Php Login & Mysql

Question

Im trying to make a simply login page but it says.

Parse error: syntax error, unexpected '$dbpassword' (T_VARIABLE) in /home/speedmin/public_html/login.php on line 19

Here is my code for the php script:

<?php

session_start();

$username = $_POST['username'];
$password = $_POST['password'];

if($username&&$password){
    $connect = mysql_connect("localhost","root","code") or die("Kunne ikke finde databasen");
    mysql_select_db("dbname") or die("Kunne ikke finde databasen");

    $query = mysql_query("SELECT * FROM users WHERE username='$username'");

    $numrows = mysql_num_fields($query);

    if($numrows){
        while($row = mysql_fetch_assoc($query)){
            $dbusername = $row['username']
            $dbpassword = $row['password']
        }

        if($username==$dbusername&&md5($password)==$dbpassword){
            echo"You are logged in";
            $_SESSION['username'] = $username;
        }
        else {
            echo"Din kode er forkert";
        }
    }
    else{
        die("Der er ingen bruger der hedder det");}
}
else{
    die("Skriv venligst din bruger & kode");
}

?>

Hope you can help, sry this is maybe a stupid question but im not so good to php.

I cant see whats wrong with the line so :(

Found a solution. :D

<?php

session_start();

$username = $_POST['username'];
$password = $_POST['password'];

if($username&&$password){
    $connect = mysql_connect("localhost","root","password") or die("Kunne ikke finde databasen");
    mysql_select_db("db") or die("Kunne ikke finde databasen");

    $query = mysql_query("SELECT * FROM users WHERE username='$username'");

    $numrows = mysql_num_fields($query);

    if($numrows){
        while($row = mysql_fetch_assoc($query)){
            $dbusername = $row['username'];
            $dbpassword = $row['password'];
        }

        if($username==$dbusername&&$password==$dbpassword){
            echo"Du logget ind";
            @$_SESSION['username'] = $username;
        }
        else {
            echo"Din kode er forkert";
        }
    }
    else{
        die("Der er ingen bruger der hedder det");}
}
else{
    die("Skriv venligst din bruger & kode");
}

?>

Answer 1

Because you forgot ;. It should be:

while($row = mysql_fetch_assoc($query)){
  $dbusername = $row['username'];
  $dbpassword = $row['password'];
}

But I would also suggest that you use mysqli_* instead of deprecated mysql_* API.

Don't also give the user the idea that the username they entered are correct or not. So I make a shorter conditions for your case.

<?php

  session_start();

  /* ESTABLISH CONNECTION TO YOUR DATABASE */
  $con = new mysqli("localhost", "root", "code", "dbname");

  /* CHECK CONNECTION */
  if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
  }

  if(isset($_POST["username"], $_POST["password"])){ /* IF BOTH ARE SET */

    $password = md5($_POST["password"]); /* HASH THE SUBMITTED PASSWORD */ 

    $stmt = $con->prepare("SELECT username, password FROM users WHERE username = ? AND password = ?"); /* PREPARE YOUR QUERY */
    $stmt->bind_param("ss", $_POST["username"], $password); /* ? WILL BE REPLACED WITH THESE TWO VARIABLES RESPECTIVELY; s STANDS FOR STRING TYPE */
    $stmt->execute(); /* EXECUTE YOUR QUERY */
    $stmt->store_result(); /* STORE THE RESULTS */
    $numrows = $stmt->num_rows; /* GET THE NUMBER OF RETURNED ROWS */
    $stmt->bind_result($dbusername, $dbpassword); /* BIND THE RESULT TO THESE TWO VARIABLES ACCORDINGLY */
    $stmt->fetch(); /* FETCH RESULTS */
    $stmt->close(); /* CLOSE PREPARED STATEMENT */

    if($numrows > 0){ /* IF FOUND MATCH */
      echo "You are logged in";
      $_SESSION['username'] = $dbusername;
    }
    else {
      echo"Din kode er forkert";
    }

  }
  else {
    die("Skriv venligst din bruger & kode");
  }

?>

And password_hash is a more secure way to encrypt password rather than md5(). If you have a time, take also a look at it.

Answer 2

 if($numrows){
    while($row = mysql_fetch_assoc($query)){
        $dbusername = $row['username'];
        $dbpassword = $row['password'];
    }

    if($username==$dbusername&&md5($password)==$dbpassword){
        echo"You are logged in";
        $_SESSION['username'] = $username;
    }
    else {
        echo"Din kode er forkert";
    }
}

missing ;

Answer 3

if(isset($userName) & & isset($password)) { Rest of code here. Should work. Why are you looping through? Just use an if statement. if($username == $row['userName'] & & md5($password) == $row['password'])

Answer 4

try this code ..i m using this way to login //php

if(isset($_POST['sbtLogin'])){

        extract($_POST);
        $email = isset($email) ? $email : '';
        $password = isset($password) ? md5($password) : '';
        $remember = isset($remember) ? $remember : 'n';
        if($email != '' && $password != '')
        {
            $selUser = mysql_query('SELECT id,firstName FROM tbl_users WHERE email = "'.$email.'" AND password="'.$password.'" LIMIT 1');
            if(mysql_num_rows($selUser)>0){
                $fetchUsr = mysql_fetch_assoc($selUser);
                $_SESSION['sessUserId'] = $fetchUsr['id'];
                $_SESSION['sessUserName'] = $fetchUsr['firstName'];

                                echo 'Successfully loggedin';
            }
            else{
            $msg = 'Invalid Username or password';

            }
        }
        else{

                echo 'Fill all values properly';
        }

    }