try some code indentation to make it more readable.
someone else pointed you to the 'user' 'name' mismatch already I see.
twistednetadmin wrote:
...
session_start();
switch (@$_GET['action']) // Gets set by the form action
{
case "login":
$sql = "SELECT name FROM DB
WHERE name='$_POST[user]'";
$result = mysql_query($sql) or die("Couldn't execute query.");
$num = mysql_num_rows($result);
if ($num ==1) // loginname found
{
$sql = "SELECT name FROM DB
WHERE name='$_POST[user]'
AND pass=password('$_POST[pass]')";
$result2 = mysql_query($sql) or die("Couldn't execute query 2.");
$num2 = mysql_num_rows($result2);
if ($num2 > 0) // password is correct
{
$_SESSION['auth']="yes";
$logname=$_POST['user'];
$_SESSION['logname'] = $logname;
header("Location: page1.php");
}
else // password is not correct
{
unset($action);
header("Location: loginerror.php");
}
}
elseif ($num == 0) // Wrong name. Name not in db
{
unset($action);
header("Location: loginerror.php");
}
}
...
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
