Help with user authentication using MySQL

Serpent7 · Nov 15, 2005

Okay, I think this is a simple error, but I can't see what's going wrong.
I'm trying to authenticate a username and password with the following script:

$query = "SELECT Password
	FROM ragol
	WHERE Username = '$username'
	LIMIT 0 , 30";
$result = mysql_query($query) or die('Query failed: ' . mysql_error());
if($result == $pass)
{
	echo "<p>You are now logged in, providing you have cookies enabled. Click <a href=\"bottom.php?func=home\">here</a> to go to your 

	personal area.</p>";
	setcookie ("user", "$username", time()+72000);
}
else
{
	echo "<p>Your password/username comination was incorrect, or our database is failing. Please <a href=\"bottom.php?func=login\">try 	

again.</a></p>";
}
mysql_close($link);

But it always followed the ELSE branch, indicating that $result != $pass. So I echoed out the variables just before, like this:

$query = "SELECT Password
	FROM ragol
	WHERE Username = '$username'
	LIMIT 0 , 30";
$result = mysql_query($query) or die('Query failed: ' . mysql_error());

echo "$pass";
echo "$result";
if($result == $pass)
{
echo "<p>You are now logged in, providing you have cookies enabled. Click <a href=\"bottom.php?func=home\">here</a> to go to your

	personal area.</p>";
	setcookie ("user", "$username", time()+72000);
}
else
{
	echo "<p>Your password/username comination was incorrect, or our database is failing. Please <a href=\"bottom.php?func=login\">try 	

again.</a></p>";
}
mysql_close($link);

And they came to this:

$pass = Testera (Which is correct, as that's what I entered into the form in the page before.)
$result = Resource id #2

Finally, below is a syntax-highlighted version of the second script incase it helps. I didn't highlight the bit above because I wanted to point out the addition of the echoing of $pass and $result. All help much appreciated, thanks.

	$query = "SELECT Password
		FROM ragol
		WHERE Username = '$username'
		LIMIT 0 , 30";
	$result = mysql_query($query) or die('Query failed: ' . mysql_error());
                echo "$pass";
	echo "$result";
	if($result == $pass)
	{
		echo "<p>You are now logged in, providing you have cookies enabled. Click <a href=\"bottom.php?func=home\">here</a> to go to your 

	personal area.</p>";
	setcookie ("user", "$username", time()+72000);
}
else
{
	echo "<p>Your password/username comination was incorrect, or our database is failing. Please <a href=\"bottom.php?func=login\">try 	

again.</a></p>";
}
mysql_close($link);

Vbabiy · Nov 15, 2005

you need to use mysql_fetch_array()

$result = mysql_query($query) or die('Query failed: ' . mysql_error()); 
$row = mysql_fetch_array($result);

if ($pass == $row['pass']) 
{
//true code goes here
} else {
//False code goes here
}

Help with user authentication using MySQL

SSerpent7

VVbabiy