Login page help

[Lodius2000]

I finally finished my user creation page, now i have to do my login page

 

i am getting an error message when I submit a valid username and password

 

it tells me:

Please enter a valid password.

 

Note: I user PEAR DB and the password is stored crypt()-ed

 

the password validation

//check that password matches username
$encrypted_password = $db->getOne("SELECT password FROM users WHERE username = '$_POST[username]'");
if ($encrypted_password != crypt($_POST['password'], $encrypted_password)){
	$errors[] = 'Please enter a valid password.';
}

 

i tried replacing getOne with query but it returned a php error that said

 

Warning: crypt() expects parameter 2 to be string, object given in admin/index.php on line 75 which is the if() statement

 

if you can find what is wrong it would be much appreciated

 

Thanks

[minidak03]

This line seems wrong to me for some reason

 

$encrypted_password = $db->getOne("SELECT password FROM users WHERE username = '$_POST[username]'");

 

I think it should be more like this

 

$encrypted_password = $db->getOne("SELECT password FROM users WHERE username = '".$_POST['username']."'");

 

For your $_POST variable you didn't include any quotes around it.

 

Try that out.

[Lodius2000]

 

For your $_POST variable you didn't include any quotes around it.

 

Try that out.

 

i looked at that too but then I looked at my matching code to check for a valid username, that does not throw an error and it looks like this

 

//check that the username exists
$q = $db->query("SELECT username FROM users WHERE username = '$_POST[username]'");
if ($q->numrows() == 0 ){
	$errors[] = 'Please enter a valid username.';
}

 

so i am really confused