Posted by Jerry Stuckle on 05/20/07 14:35

Johannes wrote:
> Hey guys,
>
> I'm building a login script using an active or inactive state, but
> when i check for this state it just simply skips to the incorrect
> login. It looks like the If ... AND ... part isn't working. Can
> anybody give me a hand with this problem?
>
> here's the code I use:
>
> <?php
> include("connect.php");
> session_start();
>
> if (!empty($_POST)){
> $query = "SELECT * FROM KLANT
> WHERE Email='".$_POST["Email"]."'
> AND Wachtwoord='".$_POST["Wachtwoord"]." ' ";
> $result=mysql_query($query) or die("FOUT : " . MySQL_error());
>
> if ((Status=="actief") AND (MySQL_num_rows($result) >0)){
> $username=$_POST["Email"];
> $wachtwoord=$_POST["Wachtwoord"];
> session_register("username");
> session_register("wachtwoord");
> mysql_fetch_row($result);
> header("Location: winkel.php");
> exit();
> }
> elseif ((Status=="inactief") AND (MySQL_num_rows($result) >0)){
> $tekst="Uw account staat momenteel op niet-actief<br>
> Neem a.u.b. contact op met de winkel";
> die($tekst);
> }else{
> $tekst="U hebt geen geldige combinatie van e-mailadres en
> wachtwoord opgegeven. Maak een keuze: <br>
> <a href=\ 'inloggen.php\'>Opnieuw inloggen</a><br>
> <a href=\ 'aanmelden.php\'>Hier registreren</a><br>";
> die($tekst);
> }}
> ?>
>

Where are you getting Status? Are you depending on register_globals to
be set on? If so, this is a "very bad thing".

Also, session_register is similar in that it requires register_globals
to be on.

Rather, you should be using the $_SESSION array.


--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]