<?php
$encrypted_password = "SELECT password FROM users WHERE login={$_REQUEST['login']}";
if (crypt($_REQUEST['password'],$encrypted_password)==$encrypted_password)
{
echo ("logged in");
}
// the following returns the right user and password..
// but no echo logged in.
echo $encrypted_password;
echo $_REQUEST['password'];
?>
$encrypted_password = "SELECT password FROM users WHERE login={$_REQUEST['login']}";
should be
$encrypted_password = "SELECT password FROM users WHERE login='{$_REQUEST['login']}'";
and unless you didn't actually post it, i don't see where you perform the actual query and get the results with a mysql_fetch_* ?
Well you seem to want to be performing a query, "SELECT password FROM users WHERE login='{$_REQUEST['login']}'" but you never actual perform a query. E.g something like:
$sql = "SELECT password FROM users WHERE login='{$_REQUEST['login']}'";
//connect to the db here etc..etc..
$result = mysql_query($sql) or die(mysql_error());
if(mysql_num_rows($result)){
$row = mysql_fetch_assoc($result);
$encrypted_password = $row['password'];
if (crypt($_REQUEST['password'],$encrypted_password)==$encrypted_password) {
echo 'logged in';
} else {
echo 'not logged in';
}
} else {
echo 'no rows returned from the database.';
}