Re: what is wrong in these codes php, sql

[Rohithzr]

@unasAquila not working
first of all it shows an unidentified index until and unless i declare it in connect.php
second if i use this command then i end up opening a blank login.php page with no result whatsoever as there is no echo in login.php [there is echo in index.php but the form opens the login.php and no echo event occurs in index.php]

well now take a look at these files

login.php [added ur suggestion in wrong password section {and it reaches there tested}]

//signin.php

include 'connect.php';



if(isset($_SESSION) && $_SESSION == true)

{

echo 'You are already signed in, you can sign out if you want.';



}

else

{

if($_SERVER != 'POST')

{

echo 'You cannot access this page dirctly. !!';

}

else

{

$errors = array();



if(!isset($_POST))

{

$errors[] = 'The username field must not be empty.';

}



if(!isset($_POST))

{

$errors[] = 'The password field must not be empty.';

}



if(!empty($errors))

{

echo 'Uh-oh.. a couple of fields are not filled in correctly..

';

echo '
';

foreach($errors as $key => $value)

{

echo '
' . $value . '
';

}

echo '
';

}

else

{

$sql = "SELECT

user_id,

user_name,

user_level

FROM

user

WHERE

user_name = '" . mysql_real_escape_string($_POST) . "'

AND

user_pass = '" . sha1($_POST) . "'";



$result = mysql_query($sql);

if(!$result)

{



echo 'Something went wrong while signing in. Please try again later.';

//echo mysql_error(); //debugging purposes, uncomment when needed

}

else

{

if(mysql_num_rows($result) == 0)

{





$error = 'You have supplied a wrong user/password combination. Please try again.';

$_SESSION = $error;

}

else

{



$_SESSION = true;





while($row = mysql_fetch_assoc($result))

{

$_SESSION 	= $row;

$_SESSION 	= $row;

$_SESSION = $row;

}



echo 'Welcome, ' . $_SESSION . '. 
Proceed to the forum overview.';

}

}

}

}

}





?>