Problems with logging in

Duckyboos

I am fairly new to PHP, and I am going through a book on it. One aspect is about creating a login system. I have copes it exactly from the book but it is not working when I implement it onto my own server. Was wondering if you guys could help shed some light onto it.

When someone logs in, the 2 variables are carried from the form to this page:

<?php

// include function files for this application
require_once('bookmark_fns.php');
session_start();

//create short variable names
$username = $_POST['username'];
$passwd = $_POST['passwd'];

if ($username && $passwd) {
// they have just tried logging in
  try  {
    login($username, $passwd);
    // if they are in the database register the user id
    $_SESSION['valid_user'] = $username;
  }
  catch(Exception $e)  {
    // unsuccessful login
    do_html_header('Problem:');
    echo 'You could not be logged in.
          You must be logged in to view this page.';
    do_html_url('login.php', 'Login');
    do_html_footer();
    exit;
  }
}

do_html_header('Home');
check_valid_user();
// get the bookmarks this user has saved
if ($url_array = get_user_urls($_SESSION['valid_user'])) {
  display_user_urls($url_array);
}

// give menu of options
display_user_menu();

do_html_footer();
?>

The main part id the first half. When I try it I keep getting the exception message listed here of "'You could not be logged in. You must be logged in to view this page".

The login function it is referencing is:

function login($username, $password) {
// check username and password with db
// if yes, return true
// else throw exception

  // connect to db
  $conn = db_connect();

  // check if username is unique
  $result = $conn->query("select * from user
                         where username='".$username."'
                         and passwd = sha1('".$password."')");
  if (!$result) {
     throw new Exception('Could not log you in.');
  }

  if ($result->num_rows>0) {
     return true;
  } else {
     throw new Exception('Could not log you in.');
  }
}

Does anyone know why it would still not be letting me log in? The names are definitely in the database. It is definitely connecting to the database, (as when I use the db_connect function to register users, its works fine). I have coped the source code over from the actual CD just to make sure it is perfect, and it is still doing this. Is there any sort of php update that has happened recently that would make this code not work anymore? I am thinking maybe the "try" function has changed, as I cant find much of it on phpmanual.

Cheers.

halojoy

I assume that you get 2 values okay from $_POST user+pass
But to make sure you can echo those 2 values, just to test.

One thing I can think of is you have not sha1(password) in your DB.
Are you sure you stored sha1() values at register user?

To find out why this query does not return 1 user row
you should do this for DEBUG.
Only you know the exact error function to use

  // check if username is unique
  $result = $conn->query("select * from user
                         where username='".$username."'
                         and passwd = sha1('".$password."')");
  if (!$result) {
//DEBUG ... something like this:
echo 'DB Error: '.$conn->error();
     throw new Exception('Could not log you in.');
  }

Myself prefer to use PHP [man]sha1/man
before running the query.
Like this

 // check if username is unique

  $sha1pass = sha1($password);
  $result = $conn->query("select * from user
                         where username= '$username'
                         and passwd = '$sha1pass'");
  if (!$result) {
//DEBUG ... something like this:
echo 'DB Error: '.$conn->error();
     throw new Exception('Could not log you in.');
  }