PHP question

Hi everyone, I have a quick question about my PHP script.

I can't quite understand why its not working, Im getting that there is an unexpected " on line 29, this is line 29:

$query = mysql_query("SELECT user_name,pass_word FROM TrueCrypt_Users WHERE user_name='$_POST["username"]' AND pass_word='$_POST["password"]'");

Any help?

Thanks.

Ive taken out the $_POST[""] vars and it works, but will it still do the same thing?

Try this:

$username = mysql_real_escape_string( $_POST['username'] );
$password  = mysql_real_escape_string( $_POST['password'] );

$query = mysql_query("SELECT user_name,pass_word FROM TrueCrypt_Users WHERE user_name='{$username}' AND pass_word='{$password}'");

Thanks system. That got rid of the first problem, not it lets me login using whatever I want, not what i have SELECT.

Any suggestions?

Basically this is my whole script, I thought it may be easier to figure out:)

 <BODY>
 <LEGEND> Administration Login
 <table border="0">
 <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
 <tr><td>Username:</td><td><input type="text" name="username" /></tr></td>
 <tr><td>Password:</td><td><input type="password" name="password" /></tr></td>
 <tr><td><input type="submit" name="submit" value="Login" /></tr></td>
 </table>
 </LEGEND>

<?php

$username = mysql_real_escape_string( $_POST['username'] );
$password = mysql_real_escape_string( $_POST['password'] );

$query = mysql_query("SELECT user_name,pass_word FROM TrueCrypt_Users WHERE user_name='{$username}' AND pass_word='{$password}'");

echo $query;

if($_POST["submit"]){
$query = $_POST["username"] & $_POST["password"]{

session_start();
$_SESSION["username"];
$_SESSION["password"];

echo "Thank you, Please Wait 5 Seconds for it to Load or Please Click <a href='/admin/index.php'>Here</a> " . "<META http-equiv='refresh' content='5;URL=/admin/index.php'>";
}else{
echo "Sorry, You're not allowed here." . "<META http-equiv='refresh' content='5;URL=/index.php'>";
}

?>



</BODY>
</HTML>```

session_start();

if( !isset( $_POST['submit'] ) )
{
?>
  <HTML>
  <BODY>
  <LEGEND> Administration Login
  <table border="0">
  <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
  <tr><td>Username:</td><td><input type="text" name="username" /></tr></td>
  <tr><td>Password:</td><td><input type="password" name="password" /></tr></td>
  <tr><td><input type="submit" name="submit" value="Login" /></tr></td>
  </table>
  </LEGEND>
  </BODY>
  </HTML>
<?php
}
else
{
  $username = mysql_real_escape_string( $_POST['username'] );
  $password = mysql_real_escape_string( $_POST['password'] );

  $query = mysql_query( "SELECT user_name,pass_word FROM TrueCrypt_Users WHERE user_name='{$username}' AND pass_word='{$password}'" );
  $rows  = mysql_num_rows( $query );

  if( $rows > 0 )
  {
    $_SESSION["username"] = $username;
    $_SESSION["password"] = $password;

    header( "Location: /admin/index.php" );
  }
  else
    echo "Sorry, you're not allowed here. <META http-equiv='refresh' content='5;URL=/index.php'>";
}

?>```

Thanks dude, but im not sure if you understand what i need,

basically, I want it to be a basic login page, nothing set before hand, if the username = the one in the database & password = one in the database then redirect to /admin/index.php else redirect to ../../index.php

It sounds really simple but it doesnt seem to be haha.

Thanks again though dude.

DarkMantis wrote: Thanks dude, but im not sure if you understand what i need,

basically, I want it to be a basic login page, nothing set before hand, if the username = the one in the database & password = one in the database then redirect to /admin/index.php else redirect to ../../index.php

It sounds really simple but it doesnt seem to be haha.

Thanks again though dude.

Are you serious?

Meltdown just gave you the fucking script to do almost exactly that?

All Im saying is that it didnt work, maybe its user error. Idk, but I cant seem to get it to work… :/

Fritzo edit: Don't Question Meltdowns work.

Ahh sorry, it was my bad, I had the database configured wrong.

Sorry, and thanks loads system!

Fritzo Edit: I will learn to Google.

Fritzo edit: I will stop double posting.

Good you had your insanely simple login done.