PHP Code:
echo "Error, your account cannot be found.";
//Redirect wont work...echo writes headers
header("Location: ../../login.php?problem=notfound");
You cannot redirect after headers have been written! So that part is borked. The rest looks ok to me. The Session vars are a bit hacky to me. Maybe look into a uniqid generated function...but thats just me :P
---
EDIT:
I just read up on ob functions. So then the above is ok BUT with x10 running Apache/1.3.37 (Unix) PHP/5.2.0 mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 FrontPage/5.0.2.2635.SR1.2 mod_ssl/2.8.28 OpenSSL/0.9.7a
It may not have ob working or whatever. Ill keep looking through your code.
---
Also do an ereg replace on the username POST field. Its like a hack waiting to happen!
PHP Code:
$username2 = ereg_replace('[^A-Za-z0-9]', '', $_POST['username']);
//This will replace every thing (including whitespace...u can make it not to) thats not A-Z or a-z or 0-9
Hopefully that will fix the problem 
---
EDIT:
FOUND THE PROBLEM (I hope)!! The mysql_num_rows returns as an integer and NOT a string. So change:
PHP Code:
if (($num) == '0'){
To:
And see if that works
---
Retired
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote
