Im getting the username and password dont match up in my else statement. something wrong is happening in my query. Could someone check it over and see if something is wrong?
<?php
if (isset($_POST['Submit'])){
require_once('connect2.php');
//Create function for escaping data
function escape_data ($data){
global $dbc;
if(ini_get('magic_quotes_gpc')){
$data = stripslashes($data);
}
return mysql_real_escape_string ($data, $dbc);
}
//End Function
$message = NULL;
//Check for first name
if(empty($_POST['uname'])){
$u = FALSE;
$message .= 'your forgot your username<br /><br />';
}
else{
$u = escape_data($_POST['uname']);
}
//Check for last name
if(empty($_POST['pword'])){
$p = FALSE;
$message .= 'your forgot your password<br /><br />';
}
else{
$p = escape_data($_POST['pword']);
}
//Validate everything
if($u && $p){
//query
$query = "SELECT id, firstname, username, password FROM members WHERE username = '$u' AND password = PASSWORD('$p')";
$result = @mysql_query ($query) or die (mysql_error()); //run query
$row = mysql_fetch_array($result, MYSQL_NUM);
if($row){
//start session
session_start();
$_SESSION['firstname'] = $row[1];
$_SESSION['id'] = $row[0];
header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/loggedin.php");
exit();
}else{
$message .= 'Your username and password do not match up';
}
mysql_close();
}else{
$message .= 'Please try again';
}
}
if(isset($message)){
echo "$message";
}
?>
