I have this code in my login.php, from sigin.php page if the user click on signin, it will display wrong username or password but the username and password is in the database named Username and Password.

Please i will appreciate if someone can fix this error for me. Your concern is sincerely appreciated.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<?php
$txtusername=$_POST['UserName'];
$txtpassword=$_POST['Password'];
$usertype=$_POST['rdType'];
if($usertype=="Admin")
{
$con = mysql_connect("localhost","sample","sample");
mysql_select_db("customer", $con);
$sql = "select * from admin_master where username='".$txtusername."' and password='".$txtpassword."'";
$result = mysql_query($sql,$con);
$records = mysql_num_rows($result);
$row = mysql_fetch_array($result);
if ($records==0)
{
echo '<script type="text/javascript">alert("Wrong UserName or Password");window.location=\'index.php\';</script>';
}
else
{
header("location:blend_oceancrest_details_highvertical/index.php");
} 
mysql_close($con);
}
else if($usertype=="Customer")
{
$con = mysql_connect("localhost","sample","sample");
mysql_select_db("customer", $con);
$sql = "select * from customer_registration where UserName='".$txtusername."' and Password='".$txtpassword."' ";
$result = mysql_query($sql,$con);
$records = mysql_num_rows($result);
$row = mysql_fetch_array($result);
if ($records==0)
{
echo '<script type="text/javascript">alert("Wrong Username or Password");window.location=\'signin.php\';</script>';
}
else
{
$_SESSION['id']=$row['customerid'];
$_SESSION['name']=$row['customername'];
header("location:customer/index.php");
} 

}

?>

</body>
</html>
Member Avatar for diafol

OK few thigs:

1) Don't mix php and html
2) Indent code and markup
3) stop using deprecated php (mysql)
4) escape your inputs - you are wide open to SQL Injection - solved if you use prepared statements and bind params/values (PDO/mysqli)

there is no form tag.

<form action="some action">
    //your login code.
</form>

I have this code in my login.php, from sigin.php page if the user click on signin@JerrimePatient, the form is in the sigin.php
Agreed with @diafol's comments.
In addition, from you code, I assume you haven't encode your password?

To debug the problem, I suggest you to echo $sql before the query to ensure all variables parsing is correct, made sure the letter case and spaces(sometimes I input extra space in form without notice) is exactly as database.

<form action="someaction">
$txtusername=$_POST['UserName'];
$txtpassword=$_POST['Password'];
$usertype=$_POST['rdType'];
if($usertype=="Admin")
{
$con = mysql_connect("localhost","sample","sample");
mysql_select_db("customer", $con);
$sql = "select * from admin_master where username='".$txtusername."' and password='".$txtpassword."'";
$result = mysql_query($sql,$con);
$records = mysql_num_rows($result);
$row = mysql_fetch_array($result);
if ($records==0)
{
echo '<script type="text/javascript">alert("Wrong UserName or Password");window.location=\'index.php\';</script>';
}
else
{
header("location:blend_oceancrest_details_highvertical/index.php");
} 
mysql_close($con);
}
else if($usertype=="Customer")
{
$con = mysql_connect("localhost","sample","sample");
mysql_select_db("customer", $con);
$sql = "select * from customer_registration where UserName='".$txtusername."' and Password='".$txtpassword."' ";
$result = mysql_query($sql,$con);
$records = mysql_num_rows($result);
$row = mysql_fetch_array($result);
if ($records==0)
{
echo '<script type="text/javascript">alert("Wrong Username or Password");window.location=\'signin.php\';</script>';
}
else
{
$_SESSION['id']=$row['customerid'];
$_SESSION['name']=$row['customername'];
header("location:customer/index.php");
} 
}

</form>

all you are missing is the first line and the last line.

Member Avatar for diafol

Please indent your code ^^. Very difficult to read otherwise.

<form action="someaction">
    $txtusername=$_POST['UserName'];
    $txtpassword=$_POST['Password'];
    $usertype=$_POST['rdType'];
    if($usertype=="Admin")
    {
        $con = mysql_connect("localhost","sample","sample");
        mysql_select_db("customer", $con);
        $sql = "select * from admin_master where username='".$txtusername."' and password='".$txtpassword."'";
        $result = mysql_query($sql,$con);
        $records = mysql_num_rows($result);
        $row = mysql_fetch_array($result);
        if ($records==0)
        {
            echo '<script type="text/javascript">alert("Wrong UserName or Password");window.location=\'index.php\';</script>';
        }
        else
        {
            header("location:blend_oceancrest_details_highvertical/index.php");
        } 
        mysql_close($con);
    }
    else if($usertype=="Customer")
    {
        $con = mysql_connect("localhost","sample","sample");
        mysql_select_db("customer", $con);
        $sql = "select * from customer_registration where UserName='".$txtusername."' and Password='".$txtpassword."' ";
        $result = mysql_query($sql,$con);
        $records = mysql_num_rows($result);
        $row = mysql_fetch_array($result);
        if ($records==0)
        {
            echo '<script type="text/javascript">alert("Wrong Username or Password");window.location=\'signin.php\';</script>';
        }
        else
        {
            $_SESSION['id']=$row['customerid'];
            $_SESSION['name']=$row['customername'];
            header("location:customer/index.php");
        } 
    }
</form>

@diafol: Sorry, I didn't indent it, I only copied the code of wareez.

I have the login form in a separate page. The code is to process the login. At this stage if you can help me to provide a login similar to this I don't mind, I wanted to use it for one of my project and I need login script for the user's, I mean the admin will select a radio button while the customer will select customer radio button but they will be directed to different page based on type of radio button they choose.

Kindly help me, I need it friends, brothers, father, and all.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.