PHP / mySQL login unsuccessful

Question

I've put together a php user login script and while I've managed to get the registration page to work (thus ruling out the contents of my common.php file as a problem) and have checked in mySQL that the database is being populated, I can't seem to get the login itself to post anything other than unsuccessful.

I'm definitely typing a username and password in that are in the database. Can anyone see where I'm going wrong, or advise on how I would go about checking what is wrong?

The table jmp_users has a structure of :

jmp_userID / init(11) / auto_increment
jmp_username / varchar(30) / utf8_unicode_ci
jmp_password / varchar(40) / utf8_unicode_ci
salt / char(16) / utf8_unicode_ci

and my login.php page is :

<?php 

require("common.php"); 

$submitted_username = ''; 

if(!empty($_POST)) 
{ 
    $query = " 
        SELECT 
            jmp_userID, 
            jmp_username, 
            jmp_password, 
            salt 
        FROM jmp_users 
        WHERE 
            jmp_username = :username 
    "; 
    $query_params = array( 
        ':username' => $_POST['jmp_username'] 
    ); 

    try 
    { 
        $stmt = $db->prepare($query); 
        $result = $stmt->execute($query_params); 
    } 
    catch(PDOException $ex) 
    {  
        die("Failed to run query: " . $ex->getMessage()); 
    }  
    $login_ok = false; 
    $row = $stmt->fetch(); 
    if($row) 
    { 
        $check_password = hash('sha256', $_POST['jmp_password'] . $row['salt']); 
        for($round = 0; $round < 65536; $round++) 
        { 
            $check_password = hash('sha256', $check_password . $row['salt']); 
        } 

        if($check_password === $row['jmp_password']) 
        { 
            $login_ok = true; 
        } 
    } 
    if($login_ok) 
    { 
        unset($row['salt']); 
        unset($row['jmp_password']); 
        $_SESSION['user'] = $row; 
        header("Location: private.php"); 
        die("Redirecting to: private.php"); 
    } 
    else 
    { 
        print("Login Failed."); 
        $submitted_username = htmlentities($_POST['jmp_username'], ENT_QUOTES, 'UTF-8'); 
    } 
} 

?> 
<h1>Login</h1> 
<form action="login.php" method="post"> 
    Username:<br /> 
    <input type="text" name="username" value="<?php echo $submitted_username; ?>" /> 
    <br /><br /> 
Password:<br /> 
<input type="password" name="password" value="" /> 
<br /><br /> 
<input type="submit" value="Login" /> 
</form> 
<a href="register.php">Register</a>

Answer 1

as you're using SHA256 (with hex values, not raw) you need 64 characters to store the hash of the password (you have only 40).

btw: I think re-hashing the password 65536 times is unnecessary and CPU wasting. Also, usually a single salt string is used for all the passwords.