Hi I'm trying to develop a site that users can log into.
It's all standard enough the details are being kept on a mysql database. I can add the details to the db but my code for logging in isn't working.
here is my login script
function user_login($username, $password)
{
// Try and get the salt from the database using the username
$query = "SELECT salt FROM users WHERE username='$username'";
$result = mysql_query($query);
if (mysql_num_rows($result) > 0)
{
// Get the user
$user = mysql_fetch_array($result);
// Using the salt, encrypt the given password to see if it
// matches the one in the database
//$encrypted_pass = md5(md5($password).$user['salt']);
//test only
$encrypted_pass = md5($password);
// Try and get the user using the username & encrypted pass
$query = "SELECT u_id, activated FROM users WHERE username='$username' and password='$encrypted_pass'";
$result = mysql_query($query);
if (mysql_num_rows($result) > 0)
{
$user = mysql_fetch_array($result);
// Now encrypt the data to be stored in the session
$encrypted_id = md5($user['u_id']);
$encrypted_name = md5($user['username']);
$encrypted_type = md5($user['u_type']);
// Store the data in the session
$_SESSION['u_id'] = $user['u_id'];
$_SESSION['username'] = $username;
$_SESSION['u_type'] = $user['u_type'];
$_SESSION['activated'] = $user['activated'];
$_SESSION['encrypted_id'] = $encrypted_id;
$_SESSION['encrypted_name'] = $encrypted_name;
$_SESSION['encrypted_type'] = $user['u_type'];
// Return ok code
return true;
}
else
{
return false;
}
}
else
{
return false;
}
}
and here is where it is called
<?PHP
// starts session, logs in to db, loads login funct
include '../../db/init.php';
$_SESSION['username']=$_POST["user"];
$_SESSION['password']=$_POST["pass"];
if(user_login($_SESSION['username'],$_SESSION['password']))
{
$p = $_SESSION['u_type'];
switch ($_SESSION['u_type'])
{
case 0:
//include '../staff/staff.php';
echo 'Session u_type' . $_SESSION['u_type'];
echo ' p ' . $p;
break;
case 1:
include '../trade/trade.php';
echo $_SESSION['u_type'];
echo $p;
break;
case 2:
include '../customer/customer.php';
break;
}
}
else
{
//header('Location: www.thebikevault.com');
echo "User type not found";
echo "U_id: ".$_SESSION['u_id'];
echo "Username: ".$_SESSION['username'];
echo "Type: ".$_SESSION['u_type'];
}
?>
It always goes to case 0, from printing out $_SESSION, I know the value is always blank ie it is not being set properly. This makes me think me user_login script isn't working, but I can't see what's I could do with a fresh set of eyes if anyone can help me?
Thanks
Jeff