I have a script that checks usernames and passwords and it works fine when i put in a username and password ,but  when the form is empty and i submit it ,it still login the person.

I made some changes to the script,its still not working.Any help.

$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="msl"; // Database name
$tbl_name="signedup"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("You are not authorized to use this system.");
mysql_select_db("$db_name")or die("You are not authorized to use this system. Contact the administrator");

// Define $myusername and $mypassword
$password = sha1(password);

// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$qry_num = 0;
$qry_result = mysql_QUERY($sql);  //select query\
$qry_num = mysql_numrows($qry_result);
$i = 0;

while($i < $qry_num) 
	$_SESSION['myid'] = mysql_result($qry_result,$i,"id");
	$_SESSION['permission'] = mysql_result($qry_result,$i,"permission");
	$_SESSION['block'] = mysql_result($qry_result,$i,"block");

// Mysql_num_row is counting table row
// If result matched $username and $password, table row must be 1 row

if($count==1 && $_SESSION['block']== YES)

{header("location: indexwarn.php");}

//if 1 is not == '' go to indexwarn.php
if('' != 1)

{header("location: indexwarn.php");}

else {
// Register $username, $password and redirect to file "login_success.php"
header("location: admin/mxz/index.php");

Member Avatar


session_register is deprecated
you strip $_POST before checking if magic quotes are active.
mysql_QUERY($sql) should be mysql_query($sql)
mysql_numrows(...) should be mysql_num_rows(...)
mysql_result() should be avoided if possible [http://php.net/manual/en/function.mysql-result.php]