help please once again... my login page was working just fine when one morning it just stopped to function. now i have tried to fix it, buy changing some of the logic and also recreating the database.

now the point i have reached is that when the user enters his correct user name and correct password , the user is allowed access, but if the user gives a totally wrong username and password the access is denied. the problem now comes. when the user enters the correct user name but the wrong password he still is granted access. now i cant fix this problem.

by being granted access i mean the word hello is displayed, and by not allowed i mean the word no is displayed.

this happens when i replace

include 'config.php';
$connect=mysql_connect($hostname, $username, $password); 

with 

$connect=mysql_connect(hostnamevalue, usernamevalue, passwordvalue);

but if use the former one the user does not login at all. is the problem that i have used the session names and also the config.php variables of the same names, but i changed them and tried i couldnt login at all.

<?php

session_start();
$_SESSION['username']=$_POST['user'];
$_SESSION['password']=$_POST['pass'];
$_SESSION['authuser1']=0;


include 'config.php';
$connect=mysql_connect($hostname, $username, $password);

mysql_select_db("worldofp_blog1")
  or die(mysql_error());

 

  $get="SELECT user_name, pass_word 
       From user 
	   WHERE  user_name = '" . $_SESSION['username'] . "'
 	   ORDER BY user_name";
	   
	   $results=mysql_query($get)
	     or die(mysql_error());

		 
		 
  $get1="SELECT user_name, pass_word 
       From user 
	   WHERE pass_word = '" . $_SESSION['password'] . "'
	   ORDER BY user_name";
	   
	   $result=mysql_query($get1)
	     or die(mysql_error());


$row=mysql_fetch_array($results, $result);

 
$authuser= $row['user_name'];
$authpass= $row['pass_word'];

if($authuser and $authpass)
{

echo "hello";
$_SESSION['authuser1']==1;
}
else
{

echo "no";
$_SESSION['authuser1']==0;
}


 
 ?>

Few questions..
1. Why are you using sessions before authenticating the user ?
2. Why are you having 2 different queries for checking a valid user ?
3. order by user_name ? You don't need that actually !
And mysql_fetch_array's syntax is
mysql_fetch_array(result, result_type);
result_type = MYSQL_ASSOC or MYSQL_NUM.

$_SESSION==1;

== is a comparison operator, you should use = .
Isn't this a complete reduced version of your code ?

<?php
session_start();

include 'config.php'; //contains $hostname,$username,$password

$connect=mysql_connect($hostname, $username, $password); //connect 
mysql_select_db("worldofp_blog1") or die(mysql_error()); //select db

/* sanitize user's input  */
$user = mysql_real_escape_string($_POST['user']); 
$pass = mysql_real_escape_string($_POST['pass']);


$get="SELECT user_name, pass_word from user where user_name='$user' and pass_word='$pass'"; //check if username and password exists
$result=mysql_query($get) or die(mysql_error());
$is_valid = mysql_num_rows ($result);

if($is_valid) { // if a record exist set $_SESSION['authuser1'] = 1
	echo "hello";
	$_SESSION['authuser1']=1; 
} else { //else set $_SESSION['authuser1'] = 0
	echo "no";
	$_SESSION['authuser1']=0;
}
?>

thanks, alot. im actually more of a c++ programmer than a php programmer as ive done that in the uni. also this is my first php attempt so i dont know much about the rules of the php.

the two equals signs much have been left there by accident because i was copying and pasting the code from one area of my code to the other.

ah! I see.. So, did it fix the problem or are you still facing some kinda problem ?

that fixed it thanx again

This question has already been answered. Start a new discussion instead.