After using your suggestion, I found an additional SPELLING mistake that was causing my problem!!!!!
Thanks for your help ----- Original Message ----- From: "Jonathan Hilgeman" <[EMAIL PROTECTED]> To: "'Michael Elliott'" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, December 13, 2001 11:46 AM Subject: RE: [PHP-DB] Connecting to MySQL Database > Try moving session_start to the very top of the script (above the require > statement), and then place the session_register on the line immediately > below session_start. You should first create the empty session variable > $admin_user, and THEN assign a value to it. But the most logical thing to do > would be to put all the session information at the very top of the script. > > - Jonathan > > -----Original Message----- > From: Michael Elliott [mailto:[EMAIL PROTECTED]] > Sent: Thursday, December 13, 2001 8:40 AM > To: [EMAIL PROTECTED] > Subject: Re: [PHP-DB] Connecting to MySQL Database > > > Alright here goes..... > > This is my login function: > > function login($username, $password) > // check username and password with db > // if yes, return true > // else return false > > { > // connect to db > $conn = db_connect(); > if (!$conn) > return 0; > > // check if username is unique > $result = mysql_query("select * from admin > where username='username' and > password = password('$password')"); > > if (!$result) > return 0; > > if (mysql_num_rows($result)>0) > return 1; > else > return 0; > } > > And here is my admin.php page: > > <? > > // include function files for this application > require_once("golf_fns.php"); > session_start(); > > if ($username && $passwd) > // they have just tried logging in > { > if (login($username, $passwd)) > { > // if they are in the database register the user id > $admin_user = $username; > session_register("admin_user"); > } > else > { > // unsuccessful login > do_html_header("Problem:"); > echo "You could not be logged in. > You must be logged in to view this page. <br>"; > do_html_url("login.php", "Login"); > do_html_footer(); > exit; > } > } > > do_html_header("Administration"); > if (check_admin_user()) > display_admin_menu(); > else > echo "You are not authorized to enter the administration area."; > > do_html_footer(); > > ?> > > I checked my database and as you said, the password has been encrypted. > Shouldn't MySQL be able to compare it against an encrypted password? > > Thanks for your help! > > > "Jonathan Hilgeman" <[EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Can you show us the code that checks the username and password to see if > > they're correct? > > > > Is this a custom admin page that you created? > > > > If your page is authenticating against the "mysql" database, then you > should > > know that MySQL encrypts the password and stores the encrypted password. > > > > So if you use the GRANT statement to create a new user that looks like: > > User: admin > > Pass: Secrets > > > > ...MySQL will store this as: > > User: admin > > Pass: Ata91230t!44 > > > > So if you try to login and your login code looks like: > > if($PasswordEntered == $DatabasePassword) > > { > > ... > > } > > > > So even if $PasswordEntered equals "Secrets", it won't be the same, > because > > it won't match the encrypted password. > > > > - Jonathan > > > > -----Original Message----- > > From: Michael Elliott [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, December 13, 2001 5:54 AM > > To: [EMAIL PROTECTED] > > Subject: [PHP-DB] Connecting to MySQL Database > > > > > > I am trying to create an admin page to administer my database. I used a > > file .sql to create my database. In the file, I included: > > > > grant select, insert, update, delete > > on database.* > > to admin@localhost identified by 'password'; > > > > Why can I not log in successfully using admin and password? > > > > Thanks > > > > > > > > > > -- > > PHP Database Mailing List (http://www.php.net/) > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
