I know this is php but it has MYSQL in it and I didn't really know where to post it. :$

The problem is, I have a check that checks if the username and password inputted matches the database's username and password.

if ($username==$dbusername&&$password=$dbpassword)
				{
					echo "Welcome, <b>$username</b>.";
				}else{
					echo "Incorrect Password!";
				}

It works in a way, but for some reason it ALWAYS works. I could enter any password and it would work.

Here is my full code:

<?php
	//Insert info from form into variables
	$username = $_POST['username'];
	$password = $_POST['password'];

//Check if ANY username and password has been entered
if ($username && $password)
{

	//Connect to MYSQL and to DB
	$connect = mysql_connect("localhost","****","***********") or die(mysql_error());
	mysql_select_db("********") or die(mysql_error());

	//Querys
	$query = mysql_query("SELECT * FROM `users` WHERE username='$username'");
	$numrows = mysql_num_rows($query);

		//Start checking if user exists (with numrows)
		if ($numrows!=0)
		{
			//Password check
			while ($row = mysql_fetch_assoc($query))
			{
				$dbusername = $row['username'];
				$dbpassword = $row['password'];
			}
			
				//Check to see if the dbusername & dbpassword match inputed ones
				if ($username==$dbusername&&$password=$dbpassword)
				{
					echo "Welcome, <b>$username</b>.";
				}else{
					echo "Incorrect Password!";
				}
			
			
		}else{
			die("User doesn't exit!");
		}



//User did not enter a username and/or a password
}else{
	die("Please enter a username and password!");
}

?>

Sigh. I put a single = sign. Should of read my code carefully. So basically I asigned $password to $dbpassword, lol. Sorry guys.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.