Login Problem

[trhynard]

I have made a login screen from kevins tutorial. The sign up works fine, but when i login i get the access denied screen, even with a correct username and password. If someone could take a look at the code i used below and tell me what i did wrong i would greately appreciate it.

accesscontrol.php

<?php //accesscontrol.php

include("common.php");
include("db.php");

session_start();

if(!isset($uid)) {
?>

<html>
<head>
<title>Please Log In For Access</title>
</head>
<body>
<h1>Login Required</h1>
<p>You must log in to access this area of the site. If you are not a registered
user, <a href="signup.php">click here</a> to sign up for instant access!</p>
<p><form method="post" action="<?=$php_self?>">
User ID: <input type="text" name="uid" size="8"><br>
Password: <input type="password" name="pwd" size="8"><br>
<input type="submit" value="Log In">
</form></p>
</body>
</html>
<?php
exit;
}

session_register("uid");
session_register("pwd");

dbconnect("sessions");
$sql = "SELECT * FROM user WHERE
userid = 'uid' AND password = 'pwd'";
$result = mysql_query($sql);
if(!$result) {
error("A database error has occured while checking your ".
"login details.\\nIf this error persists, please ".
"contact trhynard@aol.com.");
}
if (mysql_num_rows($result) == 0) {
session_unregister("uid");
session_unregister("pwd");
?>
<html>
<head>
<title>Access Denied</title>
</head>
<body>
<h1>Access Denied</h1>
<p>Your user ID or password were incorrect, or you are not a registered user on this site.
To try logging in again please click <a href="<?=$php_self?>">here</a>.
To register for instant access, please click <a href="signup.php">here</a>.</p>
</body>
</html>
<?php
exit;
}
$username = mysql_result($result,0,"fullname");
?>

[johnn]

$sql = "SELECT * FROM user WHERE
userid = '$uid' AND password = PASSWORD('$pwd')";

There are some pieces missing here and there. The whole application needs some modifications in order for it to work correctly.

[trhynard]

Well can you tell me where and what needs fixed?

[smorb]

Hi trhynard, I'm using the same login-skript and it works fine. I couldn't find any mistakes in yours. You should doublecheck if the name for the db and the tables are correct, maybe check the sql-query alone without that session staff.
Next you should check if sessions are working on your account ( I had this problem a view days ago ). Just type:

print("$PHPSESSID");

after you started the session. If you do not get a session ID ( "which is nothing else than a long number") ask your provider.

By the way. If you include the "db.php" file in the login skript, you must not include it in the other skripts ( in the user-section) Otherwise you call it twice and will get an error message. (The same for "common.php")
So far, smorb