[RESOLVED] loging in, checking user, password

bull

i made table in my database called users, it has such fields:
id|username|password||type

type - is for example, admin, member, limited..

index.php

<form name="form1" id="form1" method="post" action="check.php">
<b>user:</b><br />
<input type="text" name="user" maxlength="60" style="width:200px;"><br /><br />
<b>pass:</b><br />
<input type="password" name="pass" maxlength="60" style="width:200px;"><br /><br />
<input type="submit" name="login" value="login!" >
</form>

check.php

$db_host = 'localhost';
$db_user = 'xxx';
$db_pass = 'xxx';
$db = "page";
$con = mysql_connect($db_host, $db_user, $db_pass);
mysql_select_db($db);
if (!$con) {die('error');}

$sql = "SELECT * FROM users ????????";

?????
HOW TO CHECK THAT USER AND PASSWORD IS CORRECT?
?????
if ok .. 
session start
else 
index.php...

mysql_close($con);

can somebody help me to work on this script?

Houdini

Something like this might do

$user=$_POST['user'];
$pass=$_POST['pass'];
//more code here 
$sql = "SELECT username,password FROM users WHERE username='$username'";//or the correct fieldname
$result=mysql_query($sql)
  or die("Query failed. MySQL said: ".mysql_error());
$row = mysql_fetch_assoc($result);
if($row['username']!=$user || $row['password']!=$pass){
  echo "Sorry username or password are incorrect press your back button to try again";
  exit;
}
else{
  //do whatever you want cause the username and password match the database
}

bull

i've already wrote it this way, is it safe or i need to rewrite as Houdini sad?

$sql = "SELECT * FROM users WHERE name = '$name' and pass = '$pass'";
$result = @mysql_query($sql);
if (mysql_num_rows($result)==1){
  $_SESSION['admin']=$name;
  header('Location: adminarea.php');
}

TobyRT

Many of your ideas are the same. My suggestion would be look at the differences between what you've written and what Houdini has done. If there's anything you don't understand, ask us!

bull

i gues i'll leave it as i showed in my last post. thanks for help.

TobyRT

You could do, yes, but I wouldn't recommend it. If you find you have problems, you have no error checking there, so won't know what the problem is.

What kind of password protection are you using when they enter their password? Md5? anything else?

bull

no. i havent learned encryption yet. but im already shearching for it in this forum. maybe you can give me hint what better to use and where to get information?

TobyRT

There's a post I made when trying to do something similar - have a look at the posts I've made - there's one called 'login problems' I believe. Roger Ramjet also has a couple of posts on this and he helped me with mine.