hi, i wrote this code of html and php for my login form. my login form page doesn't work so well, it looks like does not check over my db_password. either i enter a valid or invalid password it goes "You are successfully logged in".... but it works for my db_username, if i've enter invalid username it goes to my username_failed.php here are the code : * login.php : Code: <?php $connect = mysql_connect("localhost","root",""); mysql_select_db("user", $connect); ?> <!DOCTYPE html> <!--[if lt IE 7]> <html class="lt-ie9 lt-ie8 lt-ie7" lang="en"> <![endif]--> <!--[if IE 7]> <html class="lt-ie9 lt-ie8" lang="en"> <![endif]--> <!--[if IE 8]> <html class="lt-ie9" lang="en"> <![endif]--> <!--[if gt IE 8]><!--> <html lang="en"> <!--<![endif]--> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <title>Login Form</title> <link rel="stylesheet" href="css/style.css"> <!--[if lt IE 9]><script src="//html5shim.googlecode.com/svn/trunk/html5.js"></script><![endif]--> </head> <body> <section class="container"> <div class="login"> <h1>Login to TITAN App</h1> <form method="post" action="login_process.php"> <p><input type="text" name="username" value="" placeholder="Username"></p> <p><input type="password" name="password" value="" placeholder="Password"></p> <p class="remember_me"> <label> <input type="checkbox" name="remember_me" id="remember_me"> Remember me on this computer </label> </p> <p class="submit"><input type="submit" name="commit" value="Login"></p> </form> </div> </body> </html> <?php exit; ?> * login_process.php : Code: <HTML> <HEAD> <TITLE> Authentification Page </TITLE> </HEAD> <BODY> <? $username = $_POST['username']; $password = MD5($_POST['password']); $host = "localhost"; $db_user = "root"; $db_passwd = ""; $db = "user"; $stop = 0; $sql = "select * from tbl_user where username='$username'"; $conn = @mysql_connect($host,$db_user,$db_password) or die("Koneksi gagal : " . mysql_error()); mysql_select_db($db); $qry = mysql_query($sql) or die("Query salah : " . mysql_error()); $num = mysql_num_rows($qry); $row = mysql_fetch_array($qry); if ($num==0) { header('Location: username_failed.php'); } else { if ($password==$row['password']) { echo "Your password is invalid <br />"; echo "Go back and type the valid password"; } else { echo "You are successfully logged in"; } } ?> </BODY> </HTML> it looks like there is something wrong with my login_process.php code :nonod: please help me thank you