Hi guys I`m trying to setup a system where a user enters a username and password and then tries to log in to the system and they are either authorized or rejected.
Password.html
[code=html]<form method=”post” action=”insert.php”>
Full Name: (Example: Michael R Maguire) <br />
<input type=”text” name=”user_name” size=”50″ maxlength=”50″/> (50 Characters Max)
<br />
<br />
User Name: <br />
<input type=”text” name=”sha_pw” size=”20″ maxlength=”20″/> (20 Characters Max)
<br />
<br />
<input type=”submit” value=”Create User” />
</form>
insert.php
[code=php]<?php
$user_name = $_POST[‘user_name’];
$SHA_PW = $_POST[‘sha_pw’];
$dbname = “heskdb”;
$conn = mysql_connect (“localhost”,”root”,”password”) or
die (‘cannot connect to database error: ‘.mysql_error());
mysql_select_db ($dbname);
if(empty($user_name) || empty($sha_pw)) {
echo “<h2>Please fill in all fields</h2>n”;
echo “Please use the back button in your browsers and fill in all required fields.n”;
die ();
}
$sql=”insert into teamtutorials_test (`User_ID` , `user_name` , `sha_pw`) values (‘NULL’,’$user_name’,’sha1($sha_pw)’)”;
mysql_query($sql) or die (mysql_error().” $sql”);
?>
login.html
[code=html]<form method=”post” action=”session.php”>
Full Name: (Example: Michael R Maguire) <br />
<input type=”text” name=”user_name” size=”50″ maxlength=”50″/> (50 Characters Max)
<br />
<br />
User Name: <br />
<input type=”text” name=”password” size=”20″ maxlength=”20″/>
<br />
<br />
<input type=”submit” value=”Create User” />
</form>
session.php
[code=php]<?php
session_start();
if (isset($_POST[‘user_name’]) && isset($_POST[‘password’]))
{
$user_name = $_POST[‘user_name’];
$password = $_POST[‘password’];
$dbname = “heskdb”;
$conn = mysql_connect (“localhost”,”root”,”password”) or
die (‘cannot connect to database error: ‘.mysql_error());
mysql_select_db ($dbname);
$sql = mysql_query(“select count(*) from teamtutorials_test
where user_name = ‘$user_name’ and sha_pw = sha1(‘$password’)”) or die(mysql_error());
$results = mysql_result($sql, “0”);
if ($results == 0){
header( ‘Location:http://www.yahoo.com’);
}
else
{
$_SESSION[‘valid_user’] = $user_name;
header( ‘Location:http://www.google.ie’);
}
}
?>
When I enter in any name and pass(whether it is authorized or unauthorized ) I am brough to yahoo(telling me i`m unauthorized).
Anybody got any ideas?Thanks in advance