This question already has an answer here:
I have scanned my code countless of times and cant figure this out at all. everytime i hit login, it return wrong password and username.
admin.php
<div class="container">
<div class="row">
<div class='col-md-3'></div>
<div class="col-md-6">
<div class="login-box well">
<form action="connectivity.php" method="post">
<legend>Sign In</legend>
<div class="form-group">
<label for="user">Username</label>
<input type="text" id="user" name="user" placeholder="Username"class="form-control" />
</div>
<div class="form-group">
<label for="pass">Password</label>
<input type="text" id="pass" name="pass" placeholder="Password" class="form-control" />
</div>
<div class="form-group">
<a href="index.php" class="btn btn-link pull-right">Return to Login</a>
<input name="submit" type="submit" class="btn btn-warning btn-login-submit btn-block m-t-md" value="Login" />
</div>
</form>
</div>
</div>
<div class='col-md-3'></div>
</div>
</div>
connectivity.php
<?php
session_start();
define('DB_HOST', 'localhost');
define('DB_NAME', 'login-invoices');
define('DB_USER','root');
define('DB_PASSWORD','');
$con=mysql_connect('localhost', 'username','password', '') or die("Failed to connect to MySQL: " . mysql_error()); $db=mysql_select_db(DB_NAME,$con) or die("Failed to connect to MySQL: " . mysql_error());
/*
$ID = $_POST['user'];
$Password = $_POST['pass'];
*/
function SignIn()
{
session_start(); //starting the session for user profile page
if(!empty($_POST['user'])) //checking the 'user' name which is from Sign-In.html, is it empty or have some text
{
$user = $_POST[user];
$pass = $_POST[pass];
$query = "SELECT * FROM login where username = '$user' AND password = '$pass'";
$query = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($query) or die(mysql_error());
if(!empty($row['user']) AND !empty($row['pass']))
{
header("location: Home.html");
} else {
echo "SORRY... YOU ENTERD WRONG ID AND PASSWORD... PLEASE RETRY...";
}
}
}
if(isset($_POST['submit']))
{
SignIn();
}
?>
</div>