help this beginner please,... my login form doesn't work well

neocalisma's Avatar, Join Date: Nov 2013
Newbie Member

i wrote this code of html and php for my login form.
my login form page doesn't work so well,

it looks like does not check over my db_password.
either i enter a valid or invalid password it goes "You are successfully logged in"....
but it works for my db_username,
if i've enter invalid username it goes to my username_failed.php

here are the code :

* login.php :

    $connect = mysql_connect("localhost","root","");
    mysql_select_db("user", $connect);

<!DOCTYPE html>
<!--[if lt IE 7]> <html class="lt-ie9 lt-ie8 lt-ie7" lang="en"> <![endif]-->
<!--[if IE 7]> <html class="lt-ie9 lt-ie8" lang="en"> <![endif]-->
<!--[if IE 8]> <html class="lt-ie9" lang="en"> <![endif]-->
<!--[if gt IE 8]><!--> <html lang="en"> <!--<![endif]-->
  <meta charset="utf-8">
  <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
  <title>Login Form</title>
  <link rel="stylesheet" href="css/style.css">
  <!--[if lt IE 9]><script src="//"></script><![endif]-->
  <section class="container">
    <div class="login">
      <h1>Login to TITAN App</h1>
      <form method="post" action="login_process.php">
        <p><input type="text" name="username" value="" placeholder="Username"></p>
        <p><input type="password" name="password" value="" placeholder="Password"></p>
        <p class="remember_me">
            <input type="checkbox" name="remember_me" id="remember_me">
            Remember me on this computer
        <p class="submit"><input type="submit" name="commit" value="Login"></p>

* login_process.php :

<TITLE> Authentification Page </TITLE>
$username = $_POST['username'];
$password = MD5($_POST['password']);
$host = "localhost";
$db_user = "root";
$db_passwd = "";
$db = "user";
$stop = 0;
$sql = "select * from tbl_user where username='$username'";
$conn = @mysql_connect($host,$db_user,$db_password) or
    die("Koneksi gagal : " . mysql_error());
$qry = mysql_query($sql) or
    die("Query salah : " . mysql_error());
$num = mysql_num_rows($qry);
$row = mysql_fetch_array($qry);

if ($num==0) {
    header('Location: username_failed.php');
} else {
    if ($password==$row['password']) {
        echo "Your password is invalid <br />";
        echo "Go back and type the valid password";
    } else {
        echo "You are successfully logged in";
it looks like there is something wrong with my login_process.php code
please help me
thank you
shabbir's Avatar, Join Date: Jul 2004
Go4Expert Founder
What does the $row variable contain in the login_process.php?