This is part of the code to a login form. The only file is index.php. The code continues but it what you get after you have successfully logged in. It doesn't matter what I put the the login form, when I hit the "log in" button, if just reloads the page, with no errors or anything. I have the database and everything set up correctly as far as I know. I'm not sure if you need anymore information. If you do I can get it to you. Any help would be greatly appreciated. I have been stuck on this for a few hours now.

session_start();
if ($form == 'sent') {
    unset($HTTP_SESSION_VARS);
    session_destroy();
}
global $asess_name, $asess_passwd, $asess_data;
session_register("asess_name");
session_register("asess_passwd");
session_register("asess_data");
include('../vars.php');
mysql_connect($db_host, $db_user, $db_pwd);
mysql_select_db($db_name);
if (!isset($HTTP_SESSION_VARS["asess_name"])) {
    if ($form = 'sent' && ereg($self_name, $HTTP_REFERER)) {
        if ($login == "" || $passwd == "" || ereg('%', $login) || ereg('%', $passwd)) {
            echo("<html><head><title>$title</title></head><body><p align=center><font face=$fontface><b>
<span style=\"background-color: $admincolor\">&nbsp;$title Control Panel </span></b>
</font></p><div align=center><center>
<table border=\"0\" style=\"border-collapse: collapse\" bordercolor=\"#111111\" cellpadding=\"0\" cellspacing=\"3\">
<form method=post action=/control/><input type=hidden name=form value=sent><tr>
<td align=\"right\" valign=\"top\" bgcolor=\"$admincolor\"><b>
<font face=\"$fontface\" size=\"2\">Login</font>:</b></td>
<td align=\"left\" valign=\"top\">
<input type=\"text\" name=\"login\" size=\"25\" style=\"font-family: $fontface; font-size: 8pt; font-weight: bold\"></td>
</tr><tr><td align=\"right\" valign=\"top\" bgcolor=\"$admincolor\">
<font face=\"$fontface\" size=\"2\"><b>Password:</b></font></td>
<td align=\"left\" valign=\"top\">
<input type=\"password\" name=\"passwd\" size=\"25\" style=\"font-size: 8pt; font-family: $fontface; font-weight: bold\"></td>
</tr><tr><td></td><td align=\"left\" valign=\"top\">
<input type=\"submit\" value=\"Log in\" style=\"font-family: $fontface; font-size: 8pt; font-weight: bold; float: right\"></td>
</tr></form></table></center></div></body></html>");
            unset($HTTP_SESSION_VARS);
            session_destroy();
            exit;
        }
        global $login, $passwd;
        $asess_name = $login;
        $asess_passwd = $passwd;
        header("Location: /control/?".SID);
        exit;
    }
    echo("<html><head><title>$title</title></head><body><p align=\"center\"><font face=\"$fontface\"><b>
<span style=\"background-color: $admincolor\">&nbsp;$title Control Panel </span></b>
</font></p><div align=center><center>
<table border=\"0\" style=\"border-collapse: collapse\" bordercolor=\"#111111\" cellpadding=\"0\" cellspacing=\"3\">
<form method=post action=/control/><input type=hidden name=form value=sent><tr>
<td align=\"right\" valign=\"top\" bgcolor=\"$admincolor\"><b>
<font face=\"$fontface\" size=\"2\">Login</font>:</b></td>
<td align=\"left\" valign=\"top\">
<input type=\"text\" name=\"login\" size=\"25\" style=\"font-family: $fontface; font-size: 8pt; font-weight: bold\"></td>
</tr><tr><td align=\"right\" valign=\"top\" bgcolor=\"$admincolor\">
<font face=\"$fontface\" size=\"2\"><b>Password:</b></font></td>
<td align=\"left\" valign=\"top\">
<input type=\"password\" name=\"passwd\" size=\"25\" style=\"font-size: 8pt; font-family: $fontface; font-weight: bold\"></td>
</tr><tr><td></td><td align=\"left\" valign=\"top\">
<input type=\"submit\" value=\"Log in\" style=\"font-family: $fontface; font-size: 8pt; font-weight: bold; float: right\"></td>
</tr></form></table></center></div></body></html>");
    unset($HTTP_SESSION_VARS);
    session_destroy();
    exit;
} else {
    $res = mysql_query("select value from admin where field='login'");
    $dblogin = mysql_result($res, 0);
    $res = mysql_query("select value from admin where field='passwd'");
    $dbpasswd = mysql_result($res, 0);
    if ($asess_name != $dblogin || $asess_passwd != $dbpasswd || !ereg($self_name, $HTTP_REFERER)) {
        echo("<html><head><title>$title</title></head><body><p align=\"center\"><font face=\"$fontface\"><b>
<span style=\"background-color: $admincolor\">&nbsp;$title Control Panel </span></b>
</font></p><div align=\"center\"><center>
<table border=\"0\" style=\"border-collapse: collapse\" bordercolor=\"#111111\" cellpadding=\"0\" cellspacing=\"3\">
<form method=post action=/control/><input type=hidden name=form value=sent><tr>
<td align=\"right\" valign=\"top\" bgcolor=\"$admincolor\"><b>
<font face=\"$fontface\" size=\"2\">Login</font>:</b></td>
<td align=\"left\" valign=\"top\">
<input type=\"text\" name=\"login\" size=\"25\" style=\"font-family: $fontface; font-size: 8pt; font-weight: bold\"></td>
</tr><tr><td align=\"right\" valign=\"top\" bgcolor=\"$admincolor\">
<font face=\"$fontface\" size=\"2\"><b>Password:</b></font></td>
<td align=\"left\" valign=\"top\">
<input type=\"password\" name=\"passwd\" size=\"25\" style=\"font-size: 8pt; font-family: $fontface; font-weight: bold\"></td>
</tr><tr><td></td><td align=\"left\" valign=\"top\">
<input type=\"submit\" value=\"Log in\" style=\"font-family: $fontface; font-size: 8pt; font-weight: bold; float: right\"></td>
</tr></form></table></center></div></body></html>");
       unset($HTTP_SESSION_VARS);
       session_destroy();
       exit;
    }
}
.......

If your system has register_globals turned off in php.ini (the default in R5), then it doesn't look as if your code is dealing with it (e.g. if ($form == "sent").

It may not be related but on line 14 it seems that you would want it to say:
if ($form == "sent" ...

Well, I tried added the extra = and turning on global variables, still nothing. It acts as though I just refreshed the page.

When I ran your code, it tries to go to control/ which seems to be the way you coded it. Don't know why you can't get out of the initial module

Hi there,
I think the problem might be that you never assign values from the $_POST array into your variables ($login, $passwd, etc.) Unless you do this in your include('../vars.php'). But other wise your variable will always be empty.

Well, I just took out the include statement and just copied the data in its place. vars.php is just my database information. Still nothing...

This article has been dead for over six months. Start a new discussion instead.