In the following code, does anybody know why I get the 'invalid username/password combination' message, even when it's the right combination?
__________________________
<?php
session_start();
include_once 'common.php';
include_once 'database.php';
$username = isset($_POST['username'])? $_POST['username'] : $_SESSION['username'];
$userpass = isset($_POST['userpass'])? $_POST['userpass'] : $_SESSION['userpass'];
if(!isset($username)) {
?>
<P align="left">
<FORM action="<?=$_SERVER['PHP_SELF']?>" method="post">
<FONT color="ivory">Username:</FONT><BR>
<INPUT type="text" name="username" maxlength="20" class="bord"><BR>
<FONT color="ivory">Password:</FONT><BR>
<INPUT type="password" name="userpass" maxlength="20" class="bord"><BR>
<INPUT type="submit" name="login" value="log in" style="height: 22px; width: 44px; font-size: 9px; font-weight: bold; font-family: Arial; border: 2px double ivory" onFocus="if(this.blur)this.blur()"><BR>
</FORM>
</P>
<?php
exit;
}
$_SESSION['username'] = $username;
$_SESSION['userpass'] = $userpass;
mysql_select_db($db, $con);
$sql = "SELECT * FROM musicians WHERE username = '$username' AND password = PASSWORD('$userpass')";
$result = mysql_query($sql);
mysql_close($con);
if (!$result) {
error('a database error has occurred');
}
if (mysql_num_rows($result) == 0) {
unset($_SESSION['username']);
unset($_SESSION['userpass']);
}
?>
invalid username/password combination. <A HREF="<?=$_SERVER['PHP_SELF']?>">click here</A>
<?php
exit;
?>
