Coding help (php)

[JLEW700]

Can anybody tell me whats wrong with my code? I have it set up so that is should say "You're in" when the correct username and password and it should say "incorrect password" when the incorrect password is incorrect is entered. Instead it says "incorrect password" weather I enter the correct password or not.

Heres my code:

<?php

$username = $_POST['username'];
$password = $_POST['password'];

if ($username&&password)
{

$connect = mysql_connect("localhost","root","") or die("Couldn't connect");
mysql_select_db("phplogin") or die("Couldn't find db");


    $query = "SELECT * FROM users WHERE username='$username'";

    $query_result = mysql_query($query) or die(mysql_error());

    $numrows = mysql_num_rows($query_result); 

    if ($numrows!=0)
{

	while ($row = mysql_fetch_assoc($query_result))
{
	$dbusername = $row['username'];
	$dbpassword = $row['password'];
}

	if ($username==$dbusername&&password==$dbpassword)
{
	echo "You're in";
}


else
	echo "Incorrect password";


}
else
	die("That user doesn't exist");
	


 
}
else
	die ("Please enter a username and a password");


?>

 

[Darth.Titan]

if ($username&&password)
{

should be:

if ($username && $password)
{

(Spaces added for readability, but the real mistake was the missing '$' on your $password variable.)

 

[JLEW700]

^^ Thanks, work perfectly

 

[BertyBoy]

wakey, wakey,

how about checking the password in the SELECT statement, it'll not make it work any better but less code:

SELECT * FROM users WHERE username=$username AND password=$password

 

[whatsgooddan]

for security, you may want to encrypt your passwords.

if you usually store them in there as $password, instead store as md5($password); or something.

when the user types in their password, check if md5($_POST['password]) == $row['password'].

this keeps passwords safe if your database falls into the wrong hands. this can sometimes happen pretty easily, especially if you are accepting user input through text fields.