Hi, i have been trying to implement a simple login script in php. The problem is it does not seem to execute the query and always reverts back to the login function even when the parameters passed are accurate Code: <?php // This script manages the login process. // It should only be called when the user is not logged in. // If the user is logged in, it will redirect back to the calling page. // If the user is not logged in, it will show a login <form> include 'include.inc'; set_error_handler("errorHandler"); function check_login($loginUsername, $loginPassword, $level) { global $username; global $password; global $hostName; global $databaseName; global $message; // Get the two character salt from the // user-name collected from the challenge $salt = substr($loginUsername, 0, 2); // Encrypt the loginPassword collected from // the challenge $crypted_password = crypt($loginPassword, $salt); // Formulate the SQL find the user $query = "SELECT password FROM login WHERE username = '$loginUsername' AND password = '$crypted_password'"; // Open a connection to the DBMS if (!($connection = @ mysql_pconnect($hostName, $username, $password))) showerror(); if (!mysql_select_db($databaseName, $connection)) showerror(); // Execute the query if (!($result = @ mysql_query($query, $connection))) showerror(); // exactly one row? then we have found the user if (isset($result)) { // Register the loginUsername to show the user is logged in session_register("loginUsername"); $_SESSION["loginUsername"] = $loginUsername; // Clear any other session variables if (session_is_registered("errors")) // Delete the form errors session variable session_unregister("errors"); if (session_is_registered("formVars")) // Delete the formVars session variable session_unregister("formVars"); if (strcmp($level,"Manager") == 0) { header("Location:manager.mainform.php"); exit; } elseif (strcmp($level,"Line Manager") == 0) { header("Location:linemanager.mainform.php"); exit; } elseif (strcmp($level,"Salesman") == 0) { header("Location:salesman.mainform.php"); exit; } } else { // Ensure loginUsername is not registered, so the user // is not logged in if (session_is_registered("loginUsername")) session_unregister("loginUsername"); // Register an error message session_register("message"); $_SESSION["message"] = "Username or password incorrect. Login failed."; // Show the login page // so the user can have another go! login_page(); exit; } } // Function that shows the HTML <form> that is // used to collect the user-name and password function login_page() { ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd" > <html> <head> <title>Login Page</title> </head> <body bgcolor="white"> <?php // Show login status (should be logged out!) showLogin(); ?> <h3>Login Page</h3> <form method="POST" action="login.php"> <?php // Show messages showMessage(); // Generate the login <form> layout ?> <table> <tr> <td>Username:</td> <td><input type="text" size=30 maxlength=30 name="loginUsername"></td> </tr> <tr><td>Password:</td> <td><input type="password" size=20 maxlength=30 name="loginPassword"></td> </tr> <tr><td>Department:</td> <td><select name="level"> <option selected = ""> <option>Manager</option> <option>Line Manager</option> <option>Salesman</option> </select></td> </tr> <tr> <td></td> <td><input type="submit" value="Log in"></td> </tr> </table> </form> </body> </html> <?php } // ------------------ // Initialise the session session_start(); if (isset($_POST["loginUsername"])) $loginUsername = clean($_POST["loginUsername"], 20); if (isset($_POST["loginPassword"])) $loginPassword = clean($_POST["loginPassword"], 32); if (isset($_POST["level"])) $loginPassword = clean($_POST["level"], 50); // Check if the user is already logged in if (session_is_registered("loginUsername")) { // If they are, then just bounce them back where // they came from if (session_is_registered("referer")) { session_unregister("referer"); header("Location: $referer"); exit; } else { header("Location: salesinfo.html"); exit; } } if ((empty($loginUsername) && !empty($loginPassword)) || (!empty($loginUsername) && empty($loginPassword))) { // Register an error message session_register("message"); $_SESSION["message"] = "Both a username and password must be supplied."; } // Have they not provided a username/password, or was there an error? if (!isset($loginUsername) || !isset($loginPassword) || session_is_registered("message")) login_page(); else // They have provided a login. Is it valid? check_login($loginUsername, $loginPassword, $level); ?> am still a little new to php and this code has been giving me quite a headache there are no syntax errors and no indication of sql errors. any ideas?
problem solved. it tortured me for 3 days but i got it the problem was with variable assignment. i put Code: if (isset($_POST["loginPassword"])) $loginPassword = clean($_POST["loginPassword"], 32); if (isset($_POST["level"])) $loginPassword = clean($_POST["level"], 50); instead of Code: if (isset($_POST["loginPassword"])) $loginPassword = clean($_POST["loginPassword"], 32); if (isset($_POST["level"])) $level = clean($_POST["level"], 50); i had to force an sql error to find out whether or not the encrypted passwords matched. i hope it didnt give anyone a migrain thanks for help anyways
