so here is the line calling the function:

$login = login($username, $password);

        if($login == false)
        {
            $errors[] = 'That username/password combination is incorrect';

        }else
        {
            $_SESSION[user_id] = $login;

            header('Location: anounceEdit.php');
            exit();

and here is the functions code

function login($username, $password)
{
    $user_id = user_id_from_username($username);
    $username = sanitize($username);
    $password = SHA1($password);
    $query = mysql_query("SELECT COUNT(user_id) FROM users WHERE userName = '$username' AND password = '$password'");

    return(mysql_result($query, 0) === 1) ? $user_id : false;
}

and the function that it calls

function user_id_from_username($username)
{
    $username = sanitize($username);
    $query = mysql_query("SELECT user_id FROM users WHERE userName = '$username'");

    return mysql_result($query, 0, 'user_id');
}

i know that i am entering the corect information i even went an redid it on the server end so that i could make sure and i am still getting:
Array ( [0] => That username/password combination is incorrect )
what am i missing here? been working on this login code for a week now so i definitely need a fresh pair of eyes

One possibility for the cause of the error could be on the return line of the login function (which obviously returns false):

return(mysql_result($query, 0) === 1) ? $user_id : false;

mysql_result() function returns string so you should compare it to 1 (an integer) with == operator. If you want to use === operator then you should compare it to '1' (a string).

So either:

return(mysql_result($query, 0) == 1) ? $user_id : false;

or:

return(mysql_result($query, 0) === '1') ? $user_id : false;

I have not tested this so I do not claim I am 100% right.

nope no change either way

the code is working fine its the encryption that is not working properly, can anyone recoments an encryption that works right we were trying to use SHA1

I am not sure if this is important: sha1() function should be in lowercase. Can you try

$password = sha1($password);

i have had it lower case and it returned the same error

Another desperate try: have you tried to echo the query in the login function:

function login($username, $password)
{
    $user_id = user_id_from_username($username);
    $username = sanitize($username);
    $password = SHA1($password);
    $query = mysql_query("SELECT COUNT(user_id) FROM users WHERE userName = '$username' AND password = '$password'");

    // DEBUG
    die($query);

    return(mysql_result($query, 0) === 1) ? $user_id : false;
}

Does the query look OK (is user_id correct, is $password actually a hash)? Does the output query work OK in phpmyadmin if you copy it there?

And what does the sanitize function do? Does it work correctly?

yeah i got that part fixed as i said before, i have moved on to trying to secure my sensitive pages so that they cant be accessed without logging in

Have you tried using MD5 for encryption? I have used similar code to yours in the past, and it works just fine.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.