<?php
session_start();
include ("global.php");


$d = mysql_query("SELECT * FROM `users` WHERE `username` = '$username' AND password = '$password'");
$data = mysql_fetch_array($d);

if($ologged == "1"){
header("Location: index.php");
} else {
if($_GET['action'] == login){
$user = $_POST['username'];
$user = htmlspecialchars($user);
$password = $_POST['password'];
$password = htmlspecialchars($password);
$password = md5($password);

if($user == $data['username'] || $password == $data['password']){
if($data['activated'] == "no"){
echo "Sorry but you have not activated your account yet. Please activate it by going to your inbox or if you have not received the email you can <a href=\"login.php?action=resendemail\">resend it.</a>";
} else {
$_SESSION['user'] = $user;
$_SESSION['loggedin'] = 1;
header("Location: index.php");
}
} else {
echo "Your login credentials are incorrect.";
}
}
}
?>
<form action="?action=login" method="POST">
<input type="text" name="username" value="Username" />
<input type="password" name="password" value="password" />
<input type="submit" value="login" />
</form>

My problem is that even though you enter the right credentials it says that they're incorrect. Thanks.

<?php
session_start();
include ("global.php");


$d = mysql_query("SELECT * FROM `users` WHERE `username` = '$username' AND password = '$password'");
$data = mysql_fetch_array($d);

if($ologged == "1"){
header("Location: index.php");
} else {
if($_GET['action'] == login){
$user = $_POST['username'];
$user = htmlspecialchars($user);
$password = $_POST['password'];
$password = htmlspecialchars($password);
$password = md5($password);

if($user == $data['username'] || $password == $data['password']){
if($data['activated'] == "no"){
echo "Sorry but you have not activated your account yet. Please activate it by going to your inbox or if you have not received the email you can <a href=\"login.php?action=resendemail\">resend it.</a>";
} else {
$_SESSION['user'] = $user;
$_SESSION['loggedin'] = 1;
header("Location: index.php");
}
} else {
echo "Your login credentials are incorrect.";
}
}
}
?>
<form action="?action=login" method="POST">
<input type="text" name="username" value="Username" />
<input type="password" name="password" value="password" />
<input type="submit" value="login" />
</form>My problem is that even though you enter the right credentials it says that they're incorrect. Thanks.

Well yes that would be because you're doing a mysql query before any variables are set.

<?php
session_start();
include ("global.php");

$user = $_POST['username'];
$user = htmlspecialchars($user);
$password = $_POST['password'];
$password = htmlspecialchars($password);
$password = md5($password);

$d = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'");
$data = mysql_fetch_array($d);

if($ologged == "1"){
header("Location: index.php");
} else {
if($_GET['action'] == "login"){

if($user == $data['username'] || $password == $data['password']){
if($data['activated'] == "no"){
echo "Sorry but you have not activated your account yet. Please activate it by going to your inbox or if you have not received the email you can <a href=\"login.php?action=resendemail\">resend it.</a>";
} else {
$_SESSION['user'] = $user;
$_SESSION['loggedin'] = 1;
header("Location: index.php");
}
} else {
echo "Your login credentials are incorrect.";
}
}
}
?>
<form action="?action=login" method="POST">
<input type="text" name="username" value="Username" />
<input type="password" name="password" value="password" />
<input type="submit" value="login" />
</form>

It is still saying that the credentials are incorrect.

<?php
session_start();
include ("global.php");

$user = $_POST['username'];
$user = htmlspecialchars($user);
$password = $_POST['password'];
$password = htmlspecialchars($password);
$password = md5($password);

$d = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'");
$data = mysql_fetch_array($d);

if($ologged == "1"){
header("Location: index.php");
} else {
if($_GET['action'] == "login"){

if($user == $data['username'] || $password == $data['password']){
if($data['activated'] == "no"){
echo "Sorry but you have not activated your account yet. Please activate it by going to your inbox or if you have not received the email you can <a href=\"login.php?action=resendemail\">resend it.</a>";
} else {
$_SESSION['user'] = $user;
$_SESSION['loggedin'] = 1;
header("Location: index.php");
}
} else {
echo "Your login credentials are incorrect.";
}
}
}
?>
<form action="?action=login" method="POST">
<input type="text" name="username" value="Username" />
<input type="password" name="password" value="password" />
<input type="submit" value="login" />
</form>It is still saying that the credentials are incorrect.

Your credentials are incorrect then. There's nothing wrong with that code.

I've tried over 10 different user combinations, none work. There must be something wrong that is slipping past us.

Just found something that would be part of the problem but it's still saying credentials are incorrect, here's the fix: (the query had a variable which didn't exist)


<?php
session_start();
include ("global.php");

$user = $_POST['username'];
$user = htmlspecialchars($user);
$password = $_POST['password'];
$password = htmlspecialchars($password);
$password = md5($password);

$d = mysql_query("SELECT * FROM users WHERE username = '$user' AND password = '$password'");
$data = mysql_fetch_array($d);

if($ologged == "1"){
header("Location: index.php");
} else {
if($_GET['action'] == "login"){

if($user == $data['username'] || $password == $data['password']){
if($data['activated'] == "no"){
echo "Sorry but you have not activated your account yet. Please activate it by going to your inbox or if you have not received the email you can <a href=\"login.php?action=resendemail\">resend it.</a>";
} else {
$_SESSION['user'] = $user;
$_SESSION['loggedin'] = 1;
header("Location: index.php");
}
} else {
echo "Your login credentials are incorrect.";
}
}
}
?>
<form action="?action=login" method="POST">
<input type="text" name="username" value="Username" />
<input type="password" name="password" value="password" />
<input type="submit" value="login" />
</form>

When you registered the user you did md5 the password yes? You probably did, but when I made my first ever system, that was my problem for ages because I didn't understand how it worked :p

Yes on the register page it md5's the password.

Thanks to Iszak, he figured out the problem (wasn't the code, twas my column's varchar length).