I have a login form that submits to an authorization page that makes sure the user is in the database and creates the session. All of the login features work fine except I realized today when I entered my password wrong that the *or die (“Name and password not found or not matched”); *part after the mysql query is not working. If I enter the wrong password it just shows me a blank white page without my text or a php error.
Here’s the code for the authorization page. Any help is great. Thanks!!
<?php
session_start();
if(isset($_POST['submit'])){
// *** The text input will come in through the variable $_POST["captcha_input"],
// while the correct answer is stored in the cookie $_COOKIE["pass"] ***
if ($_POST["captcha_input"] == $_SESSION["pass"]){
$ip = $_SERVER[REMOTE_ADDR];
$conn = mysql_connect("***","***","***");
$db = mysql_select_db("***");
$PlayerName = mysql_real_escape_string($_POST["actname"]);
$Password = mysql_real_escape_string($_POST["actpass"]);
** $result = mysql_query("SELECT * FROM players WHERE PlayerName='$PlayerName'and Password='$Password'")
or die ("Name and password not found or not matched");**
$worked = mysql_fetch_array($result);
$PlayerName = $worked[PlayerName];
$Password = $worked[Password];
if($worked)
{
$_SESSION['playername'] = $PlayerName;
$_SESSION['password'] = $Password;
$_SESSION['Authenticated'] = ***;
$_SESSION['IP'] = $ip;
$new = $worked[Lastlogin];
$Time = time();
session_write_close();
if ($new = 0) {
mysql_query("UPDATE players SET ip1='$ip', Lastlogin='$Time' WHERE PlayerName='$PlayerName'");
header("Location: overview.php");
}
else{
mysql_query("UPDATE players SET ip1='$ip', Lastlogin='$Time' WHERE PlayerName='$PlayerName'");
header("Location: overview.php");
}
}
mysql_close($conn);
}
else {
echo "Sorry, you did not pass the CAPTCHA test.<br><br>";
echo " - Please click back in your browser and try again <br><br>";
}
}
if(isset($_GET['logout'])){
session_destroy();
header("Location: index.php");
}
?>