Problem: I login with random info, it gives me error message, that is good. Now when I enter the correct username, and either a random password or no password at all it, still logs me in.
I'm loosing my mind. Here's the code, lose yours too, if you havn't already!
<?php if($_SESSION['tdauthaisd84093875973490687h34908tdj038475609dnuidlkndsfjks']){ echo "<p>Welcome back, $username.</p>"; if($_SESSION['tdauthaisd84093875973490687h34908tdj038475609dnuidlkndsfjks'] && $_SESSION['tdxuser'] && $logged['member_group'] >= 1){ memberPanel(); } }else{ if(isset($_POST['login'])){ $username = htmlspecialchars($_POST['username'], ENT_QUOTES); $password = htmlspecialchars($_POST['password'], ENT_QUOTES); $password = xcrypt($password); $error = "<p>Sorry, you are unable to login because you have entered your username/password combination wrong. Please check spelling & try again.</p>"; $sql = mysql_query("SELECT * FROM `users` WHERE `username`='$username' AND `password`='$password' LIMIT 1"); if(isset($username) && isset($password) && $username !== '' && $password !== ''){ if(mysql_num_rows($sql) !== 0){ $_SESSION['tdauthaisd84093875973490687h34908tdj038475609dnuidlkndsfjks'] = true; $_SESSION['tdxuser'] = $username; $_SESSION['tdxpass'] = $password; recordAdmin("Logged In"); echo "<p>Welcome back, $username.</p>"; echo "<div id=\"loading\"></div>"; echo "<meta http-equiv=\"refresh\" content=\"1\">"; echo "<p></p>"; }else{ echo $error; } }else{ echo $error; } }else{ ?> <div id="adminlogin"> <h1>TD Admin Control Panel</h1> <form action="" method="post" name="login" style="height: 90px;"> <p> <img src="<?=$domain;?>/images/locked.png" align="left"> <table border="0" cellspacing="2" cellpadding="10"> <tr> <td align="right">Username:</td> <td><input name="username" type="text" class="textbox" size="35"></td> </tr> <tr> <td align="right">Password:</td> <td><input name="password" type="password" class="textbox" size="35"></td> </tr> </table> <table border="0" cellspacing="0" cellpadding="5" align="right"> <tr> <td><input type="submit" name="login" value="Log In Administrator" style="font-weight: bold; width:100%; padding-left: 10px; padding-right: 10px; padding-top: 5px; padding-bottom: 5px;"></td> </tr> </table> </p> </form> </div> <?php } } ?>
All help is appreciated.
Edited by Braunson, 08 September 2007 - 10:40 PM.