Hi, I have been reading a book called "PHP in easy steps" by Mike McGrath.
This book has an example of a log-in form which uses PHP & MySQL to authenticate users.
I have copied the example into my trial webserver and set up a test MySQL database, but the form doesnt work.
When I click sign in it always fails, the problem seems to lie with the query sent to MySQL:
$sql="select * from users where user_name=\"$username\" and password = password( \"$password\" )";
If I remove the password bit and log-in with the Username & encrypted password from MySQL it works fine - so I assume it must be an error with the password being encrypted (the password is encrypted and then compared against the encrypted password held in MySQL).
The werid thing is the password bit works fine on another form where it creates a new user and adds it to the database.
But thats as far as my knowledge goes on this subject, and I haven't got a clue what to do next. If it's any help, I could post the enitre contents of the files.
I am not getting any errors from PHP or MySQL, rather my login script is always saying 'your username or password is invalid', even if the username and password are valid.
I have narrowed it down to being something to do with the encryption of the password; the password is encrypted (at least it should be) and then is compared against the encrypted record in MySQL. It seems the line I quoted earlier is not correctly encrypting the password before it is being compared.
I tried removing the encryption part so it just compared the password directly against the encrypted one and tried to log in using the username and the encrypted password, and it worked fine (my logon was allowed).
Any ideas anyone?
Thanks