I am trying to create a simple login form for my website. I have a very basic HTML form that points to a php file. I do not need security or any of that stuff.. I am looking for something very basic. I'm really not sure where I am going wrong here. When I try and sign in using information already in mysql it still brings me back to the login page instead of bringing me to my account page.
HTML
<div class="container">
<div class="row">
<div class="col-md-8 col-md-offset-2">
<div class="well well-sm">
<form class="form-horizontal" action="actLogin.php" method="post">
<fieldset>
<legend class="text-center">Sign In</legend>
<!-- Message body -->
<div class="form-group">
<label class="col-md-4 control-label" for="Username">Username</label>
<div class="col-md-8">
<input id="username" name="username" type="text" placeholder="Your email" class="form-control">
</div>
</div>
<div class="form-group">
<label class="col-md-4 control-label" for="Password">Password</label>
<div class="col-md-8">
<input id="password" name="password" type="text" placeholder="Your email" class="form-control">
</div>
</div>
<!-- Form actions -->
<div class="form-group">
<div class="col-md-12 text-right">
<button onClick="return validateForm()" type="submit" class="btn btn-primary btn-lg">Submit</button>
` </div>
</div>
</fieldset>
</form>
</div>
</div>
</div>
</div>
PHP
session_start();
//Get username and password from the form.
$username = filter_input(INPUT_POST,"username");
$password = filter_input(INPUT_POST,"password");
//Call the database and check to make sure the password matches
$conn = mysql_connect("localhost","root","MIS42520!$") or die(mysql_error());
mysql_select_db("cookie",$conn);
$username = mysql_real_escape_string($username);
$sql = "select id, username, password from universal where username = '$username'";
$result = mysql_query($sql, $conn) or die(mysql_error());
if(mysql_num_rows($result) == 0) {
header('Location: login.php');
}
$userData = mysql_fetch_array($result, MYSQL_ASSOC);
if ($password != $userData['password']) {
header('Location: login.php');
}
else {
session_regenerate_id();
$_SESSION['id']=$userData['id'];
$_SESSION['username']=$userData['username'];
$_SESSION['password']=$userData['password'];
session_write_close();
header('Location: account.php');
}
?>