Hi. i'm new to PHP, and i can't seem to find out what i'm doing wrong with the following code:
client posts username/password via SSL to this file, login.php, where i want to check the username/password combo against what is listed in the db if the entries are blank, it goes to a page that sends email and syslog alerts about a failed login attempt. if the entry is bad, it also goes to this badlogin.php while if it matches, they get cookies set and go to the goodlogin.php <?php $username = $HTTP_POST_VARS['username']; $password = $HTTP_POST_VARS['password']; if ($username == "" or $password == "") { header ("Location: http://www.some.com/secure/badlogin.php"); } else { $db = pg_connect("dbname=some_com user=some_com"); $query = "SELECT * FROM userinfo"; $result = pg_exec($db, $query); $numrows = pg_numrows($result); }; do { $myrow = pg_fetch_row ($result,$row); if ($username==$myrow[0] && $password==$myrow[2]) { mt_srand((double)microtime()*1000000); $random_cookiename = mt_rand(); $random_cookievalue = mt_rand(); setcookie ($random_cookiename, $random_cookievalue, time()+900); setcookie (ClientAddress, $REMOTE_ADDR, time()+900); pg_close($db); header ("Location: https://www.some.com/secure/goodlogin.php"); } $row++; } while($row < $numrows); pg_close($db); header ("Location: http://www.some.com/secure/badlogin.php"); ?> the specified user has db rights. if i put echo $myrow[0]; in the loop (and remove the redirect to the badlogin.php file , it will print out all the users in the db (the first column) but my comparison operation is not successfully telling when the entered data properly matches the db entry (is it a datatype problem? the username is kept in the postgresql db as type char) any constructive help would be very appreciated. _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]