This is my check login coding. I can't log into my system because it always return login fail. I've inserted the correct username, password and role but still it return to login fail page.
I think there is something wrong on my coding at if (mysql_num_rows($result)== 1) Btw, what does this line mean ?
<?php
session_start();
require 'database.php';
//to store validation errors
$errmsg_arr = array();
//validation error flag
$errflag = false;
//function to sanitize values from the form. Preventing the SQL injection
function clean ($str){
$str = @trim($str);
if (get_magic_quotes_gpc()){
$str = striplashes ($str);
}
return mysql_real_escape_string($str);
}
//sanitize POST values
$myusername = clean ($_POST['username']);
$mypassword = clean ($_POST['password']);
$role = clean ($_POST['role']);
//input validations
if ($myusername == ''){
$errmsg_arr[] = 'Insert your username';
$errflag = true;
}
if ($mypassword == ''){
$errmsg_arr[]= 'Insert you password';
$errflag = true;
}
//if there are input validation, redirect back to home
if ($errflag){
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location:index.php");
exit();
}
$qry = "SELECT student.user_id, student.username, student.password, student.role FROM student WHERE username = '$myusername' and password = '".md5($_POST['password'])."' and role = '$role'";
$result = mysql_query($qry);
if ($result){
if (mysql_num_rows($result)== 1){
session_regenerate_id();
$student = mysql_fetch_assoc($result);
$_SESSION['SESS_USER_ID']= $student['user_id'];
$_SESSION['SESS_USERNAME']= $student['username'];
$_SESSION['SESS_PASS']= $student['password'];
$_SESSION['SESS_ROLE']= $student['role'];
session_write_close();
header("location: profile.php");
exit();
}else {
header ("location: login_failed.php");
exit();
}
}else {
die ("Query failed");
}
?>