Index file:
/*<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>SMB Login</title>
</head>
<body>
<form name="form1" method="post" action="checklogin.php">
-------begin -----
<div class="panel-body">
<form accept-charset="UTF-8" role="form">
<fieldset>
<div class="form-group">
<input class="form-control" placeholder="E-mail" name="email" type="text" id="username">
</div>
<div class="form-group">
<input class="form-control" placeholder="Password" name="password" type="password" value="" id="password">
</div>
<div class="checkbox">
<label>
<input name="remember" type="checkbox" value="Remember Me"> Remember Me
</label>
</div>
<input class="btn btn-lg btn-success btn-block" type="submit" value="Login">
</fieldset>
</form>
----------etc
The above script is my HTML code for login page, I have added the below PHP script for login. But everytime, i'm getting user name password is wrong though I 'm entering the right one.
checklogin.php --> source code
<?php
ob_start();
$host="mysql"; // Host name
$username="admin"; // Mysql username
$password="XXX"; // Mysql password
$db_name="members_smb"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$myusername=$_POST['username'];
$mypassword=$_POST['password'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("username");
session_register("password");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
ob_end_flush();
?>
*/
Please suggest me where I'm getting wrong?????
$count? Any errors thrown? Is your HTML page really completely commented out? You should format your code a bit more.$sqlhas proper values?mysql_*extension anymore. Use themysqli_*extenstion or the PDO extension. Asmysql_*is deprecated and in PHP 7.0 deleted. Also what you need to do is using prepared statements when handling user input, here your code is open to SQL-Injections. And I think you don't want some 12 year old kid who found a malicious SQL query to ruin your whole website/database.