Authentication and Sessions problem

listenmirndt

Hi, Ive been at this all day, Trying to do a tutorial, but i cant seem to get it to recognize the password,
It seem to recognize the username alright, - but keeps giving me an incorrect password message.. if anyone could shed some light, id appreciate it.

<?

/**
 * Checks whether or not the given username is in the
 * database, if so it checks if the given password is
 * the same password in the database for that user.
 * If the user doesn't exist or if the passwords don't
 * match up, it returns an error code (1 or 2).
 * On success it returns 0.
 */
function confirmUser($username, $password){
   global $con;
   /* Add slashes if necessary (for query) */
   if(!get_magic_quotes_gpc()) {
        $username = addslashes($username);
   }

   /* Verify that user is in database */
   $SQL = "select PASSWORD from SECURE where USERNAME = '$username'";
   $result = mysql_query($SQL,$con);
   if(!$result || (mysql_numrows($result) < 1)){
      return 1; //Indicates username failure
   }

   /* Retrieve password from result, strip slashes */
   $dbarray = mysql_fetch_array($result);
   $dbarray['password']  = stripslashes($dbarray['password']);
   $password = stripslashes($password);

   /* Validate that password is correct */
   if($password == $dbarray['password']){
      return 0; //Success! Username and password confirmed
   }
   else{
      return 2; //Indicates password failure
   }
}

/**
 * checkLogin - Checks if the user has already previously
 * logged in, and a session with the user has already been
 * established. Also checks to see if user has been remembered.
 * If so, the database is queried to make sure of the user's
 * authenticity. Returns true if the user has logged in.
 */
function checkLogin(){
   /* Check if user has been remembered */
   if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){
      $_SESSION['username'] = $_COOKIE['cookname'];
      $_SESSION['password'] = $_COOKIE['cookpass'];
   }

   /* Username and password have been set */
   if(isset($_SESSION['username']) && isset($_SESSION['password'])){
      /* Confirm that username and password are valid */
      if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0){
         /* Variables are incorrect, user not logged in */
         unset($_SESSION['username']);
         unset($_SESSION['password']);
         return false;
      }
      return true;
   }
   /* User not logged in */
   else{
      return false;
   }
}

/**
 * Determines whether or not to display the login
 * form or to show the user that he is logged in
 * based on if the session variables are set.
 */
function displayLogin(){
   global $logged_in;
   if($logged_in){

echo '

<table border="1" cellspacing="9" cellpadding="6" align="center" bordercolor="#DCDCCD">
  <tr bgcolor="#F9F9F9">
    <td bgcolor="#F9F9F9">
      <div align="center"><font color="#000000"> <b><b><font face="Verdana, Arial, Helvetica, sans-serif" size="1">
        </font><font color="#000000"><b><b><font face="Verdana, Arial, Helvetica, sans-serif" size="1">Logged
        In! </font></b></b></font></b></b></font></div>
    </td>
  </tr>
</table>
<div align="center"><font face="Verdana, Arial, Helvetica, sans-serif" size="1"><br>
  Welcome <b>'; echo $_SESSION[username]; echo '</b>, you are logged in. <a href=logout.php>Logout</a><br>
  <br>
  <a href="main.php"> CONTINUE</a></font></div>
';
   }
   else{
?>

<form name="form1" method="post" action="">
  <div align="center"><font color="#000000"><b><b><font color="#000000"><b><b><font color="#000000"><b><font face="Verdana, Arial, Helvetica, sans-serif" size="1">USERNAME</font></b></font></b></b></font></b></b></font></div>
  <table border="1" cellspacing="9" cellpadding="6" align="center" bordercolor="#DCDCCD">
    <tr bgcolor="#F9F9F9">
      <td bgcolor="#F9F9F9">
        <div align="center"><font color="#000000"> <b><b><font face="Verdana, Arial, Helvetica, sans-serif" size="1">
          </font><font color="#000000"><b><b><font face="Verdana, Arial, Helvetica, sans-serif" size="1">
          </font><font color="#000000"><b><font face="Verdana, Arial, Helvetica, sans-serif" size="1">
          <input type="text" name="user" maxlength="30">
          </font></b></font></b></b></font></b></b></font></div>
      </td>
    </tr>
  </table>
  <div align="center"><font color="#000000"><b><b><font color="#000000"><b><b><font color="#000000"><b><font face="Verdana, Arial, Helvetica, sans-serif" size="1"><br>
    PASSWORD</font></b></font></b></b></font></b></b></font></div>
  <table border="1" cellspacing="9" cellpadding="6" align="center" bordercolor="#DCDCCD">
    <tr bgcolor="#F9F9F9">
      <td bgcolor="#F9F9F9">
        <div align="center"><font color="#000000"> <b><b><font face="Verdana, Arial, Helvetica, sans-serif" size="1">
          </font><font color="#000000"><b><b><font face="Verdana, Arial, Helvetica, sans-serif" size="1">
          </font><font color="#000000"><b><font face="Verdana, Arial, Helvetica, sans-serif" size="1">
          <input type="password" name="pass" maxlength="30">
          </font></b></font></b></b></font></b></b></font></div>
      </td>
    </tr>
  </table>
  <div align="center"></div>
  <br>
  <table border="1" cellspacing="9" cellpadding="6" align="center" bordercolor="#DCDCCD">
    <tr bgcolor="#F9F9F9">
      <td bgcolor="#F9F9F9">
        <div align="center"><font color="#000000"> <b><b><font face="Verdana, Arial, Helvetica, sans-serif" size="1">
          </font><font color="#000000"><b><b><font face="Verdana, Arial, Helvetica, sans-serif" size="1">
          </font><font color="#000000"><b><font face="Verdana, Arial, Helvetica, sans-serif" size="1">
          <input type="submit" name="sublogin" value="Login">
          </font></b></font></b></b></font></b></b></font></div>
      </td>
    </tr>
  </table>
</form>

<?
   }
}


/**
 * Checks to see if the user has submitted his
 * username and password through the login form,
 * if so, checks authenticity in database and
 * creates session.
 */
if(isset($_POST['sublogin'])){
   /* Check that all fields were typed in */
   if(!$_POST['user'] || !$_POST['pass']){
      die('You didn\'t fill in a required field.');
   }
   /* Spruce up username, check length */
   $_POST['user'] = trim($_POST['user']);
   if(strlen($_POST['user']) > 30){
      die("Sorry, the username is longer than 30 characters, please shorten it.");
   }

   /* Checks that username is in database and password is correct */
   $md5pass = md5($_POST['pass']);
   $result = confirmUser($_POST['user'], $md5pass);

   /* Check error codes */
   if($result == 1){
      die('That username doesn\'t exist in our database.');
   }
   else if($result == 2){
      die('Incorrect password, please try again.');
   }

   /* Username and password correct, register session variables */
   $_POST['user'] = stripslashes($_POST['user']);
   $_SESSION['username'] = $_POST['user'];
   $_SESSION['password'] = $md5pass;

   /**
    * This is the cool part: the user has requested that we remember that
    * he's logged in, so we set two cookies. One to hold his username,
    * and one to hold his md5 encrypted password. We set them both to
    * expire in 100 days. Now, next time he comes to our site, we will
    * log him in automatically.
    */
   if(isset($_POST['remember'])){
      setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/");
      setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/");
   }

   /* Quick self-redirect to avoid resending data on refresh */
   echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">";
   return;
}

/* Sets the value of the logged_in variable, which can be used in your code */
$logged_in = checkLogin();

?>
planetsim

On the bit that tells the user it failed echo the
$md5pass and get the usernames password and echo that out to. If they match its got something to do with the SQL Statement