Thank you for your honest criticism towards my ignorance in php/mysql and I appreciate your help concerning this issue.
After making the corrections suggested below I'm running into the issue where the registered
sha1(md5($password).$salt)
is not === when compared to the login authentication
sha1(md5($password).$row['salt']);
So I created a script to see what the login script was seeing and it compares the two.
$query = "UPDATE `users` SET `form_password` = '$encrypted' WHERE `username` = '$username'";
mysql_query($query) or die (mysql_error());
password is registered as "1fcb4bdeb8a98151f5f74a2af0b5045ec277c501"
and being called back as "f2c04d2583f111fcd41288dc75901f6c870cfc6b"
Here is the updated script on login:
else {
$password = $_POST['password'];
$username = mysql_real_escape_string($_POST['username']);
$sql = "SELECT `password`, `salt` FROM `users` WHERE `username` = '$username' LIMIT 0,1";
$result = mysql_query($sql) or die(mysql_error());
if (is_resource($result) && mysql_num_rows($result) > 0){
$row = mysql_fetch_array($result);
$encrypted = sha1(md5($password).$row['salt']);
if($encrypted === $row['password']){
header('Location: page3.php');
exit;
} else{
$query = "UPDATE `users` SET `form_password` = '$encrypted' WHERE `username` = '$username'";
mysql_query($query) or die (mysql_error());
header('Location: page2.php');
exit;
}
} else{
header('Location: page4.php');
exit;
}
}