One last error, hopefully this is it

[Colourtheory]

For some reason, it always says that the password is incorrect. I have looked at everything, so I'm hoping that someone can help me <? //This function will find and checks if your data is correct //Collect your info from login form $username = $_REQUEST['username']; $password = $_REQUEST['password']; //Connecting to database $connect = mysql_connect("myhost", "myuser", "mypass"); if(!$connect){ die(mysql_error()); } //Selecting database $select_db = mysql_select_db("mydatabase", $connect); if(!$select_db){ die(mysql_error()); } //Find if entered data is correct $result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'"); $row = mysql_fetch_array($result); $id = $row['id']; $select_user = mysql_query("SELECT * FROM users WHERE id='$id'"); $row2 = mysql_fetch_array($select_user); $user = $row2['username']; if($username != $user){ die("Username is wrong!"); } $pass_check = mysql_query("SELECT * FROM users WHERE username='$username' AND id='$id'"); $row3 = mysql_fetch_array($pass_check); $email = $row3['email']; $select_pass = mysql_query("SELECT * FROM users WHERE username='$username' AND id='$id' AND email='$email'"); $row4 = mysql_fetch_array($select_pass); $real_password = $row4['password']; if($password != $real_password){ die("Your password is wrong!"); } //Now if everything is correct let's finish his/her/its login session_register("username", $username); session_register("password", $password); echo "Welcome, ".$username." please continue on our <a href=index.php>Index</a>"; ?>

[kanchatchai]

<?PHP@session_start();//This function will find and checks if your data is correct//Collect your info from login form if (isset($_REQUEST['logout']))unset($_SESSION["username"]);//Show Logout Buttonif (isset($_SESSION["username"]))echo '<form method="post" name="logoutform" action=""> Username: '.$_SESSION["username"].' <input  value="logout" name="logout" type="submit"><br></form>';//Show Login Formelseif (!(isset($_POST['username'])&&isset($_POST['password']))){echo '<b>Login Form</b><br/><form method="post" name="loginform" action="">  User Name:<input  name="username"><br>   User Password:<input name="password" type="password"><br><input  value="Login" name="submit" type="submit"><br></form>';}else{		 $username = $_POST['username'];		 $password = $_POST['password'];		 //Connecting to database		  $connect = mysql_connect("myhost", "myuser", "mypass");		  		 if(!$connect){		 die(mysql_error());		 }		 //Selecting database		 $select_db = mysql_select_db("mydatabase", $connect);		 if(!$select_db){		 die(mysql_error());		 } 		 //check username		 $result = mysql_query("SELECT * FROM users WHERE username='$username'");		 $row = mysql_fetch_array($result);		 $user = $row['username'];		 if($username != $user){		  die('Username is wrong! <br/><a href="">Try again</a>');		 }		 else		 $select_pass = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");		 while($row4 = mysql_fetch_array($select_pass))		 {		  $_SESSION["username"] = $_POST["username"];		 } 		 if (isset($_SESSION["username"] ))		 echo 'Welcome, '.$_SESSION["username"].' please continue on our <a href="index.php">Index</a>';		 else		 die('Your password is wrong! <br/><a href="">Try again</a>');			   }?>

Edited December 20, 2012 by kanchatchai

[justsomeguy]

Why are you sending 4 database queries to check a username and password? When they enter their username and password you send 1 query to get the entire record for that username. Not the username plus the password, or the username plus an ID, or the username plus an ID and an email, just the username. Look up the record with the username that they typed in. If it doesn't exist, show an error that the username wasn't found. Otherwise, compare the password they entered with the password in the database record you got. If that doesn't match, show an error that the password is wrong. Or else, set your session variables and do whatever else. There's an example of that kind of thing here: http://w3schools.invisionzone.com/index.php?showtopic=12509