you may want to try this
if ((strcmp($username,$myrow[0])==0) && (strcmp($password,$myrow[2])==0))
instead of
if ($username==$myrow[0] && $password==$myrow[2])
You may also want to change your select query:
$query = "SELECT Password FROM userinfo WHERE Username='$username'";
then change your comparision to:
if (strcmp($password,$myrow[2])==0)
Ross Dmochowski wrote:
> Hi. i'm new to PHP, and i can't seem to find out what i'm doing wrong
> with the following code:
>
> client posts username/password via SSL to this file, login.php,
> where i want to check the username/password combo against what is listed
> in the db
> if the entries are blank, it goes to a page that sends email and syslog
> alerts about a failed login attempt.
> if the entry is bad, it also goes to this badlogin.php
> while if it matches, they get cookies set and go to the goodlogin.php
>
> <?php
> $username = $HTTP_POST_VARS['username'];
> $password = $HTTP_POST_VARS['password'];
> if ($username == "" or $password == "") {
> header ("Location: http://www.some.com/secure/badlogin.php";);
> } else {
> $db = pg_connect("dbname=some_com user=some_com");
> $query = "SELECT * FROM userinfo";
> $result = pg_exec($db, $query);
> $numrows = pg_numrows($result);
> };
> do {
> $myrow = pg_fetch_row ($result,$row);
> if ($username==$myrow[0] && $password==$myrow[2]) {
> mt_srand((double)microtime()*1000000);
> $random_cookiename = mt_rand();
> $random_cookievalue = mt_rand();
> setcookie ($random_cookiename, $random_cookievalue, time()+900);
> setcookie (ClientAddress, $REMOTE_ADDR, time()+900);
> pg_close($db);
> header ("Location: https://www.some.com/secure/goodlogin.php";);
> }
> $row++;
> } while($row < $numrows);
> pg_close($db);
> header ("Location: http://www.some.com/secure/badlogin.php";);
> ?>
>
> the specified user has db rights.
> if i put
> echo $myrow[0];
> in the loop (and remove the redirect to the badlogin.php file , it will
> print out all the users in the db (the first column)
> but my comparison operation is not successfully telling when the entered
> data properly matches the db entry (is it a datatype problem? the username
> is kept in the postgresql db as type char)
>
> any constructive help would be very appreciated.
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
