Bueno chicos tengo un mega problema bueno para mi es un problemon porque estoy aprendiendo!
Pero resulta que mi sistema de login solo me esta evaluando el ID nadamas! el password ni lo mira! Aqui les paso mi codigo!
Código PHP:
<?php
//Start session
session_start();
//Include database connection details
require_once('config.php');
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Connect to mysql server
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
die('Failed to connect to server: ' . mysql_error());
}
//Select database
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
die("Unable to select database");
}
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//Sanitize the POST values
$txt_user = clean($_POST['txt_user']);
$txt_pass = clean($_POST['txt_pass']);
//Input Validations
if($txt_user == '') {
$errmsg_arr[] = 'No haz colocado el ID';
$errflag = true;
}
if($txt_pass == '') {
$errmsg_arr[] = 'Clave no existe';
$errflag = true;
}
//If there are input validations, redirect back to the login form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: login-form.php");
exit();
}
//Create query
$qry="SELECT * FROM user WHERE (username='$txt_user') AND (password='".md5($_POST['$txt_pass'])."')";
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) == 1) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['username'];
$_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
$_SESSION['SESS_LAST_NAME'] = $member['lastname'];
$_SESSION['SESS_USER_ID'] = $member['user_id'];
date_default_timezone_set("America/Caracas" ) ; $user_id = $_SESSION['SESS_USER_ID'];
$hora = date('h:i:s',time() - 3600*date('I'));
$_SESSION['SESS_ACCES_NOW'] = date("d-m-Y $hora");
$ip = $_SERVER['REMOTE_ADDR'];
$sql = "UPDATE user SET ip='$ip' WHERE user_id='$user_id'";
$result=mysql_query($sql);
session_write_close();
header("location: /main.php?mode=user&op=welcome");
exit();
}else {
//Login failed
header("location: /main.php?mode=user&op=faillogin");
exit();
}
}else {
die("Query failed");
}
?>
Que estoy haciendo mal >.<! NO TOMA EL PASSWORD PARA NDA PONGO cualquier locura y accesa al sistema!