I am trying to make a php login script and right now i am trying to make it so that if someone enters the wrong login info it will echo "Wrong username or password please try again"
But no matter what i dosent print anything on the screen if i put wrong login info on there, but it will login sucessfully if i enter the right login info here is the script
<?php
session_start();
$host = "*********";
$user = "*********";
$password = "**********";
$db = "*******";
$con = mysql_connect($host, $user, $password) or die(mysql_error());
mysql_select_db($db, $con) or die(mysql_error());
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
$checksql = "SELECT username, password FROM members WHERE username='" . $username . "' and password='" . $password . "'";
$result = mysql_query($checksql) or die(mysql_error());
$count = mysql_num_rows($result) or die(mysql_error());
if ($count == 0) {
echo "Sorry wrong username or password";
} else {
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql = "SELECT username, password FROM members WHERE username='" . $username . "' and password='" . $password . "'";
$r = mysql_query($sql, $con);
if (!$r) {
die('Invalid query: ' . mysql_error());
}
if ($obj = @mysql_fetch_object($r)) {
$_SESSION["valid_user"] = $_POST["username"];
$_SESSION["valid_time"] = time();
header("Location: members.php");
}
}
?>