Im writing a website, but when one goes to login it is not detecting the username/password

the code i used follows(I just started learning yesterday... so im kinda lost as to why its not working).

<?php
	session_start();
	
	$errorMessage = '';
	if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
	   	$host="localhost"; 
		$username="falconnest_forumuser"; 
		$password="qazasdedc"; 
		$db_name="falconnest_forum"; 
		$tbl_name="tbl_auth_user";
		
		mysql_connect("$host", "$username", "$password")or die("cannot connect");
		mysql_select_db("$db_name")or die("cannot select DB");
	
	   	$userId = $_POST['txtUserId'];
	   	$password = $_POST['txtPassword'];
	
	   	$sql = "SELECT user_id FROM $tbl_name WHERE user_id = '$userId' AND user_password = PASSWORD('$password')";
	
	   	$result = mysql_query($sql) or die('Query failed. ' . mysql_error());
	
		if (mysql_num_rows($result) == 1) {
			  	$_SESSION['db_is_logged_in'] = true;
			  
			  	header('Location: /forum/');
			  	exit;
		} else {
			  	$errorMessage = 'Sorry, wrong user id / password';
		}
	}
	mysql_close();
?>

give this a try:

<?php
session_start();


$errorMessage = '';
if (isset($_POST) && isset($_POST)) {
$host="localhost";
$username="falconnest_forumuser";
$password="qazasdedc";
$db_name="falconnest_forum";
$tbl_name="tbl_auth_user";


mysql_connect($host, $username, $password)or die("cannot connect");
mysql_select_db($db_name)or die("cannot select DB");


$userId = $_POST;
$password = $_POST;


$sql = "SELECT user_id FROM $tbl_name WHERE user_id = '$userId' AND user_password = '$password'";


$result = mysql_query($sql) or die('Query failed. ' . mysql_error());


if (mysql_num_rows($result) == 1) {
$_SESSION = true;


echo "you are logged in!";
exit;
} else {
$errorMessage = 'Sorry, wrong user id / password';
$_SESSION = false;
};
else {
echo "Please log in";
}


?>

remember "session_start()" should be before any content and i dont think headers will word unless its before anything desplayed on the browser.
Hope this helps

Edited 3 Years Ago by happygeek: fixed formatting

Yah it worked changing PASSWORD('$password')"; to '$password'";

Thank you so much I spent three days on it :P

This article has been dead for over six months. Start a new discussion instead.