Php Authentication Script Prob

[autopost]

Hiya All,<br /><br />First time posting within the family forums in a long time (just got another domain after being away fer a bit)<br /><br />Anyway, lookin' for some help<br />Have a MySql Dbase with a Users table, to which of course holds user info - username and password<br />I have inserted the user info into the dbase with a config *.sql file.<br />The syntax I used was<br /><br /><!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1-->insert into users(username, password, fullname, company, email, phone) values ('mwells', sha1('Te5t3r'), 'Mike Wells', 'EMT', '[email protected]', '847.123.1234');<!--c2--></div><!--ec2--><br /><br />Now the problem I am having is that, whenever I test authentication, it does not seem to pass and I get my "Failure" message (within the login.php file).<br />If I echo the $_REQUEST the info passed to the login script is correct. Any ideas on why I cannot get this to start my session??<br /><br /><!--sizeo:3--><span style="font-size:12pt;line-height:100%"><!--/sizeo--><b>login.php</b><!--sizec--></span><!--/sizec--><br /><!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1--><?php<br />// Set up error reporting display<br />ini_set('display_errors', 1);<br />error_reporting(E_ALL);<br /><br /> include_once('cafs_fns.php');<br /><br />  if ( (!isset($_REQUEST['username'])) || (!isset($_REQUEST['password'])) ) <br />  {<br />    echo 'You must enter your username and password to proceed';<br />    exit;<br />  }<br /><br />  $username = $_REQUEST['username'];<br />  $password = $_REQUEST['password'];<br /><br />if (login($username, $password)) <br />  {<br />    $_SESSION['auth_user'] = $username;<br />   header('Location: '.$_SERVER['HTTP_REFERER']);<br />  }<br />  else <br />  {<br />    echo '<br>';<br />    echo 'The credentials you have entered are incorrect<br>';<br />    echo 'You must enter in a valid Username & Password to continue';<br />    exit;<br />  }<br />?><!--c2--></div><!--ec2--><br /><br />cafs_fns holds my connect to...script and an auth_fns script, to which also includes the login form itself<br /><br /><!--sizeo:3--><span style="font-size:12pt;line-height:100%"><!--/sizeo--><b>auth_fns.php</b><!--sizec--></span><!--/sizec--><br /><!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1--><?php<br /><br />// Set up error reporting display<br />ini_set('display_errors', 1);<br />error_reporting(E_ALL); <br />// Check username and password with db<br />  function login($username, $password)<br />  {<br />    // connect to db<br />    $handle = db_connect();<br />    if (!$handle)<br />      return 0;<br /><br />    $result = mysql_query("select * from users,<br />                              where username='$username' and<br />                                password = sha1($password)", $handle);<br />    if (!$result)<br />    {<br />      return 0;<br />    }<br />    if ($result->mysql_num_rows>0)<br />    {<br />      return 1;<br />    }<br />    else <br />    {<br />      return 0;<br />    }<br />  }<br /><br />  function check_auth_user()<br />  // see if somebody is logged in and notify them if not<br />  {<br />    global $_SESSION;<br />    if (isset($_SESSION['auth_user']))<br />    {<br />      return true;<br />    }<br />    else<br />    {<br />      return false;<br />    }<br />  }<br />  function login_form()<br />  {<br />    ?><br /><p> </p><br /><div id="global"><br />    <form action='../cafs/admin/login.php' method='POST'><br />    <table border=0><br />    <tr><br />      <td>Username</td><br />      <td><input size='16' name='username'></td><br />    </tr><br />    <tr><br />      <td>Password</td><br />      <td><input size='16' type='password' name='password'></td><br />    </tr><br />    </table><br />    <input type='submit' value='Log in'><br />    </form><br /></div><br />    <?php<br />  }<br /><br />  function check_permission($username, $file)<br />  // check user has permission to act on this record <br />  {<br />    // connect to db<br />    $handle = db_connect();<br />    if (!$handle)<br />      return 0;<br /><br />    if(!$_SESSION['auth_user'])<br />      return 0;<br /><br />    $result = mysql_query("select * from user_permissions up, uploads d<br />                              where up.user = '{$_SESSION['auth_user']}' and<br />                                  up.company = d.client and<br />                                  d.id = $file<br />                              ", $handle);<br />    if (!$result)<br />    {<br />      return 0;<br />    }<br />    if ($result->mysql_num_rows>0)<br />    {<br />      return 1;<br />    }<br />    else <br />    {<br />      return 0;<br />    }<br />  }<br />?><!--c2--></div><!--ec2--><br /><br />Thanks Ahead of Time All!!<!--content-->