Thanks for your input, but I've played around with it and now it's uglier than ever. I'm very new to PHP, so I'm not sure what I'm missing here. I've done a few things to try to pinpoint the problem, but now I'm even more confused. Can you please look over what I've done and let me know if you see any mistakes or if you think there might be another problem? First, I created a test page where I hashed the values "password1", "password2" and "password3" and echoed both the value and the hashed value back.For example: $val1 = "password1"; $hashVal1= bin2hex(mhash(MHASH_SHA1, $val1)); echo "$val1 <br> $hashVal1 <br>"; The output was fine (always consistent): password1 e38ad214943daad1d64c102faec29de4afe9da3d password2 2aa60a8ff7fcd473d321e0146afd9e26df395147 password3 1119cfd37ee247357e034a08d844eea25f6fd20f I saved the hashed values in the MySQL database so I could try to use them to log on. Then, I modified the login form and the page that processes the data to see if the problem was there. I included a message to see what values were being sent back to me. loginform.php: if (isset($message)) echo "<b>$message</b>"; //create form <input type='password' name='passUnhash'> $fpass=bin2hex(mhash(MHASH_SHA1, $passUnhash)); <input type='hidden' name='fpass' value='$fpass'> checklogin.php: $logname = $_POST['fusername']; $pass = $_POST['fpass']; $query2 = "SELECT pass FROM table WHERE username='$logname' AND pass='$pass'"; $result2 = mysql_query($query2) or die ("Sorry. Could not connect to database."); $num2 = mysql_num_rows($result2); if ($num2 > 0) //password is correct { (go to user page) } else //password is not correct { $message= "The Login Name '$_POST[fusername]' exists but you have not entered the correct password. Please try again. <br> $logname, $passUnhash, $pass <br>"; include("loginform.php"); } When I go to log on, I get the following back (depending on what I type in): The Login Name 'username1' exists but you have not entered the correct password. Please try again. username1, password1, da39a3ee5e6b4b0d3255bfef95601890afd80709 (First try) username2, password2, e38ad214943daad1d64c102faec29de4afe9da3d (Second try) username3, password3, 2aa60a8ff7fcd473d321e0146afd9e26df395147 (Third try) username1, password1, 1119cfd37ee247357e034a08d844eea25f6fd20f (Fourth try) username2, password1, e38ad214943daad1d64c102faec29de4afe9da3d (Fifth try) As you can see, the results are not consistent. Any ideas?? Thanks so much! Cat -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php