[RESOLVED] Trouble Keeping Variables

middleman666

Hey people,

looking for a bit of help finding the problem with my code.

What its supposed to do is collect the username and password from a form and then check that the user exists and the password is correct... - it does this fine and creates a session for the user.

Problem is when I try to use the username and password variables again to get the results from the database it doesn't work and im not sure why.

heres my code:

<?php

// include function files for this application
require_once('functions.php'); 

//create short variable names
$username = $_POST['username'];
$password = $_POST['password'];

// they have just tried logging in
if ($username && $password) {
  // check if username is unique
  $result = mysql_query("select * from users where username='$username' and password = sha1('$password')")
          or die ("Could not log you in.");

  if (mysql_num_rows($result)) {
    $_SESSION['valid_user'] = $username;
  }
  else {
	echo 'Login Failed. <br />[<a href=login.php>login</a>]';
   	exit; 
  }
}

echo 'Logged in as '.$_SESSION['valid_user'];

//THIS IS THE PART IM HAVING TROUBLE WITH ===================
  	$result = mysql_query("select * from users where username='$username' and password = sha1('$password')")
          or die ("Couldn't Connect to Database.");

// now display the results returned
$row= mysql_fetch_array($result);

  echo '<br><br><a href="'.$row['sitedir'].'/Admin/">Continue to '.$row['sitename'].'s Admin Area</a><br><br>';

//==================================================

include('member-menu.php');

?>

any help welcome,
Thanks.

abc123

$result = mysql_query("select * from users where username='$username' and password = sha1('$password')")

Try removing the ' from around $username.

Also I'd suggest create a variable $encPass and put that into the query.

For example I'd try.

$encPass = sha1($password);
$result = mysql_query("select * from users where username=$username and password = $encPass")
          or die ("Could not log you in.");

Try that and see if it works. Failing that echo out the query you are passing to the mysql db. Then open up a command prompt and query the users table directly with the query that you echoed. Should help with the troubleshooting.

middleman666

I tried what you suggested and it just returns 'Couldn't connect to database' from the second query - its doing that because the $username and $password links are 'empty'.

i.e. echoing the query returns:
select * from users where username= and password =

I don't understand why the username and password arn't being read in the second query but work fine in the first.

thanks for the reply, any other ideas?

middleman666

ok, ive sorted it now, codes a bit ugly but its working:

<?php

// include function files for this application
require_once('functions.php'); 

//create short variable names
$username = $_POST['username'];
$password = $_POST['password'];

// they have just tried logging in
if ($username && $password) {

  // check if username is unique
  $result = mysql_query("select * from users where username='$username' and password=sha1('$password')")
          or die ("Could not log you in.");

  if (mysql_num_rows($result)) {
    $_SESSION['valid_user'] = $username;
  }
  else {
	echo 'Login Failed. <br />[<a href=login.php>login</a>]';
   	exit; 
  }
}

echo 'Logged in as '.$_SESSION['valid_user'];

$user = $_SESSION['valid_user'];

$encPass = sha1($password); 

$result = mysql_query("select * from users where username='$user'")
      or die ("Couldn't Connect to Database.");

// now display the results returned
$row= mysql_fetch_array($result);

//Set result character limits
  echo '<br><br><a href="'.$row['sitedir'].'/Admin/">Continue to '.$row['sitename'].'s Admin Area</a><br><br>';

include('member-menu.php');

?>

Thanks for the help.