I found a tutorial on how to create simple login functionality with php and mysql but I can’t get it to work as I want. I would really appreciate if someone could take a look at the code and let me know what’s wrong. What I don’t get is why it’s not redirecting to the “area.php” page even if I enter a valid user/password combination. Even if I enter a wrong user/password combo it doesn’t trigger the “invalid username/password combination” on line 52 in the code below.
THE login.php FILE
[code=php]<?php
//Connect to database
mysql_connect(“localhost”, “root”, “my_password”);
mysql_select_db(my_database);
if($_POST[username] != “” || $_POST[password] != “”){
$login_status = login($_POST[username], $_POST[password]);
}
elseif($_GET[logout]){
logout();
}
$userid = status();
function status(){
$sessionid = $_COOKIE[test_account];
$oldtime = time() – 3600;
$query = mysql_query(“SELECT * FROM user_sessions WHERE
sessionid = ‘$sessionid’ AND timestamp > ‘$oldtime'”);
if(mysql_num_rows($query) == 1){
$info = mysql_fetch_array($query);
return $info;
}
else {
return 0;
}
}
function login($username, $password){
$username = addslashes($username);
$password = md5($password);
$query = mysql_query(“SELECT * FROM user_accounts WHERE username = ‘$username’ AND password = ‘$password'”);
if (mysql_num_rows($query) == 1){
$info = mysql_fetch_array($query);
$userid = $info[userid];
$sessionid = md5($userid . time());
$time = time();
@setcookie(‘test_account’, $sessionid, $time + 3600, ‘/’, ”);
mysql_query(“DELETE FROM user_sessions WHERE userid = ‘$userid'”);
mysql_query(“INSERT INTO user_sessions (sessionid, userid, timestamp) VALUES(‘$sessionid’,’$userid’,’$time’)”);
return $userid;
}
else{
return 0;
}
}
if($userid > 0){
header(“Location: area.php”);
}
else{
if($login_status != ” && $login_status == 0){
echo “invalid username/password combination<br>”;
}
?>
<h1>Login</h1>
<form action=”login.php” method=”POST”>
Username <input type=”text” name=”username” />
Password <input type=”password” name=”password” />
<input type=”submit” value=”Log In” />
</form>
No account? <a href=”register.php”>Register</a>
<?php } ?>
THE area.php file
[code=php]
<?php
function status(){
$sessionid = $_COOKIE[test_account];
$oldtime = time() – 3600;
$query = mysql_query(“SELECT * FROM user_sessions WHERE
sessionid = ‘$sessionid’ AND timestamp > ‘$oldtime'”);
if(mysql_num_rows($query) == 1){
$info = mysql_fetch_array($query);
return $info;
}
else {
return 0;
}
}
$userid = status();
?>
<?php
if ($userid > 0) {
echo “welcome to user area”;
}
?>
<?php
function logout() {
$sessionid = $_COOKIE[test_account];
@setcookie(“test_account”, time() – 9999, ‘/’, ”);
mysql_query(“DELETE FROM user_sessions WHERE sessionid = ‘$sessionid'”);
}
?>
THE register.php FILE
[code=php]<?php
mysql_connect(“localhost”, “root”, “my_password”);
mysql_select_db(my_database);
if($_POST[username] != “” || $_POST[password] != “”){
$login_status = register($_POST[username], $_POST[password]);
}
else {
printTable();
}
function register($username, $password){
$username = addslashes($username);
$password = md5($password);
$query = mysql_query(“SELECT * FROM user_accounts WHERE username = ‘$username'”);
if (mysql_num_rows($query) == 1){
echo “username already exists<br>”;
printTable();
}
else{
mysql_query(“INSERT INTO user_accounts (username, password) VALUES (‘$username’, ‘$password’)”)or die(mysql_error());
echo “You successfully registred.”;
}
}
function printTable() {
?>
<h1>Register</h1>
<form action=”register.php” method=”POST”>
Username <input type=”text” name=”username” />
Password <input type=”password” name=”password” />
<input type=”submit” value=”Log In” />
</form>
<?php } ?>
Thanks for any help!