Hi Larry and all, I've been stumped by this for several days now and I don't know why it's not working properly. Please excuse my lack of expertise with php, I've just started! The problem is I cannot get the last line of code to show up properly. I'm talking about $login_errors['login'] = 'The email address and password do not match those on file.'; When I test and I purposely enter a wrong password, the warning does not show up. Can you please help me find out why??? Much appreciated!
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (preg_match ('/^[\w.-]+@[\w.-]+\.[A-Za-z]{2,6}$/', $trimmed['email'])) {
$uemail = mysqli_real_escape_string ($dbc, $trimmed['email']);
} else {
$login_errors['email'] = '<br /><small class="errors">Please enter a valid email address!</small>';
}
if (preg_match ('/^\w{4,20}$/', $trimmed['upword'])) {
$p = mysqli_real_escape_string($dbc, $trimmed['upword']);
} else {
$login_errors['upword'] = '<br /><small class="errors">Please enter your password! (Must be at least 4 characters long)</small>';
}
if (empty($login_errors)) {
$q1 = "SELECT user_id, user_level, username, salt, pass FROM users WHERE (email='$uemail')";
$r1 = mysqli_query($dbc, $q1);
if (mysqli_num_rows($r1)) {
$row = mysqli_fetch_assoc($r1);
$login_p = sha1($p . $row['salt']);
if ($login_p === $row['pass']){
if ($row[1] == 1) {
session_regenerate_id(true);
$_SESSION['user_admin'] = true;
}
$_SESSION['user_id'] = $row[0];
$_SESSION['username'] = $row[2];
header ("Location: index.php");
} else { // No match was made.
$login_errors['login'] = 'The email address and password do not match those on file.';
}
}
}
}
include('admin/includes/form_functions.inc.php');