phpnoobie9 Posted January 21, 2008 Share Posted January 21, 2008 I'm able to submit username and sha1 password to my database, but can't seem to login. Here is the login code. I'm always getting my else statement. Is there something I left out? <php? $username = trim(mysql_real_escape_string($_POST['username'])); $password = sha1(trim(mysql_real_escape_string($_POST['password']))); if ( isset ($_POST['login'])) { if ( (!empty ($_POST['username'])) && (!empty ($_POST['password'])) ) { if ( ($_POST['username'] == '$username') && ($_POST['password'] == '$password') ) { $_SESSION["loggedin"] = $_POST['username']; header("location: member.php"); } else { echo 'Username and password do not match.'; } } } ?> Quote Link to comment Share on other sites More sharing options...
rhodesa Posted January 21, 2008 Share Posted January 21, 2008 <php? Change <php? to <?php $username = trim(mysql_real_escape_string($_POST['username'])); Why are you escaping the username? Do you do some DB call you aren't telling us about? $password = sha1(trim(mysql_real_escape_string($_POST['password']))); You shouldn't trim passwords. Maybe the person wants a space at the end of it if ( (!empty ($_POST['username'])) && (!empty ($_POST['password'])) ) { If you are storing the values into $username and $password, why are you still referring to the $_POST values? if ( ($_POST['username'] == '$username') && ($_POST['password'] == '$password') ) { First, $username and $password should not have single quotes around them. PHP interprets that as a literal string, not the value of a variable. After that fix, this doesn't make any sense, because you are testing to see if a variable is equal to a copy of itself. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.