首先~~~我不太了解你這樣做的用意。

因為其實不管怎麼樣。你登入了本身就一定要去取回資料庫做判斷帳密是否正確。那多檢查一個Auth也因該是無所謂才對。
也就是你可以檢查帳密 && Auth == 1。一起判斷。

實在是沒有必要說~~~先檢查Auth後再來確定帳密。
這樣SQL查訊不就會要查2次??因該沒這樣的必要才對。

樓上大大!!
我有加入進去了,如下~
但是執行顯示錯誤勒!!
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM member WHERE username='answer' AND password='answer' AND Auth=1' at line 1


<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "member_center.php";
$MM_redirectLoginFailed = "login_form_1.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_ykk, $ykk);

$LoginRS__query=sprintf("SELECT username, password, FROM member WHERE username=%s AND password=%s AND Auth=1",
GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));

$LoginRS = mysql_query($LoginRS__query, $ykk) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = "";

//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;

if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>

........
你不會連SQL語法的錯誤也不知道怎麼查吧。

SELECT username, password, FROM

沒方現你的欄位多了一個,嗎???等於你要查尋三個欄位值。但第三個欄位沒宣告。
當然給你報語法錯誤。

sorry~前兩天已經用好了!!
忘記告訴大家了@@
也謝謝留言的人喔XD