right i have confirmed the query SELECT * FROM mbgeust WHERE user_name = '{$name}' AND user_pass = SHA1('{$pass}') returns a result but it returns saying 'Showing rows 0 - 0 ( 1 total, Query took 0.0005 sec)' sould that not be rows 0 - 1 as mysql_num_rows($mysql) is returning 0 despite the fact that the query returns one row here is my whole code
<?php
session_start();
include './inc/sql.php';
if(!isset($_SESSION['loggedin'])){
if(isset($_POST['submit'])){
$name = mysql_real_escape_string($_POST['username']);
$pass = mysql_real_escape_string($_POST['password']);
sql_start();
$mysql = mysql_query("SELECT * FROM mbgeust WHERE user_name = '{$name}' AND user_pass = SHA1('{$pass}')")
or die ("Error: ". mysql_error(). " with query ". $mysql);
if(mysql_num_rows($mysql) == 1){
$_SESSION['loggedin'] = TRUE;
$_SESSION['name'] = $name;
header('refresh:3; URL = /');
die('You are now logged in!');
}
else{
header('refresh:3; URL = /');
die ('Password was probably incorrect!');
}
sql_stop();
}
echo "<form action='./' method='POST'>
Username: <br/>
<input type='text' name='username' /><br/>
Password: <br/>
<input type='password' name='password' /><br/>
<input type='submit' name='submit' value='Login'/>
</form>";
}
else {
include 'main.php';
}
?>
and sql.php
<?php
function sql_start(){
global $con;
$con = mysql_connect("mackinnonsbakery.co.uk.mysql","mackinnonsbaker","UE9ux3cZ")
or die('Could not connect: ' . mysql_error());
mysql_select_db("mackinnonsbaker", $con)
or die('Could not connect: ' . mysql_error());
}
function sql_stop(){
global $con;
mysql_close($con);
}
?>
You're calling mysql_real_escape_string prior to sql_start(), so you have no active database connection - so $name and $pass are probably set to false. Check your error logs you should see warnings.