need help with login

[phpnoobie9]

I'm able to submit username and sha1 password to my database, but can't seem to login.

 

Here is the login code. I'm always getting my else statement. Is there something I left out?

<php?
$username = trim(mysql_real_escape_string($_POST['username']));
$password = sha1(trim(mysql_real_escape_string($_POST['password'])));

if ( isset ($_POST['login'])) {
if ( (!empty ($_POST['username'])) && (!empty ($_POST['password'])) ) {
	if ( ($_POST['username'] == '$username') && ($_POST['password'] == '$password') ) {
		$_SESSION["loggedin"] = $_POST['username']; 
		header("location: member.php");
	} else {
		echo 'Username and password do not match.';
	}
}
}
?>

[rhodesa]

<php?

Change <php? to <?php

 

$username = trim(mysql_real_escape_string($_POST['username']));

Why are you escaping the username? Do you do some DB call you aren't telling us about?

 

$password = sha1(trim(mysql_real_escape_string($_POST['password'])));

You shouldn't trim passwords. Maybe the person wants a space at the end of it

 

if ( (!empty ($_POST['username'])) && (!empty ($_POST['password'])) ) {

If you are storing the values into $username and $password, why are you still referring to the $_POST values?

 

if ( ($_POST['username'] == '$username') && ($_POST['password'] == '$password') ) {

First, $username and $password should not have single quotes around them. PHP interprets that as a literal string, not the value of a variable.

After that fix, this doesn't make any sense, because you are testing to see if a variable is equal to a copy of itself.