginAction .= “?”.htmlentities($HTTP_SERVER_VARS[‘QUERY_STRING’]);
if (isset($HTTP_POST_VARS[‘Username’])) {
$FF_tmpUsername=$HTTP_POST_VARS[‘Username’];
$FF_tmpPassword=$HTTP_POST_VARS[‘Password’];
$FF_valUsername = (get_magic_quotes_gpc()) ? $FF_tmpUsername : addslashes($FF_tmpUsername);
$FF_valPassword = (get_magic_quotes_gpc()) ? $FF_tmpPassword : addslashes($FF_tmpPassword);
$FF_fldUserAuthorization=””;
$FF_redirectLoginSuccess=”/index.php”;
$FF_redirectLoginFailed=”/loginfail.php”;
$FF_rsUser_Source=”SELECT Username, Password “;
if ($FF_fldUserAuthorization != “”) $FF_rsUser_Source .= “,” . $FF_fldUserAuthorization;
$FF_rsUser_Source .= ” FROM Users WHERE Username='” . $FF_valUsername . “‘ AND Password='” . $FF_valPassword . “‘”;
mysql_select_db($database_iSphere, $iSphere);
$FF_rsUser=mysql_query($FF_rsUser_Source, $iSphere) or die(mysql_error());
$row_FF_rsUser = mysql_fetch_assoc($FF_rsUser);
if(mysql_num_rows($FF_rsUser) > 0) {
// username and password match – this is a valid user
$MM_Username=$FF_valUsername;
$HTTP_SESSION_VARS[‘MM_Username’] = $MM_Username;
session_register(“MM_Username”);
if ($FF_fldUserAuthorization != “”) {
$MM_UserAuthorization=$row_FF_rsUser[$FF_fldUserAuthorization];
} else {
$MM_UserAuthorization=””;
}
$HTTP_SESSION_VARS[‘MM_UserAuthorization’] = $MM_UserAuthorization;
session_register(“MM_UserAuthorization”);
if (isset($HTTP_SESSION_VARS[‘priorUrl’]) && true) {
$FF_redirectLoginSuccess = $HTTP_SESSION_VARS[‘priorUrl’];
}
mysql_free_result($FF_rsUser);
session_register(“FF_login_failed”);
$FF_login_failed = false;
$HTTP_SESSION_VARS[‘FF_login_failed’] = $FF_login_failed;
header (“Location: $FF_redirectLoginSuccess”);
exit;
}
mysql_free_result($FF_rsUser);
session_register(“FF_login_failed”);
$FF_login_failed = true;
$HTTP_SESSION_VARS[‘FF_login_failed’] = $FF_login_failed;
header (“Location: $FF_redirectLoginFailed”);
exit;
}
?>
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.1//EN” “http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd”>
<html xmlns=”http://www.w3.org/1999/xhtml”>
<head>
<meta http-equiv=”Content-Type” content=”text/html; charset=UTF-8″ />
<title>Login</title>
<link href=”/CSS/Preferences.css” rel=”stylesheet” type=”text/css” />
</head>
<body>
<div id=”wrapper”>
<div id=”container”>
<table width=”100%” border=”0″ cellpadding=”0″ cellspacing=”5″>
<form action=”<?php echo $FF_LoginAction?>” METHOD=”POST” name=”Login”>
<tr>
<td width=”50%” class=”label”>Username</td>
<td width=”50%” class=”input”><input name=”Username” type=”text” /></td>
</tr>
<tr>
<td width=”50%” class=”label”>Password</td>
<td width=”50%” class=”input”><input name=”Password” type=”password” /></td>
</tr>
<tr>
<td colspan=”2″ class=”button”><input name=”Login” type=”button” value=”Login” /></td>
</tr>
</form>
<tr>
<td width=”50%”> </td>
<td width=”50%”> </td>
</tr>
</table>
</div>
</div>
</body>
</html>
Can anyone see what is wrong?