I am trying to create a login script using three fields. I have tried the following code, but I keep getting "Login failure..".
I have two user record in my database and I am sure it keep grabbing the last one. Does anyone have any ideas where I am going wrong?
Also, if anyone could give me some ideas on making this script a little secure for commercial purposes.
$username = $_POST[username];
$password = $_POST[pass];
if ($account && $username && $password)
$query = mysql_query("SELECT * FROM users WHERE account='$account'");
while ($getrows = mysql_fetch_assoc($query))
$dbaccount = $getrows['account'];
$dbusername = $getrows['user_login'];
$dbpassword = $getrows['password'];
if (($account == $dbaccount) && ($username == $dbusername) && ($password == $dbpassword))
echo "Login Successful";
echo "Login failure..";
die("Please ensure all field are completed for login");