I need help in getting password authentication to work for my website.
I had written the function below and it worked fine on the old version of mysql but not on the newer one. I changed the password field to accommodate 41 chars hoping that was the only change I had to make but it still doesn't work.
Below is the function and info about the password field.
Thanks in advance for your help.

My database

Field Type
username varchar(16)
password varchar(41)
email varchar(100)
-------------------------------------------------
My login function

function login($username, $password)
// check username and password with db
// if yes, return true
// else return false
{
// connect to db
$conn = db_connect();
if (!$conn)
return false;

// check if username is unique
$result = mysql_query("select * from user
where username='$username'
and password = password('$password')");
if (!$result)
return false;

if (mysql_num_rows($result)>0)
return true;
else
return false;
}

Are you using an existing database, or a new one where all the passwords are in the 41-byte style?

If you are using an old database (16-byte) use the OLD_PASSWORD function, otherwise I would need more information.

I created it from scratch just last week and the encrypted password have an asterisk (*) at the start and 41 characters.

I guess I just needed a good nights rest before taking a look at my coding again to discover the problem.

In my login form I was identifying the input form items with "id" alone when I should have been using "name". I though "name" was deprecated though so why can't id alone work?

Anyway, I'm no longer using the password() function because I've researched it through google and heard that SHA1() is more secure and password() is used in MYSQL's own authentication system so it's best not to use it in our own applications.

Thanks for your help!