CODE
<?php
$username = $_POST['username'];
$clean = strtolower($username);
$password = $_POST['password'];
$safe = md5($password);
if (count($_POST) > 0) {
if (!$username) $error = 'Please fill in your username';
else if (!$password) $error = 'Please fill in your password';
else if (!is_valid()) $error = 'It looks like you\'re not a valid user. Try checking your username or password or feel free to <a href="/register/">sign up</a>.';
else {
$id = get_id();
setcookie('user', $username, time() + 31556926, '/');
setcookie('id', $id, 0, '/');
header($root . '/account/dashboard/');
}
}
else $error = '';
?>
$username = $_POST['username'];
$clean = strtolower($username);
$password = $_POST['password'];
$safe = md5($password);
if (count($_POST) > 0) {
if (!$username) $error = 'Please fill in your username';
else if (!$password) $error = 'Please fill in your password';
else if (!is_valid()) $error = 'It looks like you\'re not a valid user. Try checking your username or password or feel free to <a href="/register/">sign up</a>.';
else {
$id = get_id();
setcookie('user', $username, time() + 31556926, '/');
setcookie('id', $id, 0, '/');
header($root . '/account/dashboard/');
}
}
else $error = '';
?>
is_valid() is in a functions file. I had it set so that it checked the username, password, and hashed password. However, I changed it around so that it'd check the clean username instead.
CODE
<?php
function is_valid() {
global $clean, $password, $safe;
if (mysql_num_rows(mysql_query("SELECT ID FROM users WHERE clean_username = '$clean' AND password = '$password' AND safe_password = '$safe'")) > 0) return true;
}
?>
function is_valid() {
global $clean, $password, $safe;
if (mysql_num_rows(mysql_query("SELECT ID FROM users WHERE clean_username = '$clean' AND password = '$password' AND safe_password = '$safe'")) > 0) return true;
}
?>
get_id() doesn't really do anything but get the ID from the MySQL database. Anyhow, what I can't understand is why it still generates an error. For example, let's say I have user named User. If I login using User, it works fine. However, if I use user, it generates an error. Now, I'd think that even if user is lowercase, $clean would just generate the same value (user).
Aide?