It appears that you had a missing bracket or two and you had misspelled 'WHERE' in the query. In your code you were checking if the username and password were correct outside of the while loop. Even though it can be uncommon, if you have multiple users with the same username then you would only be checking the last result, not each row. I changed the query to make it simpler, if you check for the username and password to match in the query, then you only have to check for the returned rows to see if the correct username and password were used. I added a second query to check if the username exists but the password was wrong. For security purposes when a login attempt fails, you should not tell a user whether the username or password was correct, once they know that one of their parameters was correct, it is much easier for them to hack the other parameter You also need to be concerned about SQL injection attacks, you should always escape any data being used in a query. http://us.php.net/manual/en/security.database.sql-injection.php <?php $username = $_POST['username']; $password = $_POST['password']; if($username&&$password) { $connect= mysql_connect("localhost","root","") or die("couldn't connect"); mysql_select_db("phplogin") or die("no db in the list"); // escape data to prevent SQL injection attacks $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $query = mysql_query("SELECT * FROM users WHERE username='$username' AND password = '$password';"); $numrows = mysql_num_rows($query); if ($numrows == 1) echo "you are in"; else { $username_result = mysql_query("SELECT * FROM users WHERE username = '$username';"); if(mysql_num_rows($username_result) == 0) echo "user does not exist"; else echo "incorrent username and password"; } } else die("please enter a username and a password"); ?> Hope this helps. Thanks, patrick On Fri, Sep 4, 2009 at 5:07 AM, nagendra prasad <nagendra802000@xxxxxxxxx>wrote: > Hi all, > > I am working on my project. I have to create a user regestration page and > a > login page. I am done with registration page but when I tried to code the > login page its not working. Below is the code. Please take a look at script > and let me know where am I going wrong. > > > <?php > > $username=$_POST['username']; > $password=$_POST['password']; > > if($username&&$password) > { > > $connect= mysql_connect("localhost","root","") or die("couldn't connect"); > > mysql_select_db("phplogin") or die("no db in the list"); > > $query = mysql_query("SELECT * FROM users WHEER username='$username'"); > > $numrows = mysql_num_rows($query); > > > if ($numrows!=0) > { > echo "user dosen't exist"; > while ($row = mysql_fetch_assoc($query)) > { > $dbusername = $row['username']; > $dbpassword = $row['password']; > } > > if ($username==$dbusername && $password==$dbpassword) > { > echo "you are in"; > } > else > echo "incorrent username and password"; > > > else > die("user dosent exitst"); > > } > > else > > die("please enter a username and a password"); > } > > > ?> > > > > -- > Guru Prasad > Ubuntu Voice GTK+ Forum >
