Here is my code for the login script. Everything works perfectly, but everytime I enter everything CORRECTLY into the forum, it says "The username, ____, and password do not match!". When they do match.
If I leave the areas blank, they say "You must enter a username!" or "You must enter a password!".
All the error messages work good, but whenever I fill the form in correctly, it displays my first error message "The username, ____, and password do not match!".
Does anyone see what's wrong with it?
<?php
session_start();
include("config.php");
$username = $_POST['username'];
$usernamefinal = ucfirst(strtolower($username));
$password = $_POST['password'];
if (isset($_POST['submit']))
{
if(!empty($username))
{
if (!empty($password))
{
$sql = "SELECT username FROM members WHERE username='$usernamefinal'";
$result = mysqli_query($cxn, $sql) or die("Query died: username");
$num = mysqli_num_rows($result);
if ($num > 0)
{
$sql = "SELECT username, password FROM members WHERE username='$usernamefinal' AND password=md5('$password')";
$result = mysqli_query($cxn, $sql) or die("Query died: username and password");
$num = mysqli_num_rows($result);
if ($num > 0)
{
$sql = "SELECT userid FROM members WHERE username='$usernamefinal'";
$result = mysqli_query($cxn, $sql) or die("Query died: userid");
$row = mysqli_fetch_array($result);
$userid = $row['userid'];
$_SESSION['auth'] = "yes";
$_SESSION['username'] = $usernamefinal;
$_SESSION['userid'] = $userid;
$ipadd = $_SERVER['REMOTE_ADDR'];
$sql2 = "INSERT INTO login (userid, username, logintime, ipadd) VALUES ('$userid', '$usernamefinal', NOW(), inet_aton('$ipadd'))";
mysqli_query($cxn, $sql2) or die("Query died: login session");
header("Location: news.php");
}
else
{
$error = "The username, $usernamefinal, and password do not match!";
}
}
else
{
$error = "That username doesn't exist!";
}
}
else
{
$error = "You must enter a password!";
}
}
else
{
$error = "You must enter a username!";
}
}
?>
<?php include("header.php"); ?>
<h1>Login Form</h1>
<?php echo $error; ?>
<form action="<?php echo $_SERVER['SCRIPT_NAME'] ?>" method="post">
Username: <input type="text" name="username"><br>
Password: <input type="password" name="password"><br>
<input type="submit" name="submit" value="Login">
</form>
<?php include("footer.php"); ?>