Login Error

[e4games]

Ok, so know when you register it submits the information into the database, but instead of putting it in what you typed it puts in random characters. If you go to login using the random characters that it set as your password it still doesn't let you login. Here are my register and login codes.

<?php  require_once 'db.php'; $page_mode = $_POST['page_mode']; # empty variable defaults to '' (or null) if ($page_mode === 'register') {   $username = mysql_real_escape_string(trim($_POST['username']));   $password = $_POST['password'];   if ($password !== $_POST['conf_password']) $error_string .= 'Password mismatch.<br>';   if ($error_string == '')   { 	$result = db_query("SELECT username FROM users WHERE username='$username';"); 	if (mysql_num_rows($result) > 0) $error_string .= 'The username is already registered.<br>'; 	else 	{ 	  $password = sha1($password); // hash password once 	  	  db_query("INSERT INTO users (username, password) VALUES ('$username', '$password');"); 	  header('Location: thankyou.php'); 	  exit(); 	}   } } ?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html>  <head>	<title>Register</title>	<style type="text/css">	.error_text {	  color: #FF0000;	  width: 400px;	  text-align: center;	}	.left_box {	  float: left;	  width: 150px;	  text-align: right;	  padding-right: 5px;	}	.right_box {	  clear: right;	}	</style>  </head>  <body>	<div class="error_text"><?php echo $error_string; ?></div>	<form action="register.php" method="post">	<input type="hidden" name="page_mode" value="register">	<div class="left_box">Username</div>	<div class="right_box"><input type="text" name="username" size="30" maxlength="255" value="<?php if (isset($username)) echo $username; ?>"></div>	<div class="left_box">Password</div>	<div class="right_box"><input type="password" name="password" size="30"></div>	<div class="left_box">Confirm Password</div>	<div class="right_box"><input type="password" name="conf_password" size="30"></div>	<div class="left_box"> </div>	<div class="right_box"><input type="submit" value="Register" size="30"></div>	</form>  </body></html>

Login Code

 <?php session_start(); $error_string = ''; # error_string is modified in db.php! require_once 'db.php'; $page_mode = $_POST['page_mode']; # empty variable defaults to '' (or null) if ($page_mode === 'login') {   $username = mysql_real_escape_string(trim($_POST['username']));   $password = $_POST['password'];   if ($username == '' || strlen($password) == 0) # password can be of spaces, which must not be trimmed! 	$error_string .= 'Please enter your username and password.<br>';   else   { 	$result = db_query("SELECT id, username, password FROM users WHERE username='$username';"); 	if (!($row = mysql_fetch_assoc($result))) 	  $error_string .= 'The username was not found.<br>'; 	else if ($row['password'] != sha1($password)) 	  $error_string .= 'The password did not match.<br>'; 	else 	{ 	  $_SESSION['user_id'] = $row['id']; 	  $_SESSION['user_name'] = $row['username']; 	  header('Location: /'); 	  exit(); 	}   } } ?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html>  <head>	<title>Register</title>	<style type="text/css">	.error_text {	  color: #FF0000;	  width: 400px;	  text-align: center;	}	.left_box {	  float: left;	  width: 150px;	  text-align: right;	  padding-right: 5px;	}	.right_box {	  clear: right;	}	</style>  </head>  <body>	<div class="error_text"><?php echo $error_string; ?></div>	<form action="login.php" method="post">	<input type="hidden" name="page_mode" value="login">	<div class="left_box">Username</div>	<div class="right_box"><input type="text" name="username" size="30" maxlength="255" value="<?php if (isset($username)) echo $username; ?>"></div>	<div class="left_box">Password</div>	<div class="right_box"><input type="password" name="password" size="30"></div>	<div class="left_box"> </div>	<div class="right_box"><input type="submit" value="Log In" size="30"></div>	</form>  </body></html>

[jlhaslip]

Use the plain-text password. The one in the DB is sha1 encrypted.