you may want to try this if ((strcmp($username,$myrow[0])==0) && (strcmp($password,$myrow[2])==0)) instead of if ($username==$myrow[0] && $password==$myrow[2])
You may also want to change your select query: $query = "SELECT Password FROM userinfo WHERE Username='$username'"; then change your comparision to: if (strcmp($password,$myrow[2])==0) Ross Dmochowski wrote: > Hi. i'm new to PHP, and i can't seem to find out what i'm doing wrong > with the following code: > > client posts username/password via SSL to this file, login.php, > where i want to check the username/password combo against what is listed > in the db > if the entries are blank, it goes to a page that sends email and syslog > alerts about a failed login attempt. > if the entry is bad, it also goes to this badlogin.php > while if it matches, they get cookies set and go to the goodlogin.php > > <?php > $username = $HTTP_POST_VARS['username']; > $password = $HTTP_POST_VARS['password']; > if ($username == "" or $password == "") { > header ("Location: http://www.some.com/secure/badlogin.php"); > } else { > $db = pg_connect("dbname=some_com user=some_com"); > $query = "SELECT * FROM userinfo"; > $result = pg_exec($db, $query); > $numrows = pg_numrows($result); > }; > do { > $myrow = pg_fetch_row ($result,$row); > if ($username==$myrow[0] && $password==$myrow[2]) { > mt_srand((double)microtime()*1000000); > $random_cookiename = mt_rand(); > $random_cookievalue = mt_rand(); > setcookie ($random_cookiename, $random_cookievalue, time()+900); > setcookie (ClientAddress, $REMOTE_ADDR, time()+900); > pg_close($db); > header ("Location: https://www.some.com/secure/goodlogin.php"); > } > $row++; > } while($row < $numrows); > pg_close($db); > header ("Location: http://www.some.com/secure/badlogin.php"); > ?> > > the specified user has db rights. > if i put > echo $myrow[0]; > in the loop (and remove the redirect to the badlogin.php file , it will > print out all the users in the db (the first column) > but my comparison operation is not successfully telling when the entered > data properly matches the db entry (is it a datatype problem? the username > is kept in the postgresql db as type char) > > any constructive help would be very appreciated. > > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]