[HELP] PHP Error!

[Kryptos]

For the past few hours I have been following a tutorial on how to make a login system.
I'm done now, but it seems there's a problem with line 18 of my login.php.
I've checked if there was any errors, but I couldn't find any.

Here's the code:

<?php
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
if ($username && $passsword)
{
$connect = mysql_connect("localhost","root","3") or die("Couldn't connect!!");
mysql_select_db("phplogin") or die("Couldn't find db!");
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrows = mysql_num_rows($query);
if ($numrows!=0)
{
* while (&row = mysql_fetch_assoc($query))
{
$dbusername = $row['username'];
$dbpassword = $row['password'];

}
}
//Check to see if they match!
if ($username==$dbusername&&$password==dbpassword)
{
*echo "You're in! <a href='member.php'>Click</a> here to enter the member page.";
$_SESSION['username]==$username;
}
else
*** echo "Incorrect password!
}
else
die("That user doesn't exist!");
echo $numrows;
}
else
die("Please enter a username and a password");
*
?>

Thats the login.php, if you didn't find any errors, I also have members.php, logout.php and index.php. So please help! ;p

If you need to see the error then just tell me and I'll put up a demo.

Thanks - Kryptos

 

[RastaLulz]

What's up with the *'s?

 

[Kryptos]

What's up with the *'s?

No idea, looks like they appeared on their own, probably 'cause I spaced them.
So, any help?

Edit: I think I fixed the 18 line error. Now it says 21.
21 = The while loop.
Does it have anything wrong?

 

[RastaLulz]

Well, the code that you provided is horribly disorganized, and there's many mistakes.

I cleaned it up a bit - try this:

<?php
session_start(); 
$username = $_POST['username']; 
$password = $_POST['password']; 
if(isset($username) && isset($passsword))  {
  $connect = mysql_connect("localhost","root","3") or die("Couldn't connect!!");
  mysql_select_db("phplogin") or die("Couldn't find db!");
  $query = mysql_query("SELECT * FROM users WHERE username = '{$username}';");
  $numrows = mysql_num_rows($query);
  if($numrows != 0) {
    while($row = mysql_fetch_assoc($query)) {
      $dbusername = $row['username'];
      $dbpassword = $row['password'];
    }
    //Check to see if they match!
    if($username == $dbusername && $password == $dbpassword) {
      echo "You're in! <a href='member.php'>Click</a> here to enter the member page.";
      $_SESSION['username'] = $username;
    }else{
      echo "Incorrect password!";
    }
  }else{
    echo "That user doesn't exist!";
  }
}else{
  echo "Please enter a username and a password";
}
?>

 

[Kryptos]

Thanks Rasta, now the error, is gone, but something really weird is happening, it returns "Please enter a username and a password" and I did, I've tried with multiple accounts and different browsers. IE7 and Safari. Should I use Firefox? Because I really can't find what's wrong, the code looks fine.

 

[RastaLulz]

It doesn't matter what browser you use, as PHP is ran server side, and not client side.

Are you sure that your login form has the correct names assigned?

 

[Kryptos]

Yea, I'm pretty sure, here is the code anyways:

<html>
<form action='login.php' method='POST'>
Username: <input type='text' name='username'><br>
Password: <input type='password' name='password'><br>
<input type='submit' value='Log in'><br>
</form>
</html>

 

[RastaLulz]

Yea, I'm pretty sure, here is the code anyways:

<html>
<form action='login.php' method='POST'>
Username: <input type='text' name='username'><br>
Password: <input type='password' name='password'><br>
<input type='submit' value='Log in'><br>
</form>
</html>

I see what you did wrong - you spelled password wrong.

It's password, not passsword:

<?php
session_start(); 
$username = $_POST['username']; 
$password = $_POST['password']; 
if(isset($username) && isset($password))  {
  $connect = mysql_connect("localhost","root","3") or die("Couldn't connect!!");
  mysql_select_db("phplogin") or die("Couldn't find db!");
  $query = mysql_query("SELECT * FROM users WHERE username = '{$username}';");
  $numrows = mysql_num_rows($query);
  if($numrows != 0) {
    while($row = mysql_fetch_assoc($query)) {
      $dbusername = $row['username'];
      $dbpassword = $row['password'];
    }
    //Check to see if they match!
    if($username == $dbusername && $password == $dbpassword) {
      echo "You're in! <a href='member.php'>Click</a> here to enter the member page.";
      $_SESSION['username'] = $username;
    }else{
      echo "Incorrect password!";
    }
  }else{
    echo "That user doesn't exist!";
  }
}else{
  echo "Please enter a username and a password";
}
?>

 

[Kryptos]

Thanks so much it works perfectly (Y).
Problem solved, thread closed/