am a new developer in the php. Now am doin a school management proect , for that i need to create a Login page. When i was running the code error occurs. This is the code : <?php $host="192.168.60.26"; $db="temp"; $user="root"; $pass=""; mysql_pconnect($host,$user,$pass); mysql_select_db($db); if(isset($_POST['Submit'])) { $username=$_POST['Username']; $password=$_POST['Password']; /*Verify that user is in database */ $user = mysql_query("SELECT Username FROM ".registration." WHERE Username = '$username'"); if($row = mysql_fetch_array($user,MYSQL_ASSOC)) { $pass = mysql_query("SELECT Password FROM ".registration." WHERE Username = '$username' "); if($row = mysql_fetch_array($pass,MYSQL_ASSOC)) { if($row{'Password'}=="") { echo " Your Password is incorrect..!!!"; } else { header('Location: next.php'); //Success! Username and password confirmed } } else { echo " Your Username or Password is incorrect...!!!"; //Indicates password failure } } else { echo " Username is incorrect..!!!!"; } } ?> NB: There is no white spaces before and aftr the php code( <?...?>) the code checks only the username.... when am click the submit button it is directly go to the next.php and also it goes wen i am entering the wrong password. Please anyone help this new php programmer.
You're not checking your user submitted password ( = $password) ! You're probably checking the original password from the table ($pass) and that will always be correct. (ps. re-using variables (like $row and $pass) for different purposes makes your code much harder to read)