Login Funtion Bug

[MinusMyThoughts]

Hey, guys!I'm using a function to check whether my users are logged in. It works fine, but I wanted to add a user-friendly feature to make the login case-insensitive, so "Mike" can log in as "mike" and it won't tell him his username doesn't exist.I implemented that, and it works fine, but my script uses the $_POST username, so when I say "You are logged in as..." it shows "mike." I'd rather it showed the DB-saved user name, "Mike."So I thought I'd just set the session variable to the DB (i.e. $db['username']), but that just puts the function into an infinite loop.I don't know if I'm missing a detail or if there's some weird rule that I haven't learned. Any help is greatly appreciated!Here's the script:

		function checkLogin($uname,$pword)		{			$query = 'SELECT username, password, admin FROM userdata WHERE username="' . $uname . '"';			$result = mysql_query($query) or die('Error contacting database: ' . mysql_error());			$db = mysql_fetch_array($result);			$n = $db['username'];			$p = $db['password'];			$a = $db['admin'];						if ( $uname == strtolower($n) )			{				$_SESSION['uname'] = $uname; // I want to set this to equal '$db['username']				if ( $pword == $p )				{					$loggedin = 1;					$_SESSION['pword'] = $pword;					$_SESSION['admin'] = $a;				}				else				{					$loggedin = 3;				}			}			else			{				$loggedin = 2;			}						if ( $uname == '' )				$loggedin = 0;						return $loggedin;		}

Thanks!-Jason

[jesh]

Have you tried this?

$_SESSION['uname'] = $n;

[MinusMyThoughts]

Yeah. It sets $loggedin to '0' and brings the user back to the log in page like they hadn't just tried to log in.-Jason

[MinusMyThoughts]

Has anyone seen this before? Any insight? Sorry to nag, but I'm really confused; logically, there should be no issue with this...-Jason

[magic24688]

Do you have session_start(); in the script? This could be the problem not letting them be set.

[MinusMyThoughts]

Yes, I do. Like I said, it works great when I use the variable passed to the function; I just can't use database values in the session. It's like they just reset the page...-Jason

[justsomeguy]

There shouldn't be anything wrong with storing the values in the session, there might be a problem checking the value in the session though. Make sure you are storing and checking the same thing. Also it never hurts to print everything out and make sure you're doing what you think you are.

		function checkLogin($uname,$pword)		{			$query = 'SELECT username, password, admin FROM userdata WHERE username="' . $uname . '"';			$result = mysql_query($query) or die('Error contacting database: ' . mysql_error());			$db = mysql_fetch_array($result);			$n = $db['username'];			$p = $db['password'];			$a = $db['admin'];			if ( $uname == strtolower($n) )			{				$_SESSION['uname'] = $uname; // I want to set this to equal '$db['username']				if ( $pword == $p )				{					$loggedin = 1;					$_SESSION['pword'] = $pword;					$_SESSION['admin'] = $a;				}				else				{					$loggedin = 3;				}			}			else			{				$loggedin = 2;			}			if ( $uname == '' )				$loggedin = 0;			echo "<pre>";			echo "session:\n";			print_r($_SESSION);			echo "db:\n";			print_r($db);			echo "uname: \"{$uname}\"\n";			echo "</pre>";			return $loggedin;		}

If it kicks the user out when you store a different value in the session, then it sounds like the code that is checking the login is not checking for the right value, it might also need to convert the value to lowercase.