0
<?php
$host="localhost"; // Host name
$username="cody2000"; // username
$password="115cody"; // password
$db_name="cody2000_aspire"; // Database name
$tbl_name="Users"; // Table name

    // Replace database connect functions depending on database you are using.
mysql_connect("$host", "$username", "$password");
mysql_select_db("$db_name");

// username and password sent from form
//NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection!
$myusername=mysql_real_escape_string($_POST['loginuser']);
$mypassword=mysql_real_escape_string($_POST['loginpass']);

 $result=mysql_query($sql);

 mysql_fetch_assoc(mysql_query("SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"

 $count=mysql_num_rows($result);

 if($count==1){
 // Register $myusername, $mypassword and redirect to file "login_success.php"
 session_register("myusername");
 session_register("mypassword");
 header("location:menu.php");
 } else {
 echo "Wrong Username or Password. Try again";
 }
 ?>

It says my password is incorrect when it is. Please help I am a beginner at this stuff. I have a bunch of codes mixed together and I don't know which one is correct

user2521853
  • 1
  • 1
  • 1
    `$result=mysql_query($sql);` - you're never defining $sql, so you're running an empty query. But since you're not checking to see if any of your queries are working successfully, your code is assuming everything is fine. – andrewsi Aug 16 '13 at 16:09
  • NONE of your database code makes any allowances for problems. You simply assume everything will NEVER fail. You need to have at least basic error handling capabilities in there, and REMOVE the chaining of database calls. A simple `$result = mysql_query($sql) or die(mysql_error())` type system will make your debugging **MUCH** easier. – Marc B Aug 16 '13 at 16:09
  • 3
    I hope you're not using that username and password anywhere else.... – JRizz Aug 16 '13 at 16:10
  • *"I have a bunch of codes mixed together and I don't know which one is correct"*---that's the problem. You can't just copy-paste stuff from places and hope it works. You need to understand what each line does. – JJJ Aug 16 '13 at 16:10
  • 7
    Plaintext user passwords? `mysql_query`? What could *possibly* go wrong? – tadman Aug 16 '13 at 16:10
  • 3
    There are so many problems in this small piece of code, that i would not care to fix them. Instead look for a good tutorial, where passwords are hashed with BCrypt, and stored with parametrized queries (PDO/mysqli). – martinstoeckli Aug 16 '13 at 16:15

1 Answers1

0

Remove the following line from code

$result=mysql_query($sql);

Configure the following lines 

$result = mysql_query("SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'") or die(mysql_error());

 $count = mysql_num_rows($result);

if($count == 1) {
 // Your Code
 $users = mysql_fetch_assoc($result);
 session_register($users['username']);
} else {

}
som
  • 4,650
  • 2
  • 21
  • 36