i have a problem,i log in even though im not registered in database,
please help me urgent!!!!!!!!!!!!

have u connected with database for the registration form

Can you show me your code ?

For reference Click Here

<?php
include 'connectMySql.php';


session_start();
if(isset($_POST['login']))
{
    $username = mysql_real_escape_string($_POST['username']);
    $password = mysql_real_escape_string($_POST['password']);
    if($username && $password)
    {

        $query = mysql_query("SELECT * FROM users  WHERE username = '$username'");
        while($row=mysql_fetch_assoc($query))
        {
            $username = $row['username'];
            $password = $row['password'];
        }
        if($username==$username && $password==$password)
        {
            $_SESSION['username'] = $username;
            $_SESSION['password'] = $assword;
            header("location:members.php");
        }
        else
        {
            header("location:index.php?notify=Incorrect Username or Password.");
        }
    }
    else
    {
        header("location:index.php?notify=All fields are required.");
    }
}

?>

Try this

<?php
include 'connectMySql.php';

session_start();
if(isset($_POST['login']))
{
    $username = mysql_real_escape_string($_POST['username']);
    $password = mysql_real_escape_string($_POST['password']);
    if($username && $password)
    {
        $query = "SELECT * FROM users  WHERE username = '$username' AND password = '$password'";
        $result=mysql_query($query);
        $count=mysql_num_rows($result);

        if($count>0)
        {
            $_SESSION['username'] = $username;
            $_SESSION['password'] = $password;
            header("location:members.php");
        }
        else
        {
            header("location:index.php?notify=Incorrect Username or Password.");
        }
    }
    else
    {
        header("location:index.php?notify=All fields are required.");
    }
}

?>

now it does not log in registered users

   <?php
    include 'connectMySql.php';
    session_start();
    if(isset($_POST['login']))
    {
    $username = mysql_real_escape_string($_POST['username']);
    $password = mysql_real_escape_string($_POST['password']);
    if($username && $password)
    {
    $query = mysql_query("SELECT * FROM users WHERE username = '$username' AND password='$password'");
    while($row=mysql_fetch_assoc($query))
    {
    $username = $row['username'];
    $password = $row['password'];
    }
    if($username==$username && $password==$password)
    {
    $_SESSION['username'] = $username;
    $_SESSION['password'] = $password;
    header("location:members.php");
    }
    else
    {
    header("location:index.php?notify=Incorrect Username or Password.");
    }
    }
    else
    {
    header("location:index.php?notify=All fields are required.");
    }
    }
    ?>

it logs in an unregistered user again

have you tried with already registerd users ... if u do like that means .. what error u should get ..

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.