Hey everyone,
I've been staring at this function I wrote for a day now, and I can't see what's wrong:
function login($username_here, $password_here)
{
$uname=trim($username_here);
$upass=trim($password_here);
$result = mysql_query("SELECT FROM users WHERE username='$uname'");
if (!$result) { mybad("Couldn't connect to the database. Please try later. 1"); }
if (mysql_num_rows($result) <= 0) { mybad("Username not found. If you are not registered, please register by click 'Join EduPages.Net'."); }
$result = mysql_query("SELECT FROM users WHERE username='$uname' AND pword=password('$upass')");
if (!$result){mybad("Your username or password is invalid. Please try again.");}
if (mysql_num_rows($result) > 0) {
session_start();
global $valid_user;
$valid_user=$uname;
session_register("valid_user");
header("Location: home.php");
} else {
mybad("Zero results returned.");
}
}
Everything is fine (i have tons of other queries that are working fine on this database) except for this line:
$result = mysql_query("SELECT * FROM users WHERE username='$uname' AND pword=password('$upass')");
It always fails, even though the variables that pass through match those in the database. The first query in the above example is fine, the username is found, and the script continues on. But as soon as I add AND pword=password('$upass'), it fails everytime. The password that is stored in the database is encryped using the same, password() method. I don't see what's wrong.
Maybe it's like writing an essay and trying to proofread it yourself...you never see any errors. I would really appreciate it if someone could point me in the right direction. Thanks!
