MySQL & PHP - login

[FirebarUK]

I'm busy creating a login script and now have the following;

$user_pass_check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'") or die(mysql_error());
	//Gives error if user dosen't exist
	$check_row = mysql_num_rows($user_pass_check);
	if ($check_row == 0) {
	die('That user does not exist <a href=register.php>Click Here to Register</a>');
	}
	
	while($info = mysql_fetch_array($user_pass_check))
	{
	$_POST['password'] = stripslashes($_POST['password']);
	$info['pass'] = stripslashes($info['pass']);
	$_POST['password'] = md5($_POST['password']);

	//gives error if the password is wrong
	if ($_POST['password'] != $info['pass']) {
		die('Incorrect password, please try again.');
	}

It detects the username and can match it without a worry but seems to have problems matching the password too. My password is put into the mysql field md5 encrypted. Can anyone see anything wrong with the code above?

Thanks.

 

[FirebarUK]

Thanks. Doing that showed a very long encrypted password (naturally), turned out I hadn't left enough space in the field in the database. Whoops

I'll look into both of your suggestions. Now I just need to keep the user logged in with some kind of session management

 

[FirebarUK]

Righto, I have it all working apart from one very small part.

I have a link to click whereby I would like to POST the contents of a PHP session variable ($_SESSION['username'] in this context). Does anyone know how I can do this. I have a servlet which picks up the info from the POST and requires it for certain operations.

Is this possible without a form?