login problem

run the query before using mysql_num_rows()

<?php
if(isset($_POST['user']))
{
$user = $_POST['user'];
$pass= md5 ($_POST['pass']);

$con = mysql_connect("localhost", "root", "");
if(!$con){die('could not connect: '.mysql_ereor());}

mysql_select_db("test", $con);

$query = "SELECT * FROM users where username='$user' AND password='$pass' ";
$result = mysql_query($query);
if(mysql_affected_rows() == 1)
{
   while($row = mysql_fetch_array($result))
   {
	$expire = time()+60*60*24*30;
	setcookie("uid", $row['uid'], $expire);
	echo "Logged in. as <b>".$row['username']."</b>";
   }
}else{
		echo"<b>Username or password</b><br><br>";
}
mysql_close($con);
}
echo "<form method='post'>
Username:<input type='text' name='user'><br>
Password:<input type='password' name='pass'><br>
<input type='submit' value='LOG IN'>
</form>";
?>

Try that =)

i'm beginner, so how can i run the query!!! can you correct this code plz!!!

$query = "SELECT * FROM users where username='$user' AND password='$pass' "; // This is the query
$result = mysql_query($query); // This executes the query

Is there an error?

thx phorce it works, but it display the same message even if i use the correct username and password

It says what, when? When you use the wrong information or the right info?

i want if the username and password are correct go to index page, but if the password or username is correct display "password or username is wrong"

both whene i use right and wrong info it displays "Username or password is wrong"

Change this part:

$query = "SELECT * FROM users where username='$user' AND password='$pass' ";
$result = mysql_query($query);
if(mysql_affected_rows() == 1)
{
    while($row = mysql_fetch_array($result))
    {
        $expire = time()+60*60*24*30;
	setcookie("uid", $row['uid'], $expire);         
        header("Location: index.php");
    }
}else{
  echo"<b>Your username/password did not match those on the system!</b><br><br>";
}

Hope this helps =)

the same problem it displays Your username/password did not match those on the system! even if they are correct

no it displays "Your username/password did not match those on the system!" even if the info are correct

Please try this then:

<?php
if(isset($_POST['user']))
{
$user = $_POST['user'];
$pass= md5($_POST['pass']);

$con = mysql_connect("localhost", "root", "");
if(!$con){die('could not connect: '.mysql_ereor());}

mysql_select_db("test", $con);

$query = "SELECT * FROM users where username='$user' AND password='$pass'";
$result = mysql_query($query);
if(mysql_num_rows($result) == 1)
{
   while($row = mysql_fetch_array($result))
   {
	$expire = time()+60*60*24*30;
	setcookie("uid", $row['uid'], $expire);
	echo "Logged in. as <b>".$row['username']."</b>";
   }
}else{
		echo"<b>Username or password</b><br><br>";
}
mysql_close($con);
}
echo "<form method='post'>
Username:<input type='text' name='user'><br>
Password:<input type='password' name='pass'><br>
<input type='submit' value='LOG IN'>
</form>";
?>

Also, please make sure that the value of 'password' in your database is in MD5 otherwise, it won't work :)

it displays Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\wamp\www\test\login.php on line 14
Username or password

hey force if you have login-logout form send it to me that will be better

change again to this:

if(mysql_affected_rows() == 1)
{
   while($row = mysql_fetch_array($result))
   {
	$expire = time()+60*60*24*30;
	setcookie("uid", $row['uid'], $expire);
	echo "Logged in. as <b>".$row['username']."</b>";
   }
}

Also, can you please make sure that the 'password' value is MD5 (i.e. NOT plain text) I don't see why there is a problem :(

no it doesnt work and im sure i work with md5 in database

Open up your database, in phpmyadmin or something and check to see if the value for 'password' in the table is like:

d713e38281718ed2d493fdcfa44dac7e

or if it's like:

sfsf

=)

it's like d713e38281718ed2d493fdcfa44dac7e
if you have login-logout form plz send it to me