These are the codes of the website that I'm working on:
1) login.php
<?php
session_start();
include("connection.php");
// username and password sent from form
$myusername = (isset($_POST['myusername']) ? $_POST['myusername'] : null);
$mypassword = (isset($_POST['mypassword']) ? $_POST['mypassword'] : null);
// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$qry = "SELECT * FROM user WHERE user_name ='$myusername' AND user_password = '$mypassword'";
$result = mysql_query($qry);
$count = mysql_num_rows($result);
$output = mysql_fetch_assoc($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count == 1) {
$_SESSION['login_user'] = $myusername;
$_SESSION['mypassword'] = $mypassword;
header("location: foodline.php");
exit();
}
else {
echo "Invalid Username or Password";
}
?>
<html>
<head>
<title>Login Page</title>
<style type = "text/css">
body {
font-family:Arial, Helvetica, sans-serif;
font-size:14px;
}
label {
font-weight:bold;
width:100px;
font-size:14px;
}
.box {
border:#666666 solid 1px;
}
</style>
</head>
<body bgcolor = "#FFFFFF">
<div align = "center">
<div style = "width:300px; border: solid 1px #333333; " align = "left">
<div style = "background-color:#333333; color:#FFFFFF; padding:3px;"><b>Login</b></div>
<div style = "margin:30px">
<form action = "" method = "post">
<label>UserName :</label><input type = "text" name = "username" class = "box"/><br /><br />
<label>Password :</label><input type = "password" name = "password" class = "box" /><br/><br />
<input type = "submit" value = " Submit "/><br />
</form>
</div>
</div>
</div>
</body>
</html>
2) connection.php
<?php
$mysql_hostname ="localhost";
$mysql_user = "root";
$mysql_password ="";
$mysql_database = "foodline";
mysql_connect("$mysql_hostname", "$mysql_user", "$mysql_password") or die("Could not connect database");
mysql_select_db("$mysql_database") or die("Could not connect the database".mysql_error());
?>
3) session.php
<?php
include('connection.php');
session_start();
$user_check = $_SESSION['login_user'];
$ses_sql = mysql_query($user_check);
$row = mysql_fetch_array($ses_sql);
$login_session = $row['username'];
if(!isset($_SESSION['login_user']))
{
header("location:foodline.php");
}
?>
4) This is the output screen that I'm getting: Output Screen
The error message 'Invalid Username or Password' won't remove from above codes. Anything that I'm missing or anything that is done extra on the code?
Please help me!
</div>