Hi I'm trying to develop a site that users can log into.
It's all standard enough the details are being kept on a mysql database. I can add the details to the db but my code for logging in isn't working.

here is my login script

function user_login($username, $password)
{
     // Try and get the salt from the database using the username
     $query = "SELECT salt FROM users WHERE username='$username'";
     $result = mysql_query($query);

     if (mysql_num_rows($result) > 0)
     {
          // Get the user
          $user = mysql_fetch_array($result);

          // Using the salt, encrypt the given password to see if it
          // matches the one in the database
          //$encrypted_pass = md5(md5($password).$user['salt']);
          
          //test only
			$encrypted_pass = md5($password);
          // Try and get the user using the username & encrypted pass
          $query = "SELECT u_id, activated FROM users WHERE username='$username' and password='$encrypted_pass'";
          $result = mysql_query($query);

          if (mysql_num_rows($result) > 0)
          {
               $user = mysql_fetch_array($result);

               // Now encrypt the data to be stored in the session
               $encrypted_id = md5($user['u_id']);
               $encrypted_name = md5($user['username']);
					$encrypted_type = md5($user['u_type']);
              
               // Store the data in the session
               $_SESSION['u_id'] = $user['u_id'];
               $_SESSION['username'] = $username;
               $_SESSION['u_type'] = $user['u_type'];
               $_SESSION['activated'] = $user['activated'];
               $_SESSION['encrypted_id'] = $encrypted_id;
               $_SESSION['encrypted_name'] = $encrypted_name;
               $_SESSION['encrypted_type'] = $user['u_type'];

               // Return ok code
               return true;
          }
          else
          {
               return false;
          }
     }
     else
     {
          return false;
     }
}

and here is where it is called

<?PHP
        // starts session, logs in to db, loads login funct
	include '../../db/init.php';

	$_SESSION['username']=$_POST["user"];
  	$_SESSION['password']=$_POST["pass"];

	if(user_login($_SESSION['username'],$_SESSION['password']))
	{
		$p = $_SESSION['u_type'];
		
		switch ($_SESSION['u_type'])
		{
			case 0:
  				//include '../staff/staff.php';
  				echo 'Session u_type' . $_SESSION['u_type'];
		echo ' p ' . $p;
  				break;
			case 1:
  				include '../trade/trade.php';
  				echo $_SESSION['u_type'];
		echo $p;
  				break;
  			case 2:
  				include '../customer/customer.php';
  				break;
		} 
	}
	else
	{
		//header('Location: www.thebikevault.com');
		echo "User type not found";
		echo "U_id: ".$_SESSION['u_id'];
		echo "Username: ".$_SESSION['username'];
      echo "Type: ".$_SESSION['u_type'];
	}
?>

It always goes to case 0, from printing out $_SESSION, I know the value is always blank ie it is not being set properly. This makes me think me user_login script isn't working, but I can't see what's I could do with a fresh set of eyes if anyone can help me?

Thanks
Jeff

what is init.php? How and where are you connecting to the db server?

what is init.php? How and where are you connecting to the db server?

in init.php, I connect to the database, and load the functions i need. My db connection works because I use it else where to query the db

I would be curious to see other values returned from the database, that is in the user_login function, before loading up the $_SESSION, do a dump of $user:

print("<pre>");
var_dump($user);
print("</pre>");

and then maybe something similar in the case 0: block of the second snippet for the $_SESSION variable.

print("<pre>");
var_dump($_SESSION);
print("</pre>");

(For brevity, you could omit the md5 codes and other fields which are not mentioned in your post, if you decide to post it here).

But it is not clear where you are actually calling session_start().

Also, it is NOT clear if you have a variable holding a reference to the db connection. If you do, you need to pass that variable to your user_login() function. Post your code if you still can't resolve it.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.