php user login anf function

if(isset($_POST['login'])) {
$username = mysql_re开发者_如何学Pythonal_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
if(empty($username) || empty($password)) {
$error = 1;
$error_message = 'Please fill in all the required fields.';
} else {
    get_login_name($username, $password);
    //The commented line works...
    //$query = mysql_query("SELECT /* user_logged true, page login */username, password FROM members WHERE username = '".$username."' AND password = '".sha1($password)."' LIMIT 1");
}
if(mysql_num_rows(get_login_name($username, $password)) == 0) {
    echo get_login_name($username, $password);
$error = 1;
$error_message = 'Incorrect username or password.';
} elseif ($error == 0) {
//Other stuff....
}
}

Function:

function get_login_name($password, $username) {
                global $myDB;
                global $config;
                $query = "SELECT /* page == login, functions.php */username, password FROM members WHERE username = '".$username."' AND password = '".sha1($password)."' LIMIT 1";
                $result = $myDB->Execute($query) or die(GetDbError($myDB->ErrorMsg()));
                return $result;
}

How properly check if username or password incorrect ? (part if(mysql_num_rows(g.....) In my opinion something wrong i have done ir function get_login_name with return and checking. By the way, using adodb.

EDIT: After all i decided a bit test it, so, let's leave function as it now and let's check username and password part:

if  (!is_null(get_login_name($password, $username))) {
    echo get_login_name($password, $username);
$error = 1;
$error_message = 'Incorrect username or password.';
}

If username or password incorrect ir gives me: username,password which mean result doesn't found at all (no user, if user correct gives same)

Ok, let's enter valid user and pass, and it gaves: username,password zero,0a706ce75f3bc195c8ed7be5a21d3766abb0d384

What's wrong ?

---

Essentially, if get_login_name has a return, that means the query returned a match for username and password which means the combination is correct, otherwise, no result means there's no match so you could say either username or password is incorrect (because they don't exist or one of them is wrong). If $Result has a value using get_login_name would likely to be just:

if (!is_null(get_login_name($password, $username)))
   // correct
else
   // incorrect

Play around with it and see the results.

---

Ech, after testing managed it to work :) That seems this part fails :/

if (!is_null(get_login_name($password, $username)))

So, hole code:

if (!$myDB->Affected_Rows()) {
//if(mysql_num_rows($query) == 0) {
$error = 1;
$error_message = 'Incorrect username or password.';
}

What i have ? Just changed it to:

if (!$myDB->Affected_Rows()) {

Thank you all guys who tryed help.