Hi,
I look up at your code and i see some different parts of this code which are not really good, i put another structure to correct it and i expect it'll work .
I changed the $ names just as i do it when i program .
If you need help, tell us.
As the script in case IF, i see that you put if ... < 1
I think there's no reason to put this, so i changed it to == true
Last thing is when you put a $_name inside a SQL query, you must put this style ( i use it )
==> $name = "SELECT ... FROM ... WHERE ... =(single quote)(double quote)(dot)$name(dot)(double quote)(single quote) ... ";
Alex,
<?php
include ("connect.php");
if (isset($_POST['submit']) && $_POST['submit'] == "TEXT_APPEAR_OF_BUTTON") // name button ...
{
$username1=$_POST['username'];
$passwords=$_POST['password'];
$sql = "SELECT salt FROM user WHERE username = '".$username1."'";
$query = mysql_query($sql);
$salt = mysql_fetch_array($query);
$password1=md5($passwords);
$password2=md5($password1 && $salt);
$sql_user = "SELECT * from user where username= '".$username1."' and password='".$password2."'";
$req_user = mysql_query($sql_user) or die("Could not get admin");
$user = mysql_fetch_array($req_user);
if(strlen($user['username']) == true )
{
echo "wrong user /pass.";
}
elseif(strlen($passwords) == true )
{
echo "wrogggg.";
}
else
{
$username = $_SESSION['pwngame'];
echo "thanks for login !";
}
}
?>