The following login script is not working, i am unable to trace the problem, please anybody help me...

<?php 

include ("template/login.tpl.htm");

session_start();
if (isset($_POST['userid']) && isset($_POST['userpassword'])) {
	include 'library/config.php';
	include 'library/opendb.php';
	
	$userId   = $_POST['userid'];
	$password = $_POST['userpassword'];
	
	// check if the user id and password combination exist in database

	$sql = "SELECT user_id,user_password 
	        FROM tbl_auth_user
	WHERE user_id = '$userId' AND user_password = PASSWORD('$password')";
	
	$result = mysql_query($sql) or die('Query failed. ' . mysql_error()); 
	if (mysql_num_rows($result)==1) {
		// the user id and password match, 
		// set the session
		$_SESSION['db_is_logged_in'] = true;
		$_SESSION['userid']= $userId;

		// after login we move to the main page
		header('Location: index.php');
		exit;
	} else {
	echo "Sorry, wrong user id / password";
	echo "$sql";
	}
	
	include 'library/closedb.php';
}else {
echo "please supply your id and password";
}
?>

thanks in advance..

Try this:

include("session.php");

$userId   = $_POST['userid'];
$password = $_POST['userpassword'];


$sql = "SELECT user_id,user_password 
FROM tbl_auth_user WHERE user_id = '$userId' AND user_password = '$password'";


$res=mysql_query($str);

if(mysql_num_rows($res)!=0)
{
  $_SESSION['userId']=$userId;
  header("location:nextpage.php");
}

else
 header("location:login.php");
?>

and session.php is

<?php

session_start();

if($_SESSION['userId']=='')
  header("Location:login.php");
?>

thanks Suhacini for your valueable help, but the script provided by you is not working, i tried in every aspect.

Hey its working I have checked it once again.check these once $_POST the userid here must be the textbox name, and user_id must be same as the field name in your table.

write the query like this

$sql = "SELECT user_id,user_password 
	        FROM tbl_auth_user
	WHERE user_id = '".$userId."' AND user_password = PASSWORD('".$password."')";

Suhacini's code looks good but a small typo i think

$res=mysql_query($str);

change to:

$res=mysql_query($sql);
This article has been dead for over six months. Start a new discussion instead.