Error in login script

Shibby

Can someone tell me why this isn't working?
I've already connected to MySQL and have made a form post the correct data with the type POST.

Interestingly, if I uncomment the echo line near the start of the script, it won't echo any username or password, although it will echo the correct md5 hash of the password entered.

$query = "SELECT id, username, password FROM " . $db_prefix . "users WHERE username='" . $HTTP_POST_VARS['username'] . "'";
  $result = mysql_query($query) or die(mysql_error());
  $userdata = mysql_fetch_array($result);

  //echo "username: $HTTP_POST_VARS['username'] $_POST['username'], password: $HTTP_POST_VARS['password'] , md5(" . md5($HTTP_POST_VARS['password']) . ")";

  if ((md5($HTTP_POST_VARS['password']) == $userdata->password))
  {
    session_start();
    $user_id = $userdata->id;
    $username = $userdata->username;
    session_register('user_id');
    session_register('username');
    header("Location: index.php");
    exit;
  }

tsinka

Hi,

you cannot use arrays directly in strings, change the echo line to:

echo "username: ".$HTTP_POST_VARS['username']." ".$_POST['username'].", password: ".$HTTP_POST_VARS['password'].", md5(".md5($HTTP_POST_VARS['password']) . ")";

Or you might try to put curly braces {} around the HTTP_POST_VARS variables.

Thomas