Try moving session_start to the very top of the script (above the require statement), and then place the session_register on the line immediately below session_start. You should first create the empty session variable $admin_user, and THEN assign a value to it. But the most logical thing to do would be to put all the session information at the very top of the script.
- Jonathan -----Original Message----- From: Michael Elliott [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 13, 2001 8:40 AM To: [EMAIL PROTECTED] Subject: Re: [PHP-DB] Connecting to MySQL Database Alright here goes..... This is my login function: function login($username, $password) // check username and password with db // if yes, return true // else return false { // connect to db $conn = db_connect(); if (!$conn) return 0; // check if username is unique $result = mysql_query("select * from admin where username='username' and password = password('$password')"); if (!$result) return 0; if (mysql_num_rows($result)>0) return 1; else return 0; } And here is my admin.php page: <? // include function files for this application require_once("golf_fns.php"); session_start(); if ($username && $passwd) // they have just tried logging in { if (login($username, $passwd)) { // if they are in the database register the user id $admin_user = $username; session_register("admin_user"); } else { // unsuccessful login do_html_header("Problem:"); echo "You could not be logged in. You must be logged in to view this page. <br>"; do_html_url("login.php", "Login"); do_html_footer(); exit; } } do_html_header("Administration"); if (check_admin_user()) display_admin_menu(); else echo "You are not authorized to enter the administration area."; do_html_footer(); ?> I checked my database and as you said, the password has been encrypted. Shouldn't MySQL be able to compare it against an encrypted password? Thanks for your help! "Jonathan Hilgeman" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Can you show us the code that checks the username and password to see if > they're correct? > > Is this a custom admin page that you created? > > If your page is authenticating against the "mysql" database, then you should > know that MySQL encrypts the password and stores the encrypted password. > > So if you use the GRANT statement to create a new user that looks like: > User: admin > Pass: Secrets > > ...MySQL will store this as: > User: admin > Pass: Ata91230t!44 > > So if you try to login and your login code looks like: > if($PasswordEntered == $DatabasePassword) > { > ... > } > > So even if $PasswordEntered equals "Secrets", it won't be the same, because > it won't match the encrypted password. > > - Jonathan > > -----Original Message----- > From: Michael Elliott [mailto:[EMAIL PROTECTED]] > Sent: Thursday, December 13, 2001 5:54 AM > To: [EMAIL PROTECTED] > Subject: [PHP-DB] Connecting to MySQL Database > > > I am trying to create an admin page to administer my database. I used a > file .sql to create my database. In the file, I included: > > grant select, insert, update, delete > on database.* > to admin@localhost identified by 'password'; > > Why can I not log in successfully using admin and password? > > Thanks > > > > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
