I know this is php but it has MYSQL in it and I didn't really know where to post it. :$
The problem is, I have a check that checks if the username and password inputted matches the database's username and password.
if ($username==$dbusername&&$password=$dbpassword)
{
echo "Welcome, <b>$username</b>.";
}else{
echo "Incorrect Password!";
}It works in a way, but for some reason it ALWAYS works. I could enter any password and it would work.
Here is my full code:
<?php
//Insert info from form into variables
$username = $_POST['username'];
$password = $_POST['password'];
//Check if ANY username and password has been entered
if ($username && $password)
{
//Connect to MYSQL and to DB
$connect = mysql_connect("localhost","****","***********") or die(mysql_error());
mysql_select_db("********") or die(mysql_error());
//Querys
$query = mysql_query("SELECT * FROM `users` WHERE username='$username'");
$numrows = mysql_num_rows($query);
//Start checking if user exists (with numrows)
if ($numrows!=0)
{
//Password check
while ($row = mysql_fetch_assoc($query))
{
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
//Check to see if the dbusername & dbpassword match inputed ones
if ($username==$dbusername&&$password=$dbpassword)
{
echo "Welcome, <b>$username</b>.";
}else{
echo "Incorrect Password!";
}
}else{
die("User doesn't exit!");
}
//User did not enter a username and/or a password
}else{
die("Please enter a username and password!");
}
?>