My PHP else is not showing properly

Question

When the login password or username its incorrect it doesent echo the error when it should, anyone got any idea why that is? I have checked the code many times and still cant find why the errror happens so it will be great if someone could fix my code

<?php
define('DB_HOST', 'localhost');
define('DB_NAME', 'radio');
define('DB_USER','anuar');
define('DB_PASSWORD','admin');

$con=mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or die("Failed to connect to MySQL: " . mysql_error());
$db=mysql_select_db(DB_NAME,$con) or die("Failed to connect to MySQL: " . mysql_error());
/*
$ID = $_POST['user'];
$Password = $_POST['pass'];
*/
function SignIn()
{
session_start();   //starting the session for user profile page
if(!empty($_POST['user']))   //checking the 'user' name which is from Sign-In.html, is it empty or have some text
{
    $query = mysql_query("SELECT *  FROM members where Username = '$_POST[user]' AND Password = '$_POST[pass]'") or die(mysql_error());
    $row = mysql_fetch_array($query) or die(mysql_error());
    if(!empty($row['Username']) AND !empty($row['Password']))
    {
        $_SESSION['Username'] = $row['Password'];
        echo "SUCCESSFULLY LOGIN TO USER PROFILE PAGE...";

    }
    else
    {
        echo "SORRY... YOU ENTERD WRONG ID AND PASSWORD... PLEASE RETRY...";
    }
}
}
if(isset($_POST['submit']))
{
    SignIn();
}

?>

Use [`mysql_num_rows()`](http://php.net/manual/en/function.mysql-num-rows.php) for this, instead of `if(!empty($row['Username']) AND !empty($row['Password']))` that's why it's not working. — Funk Forty Niner, Sep 27 '14 at 05:26

score 0 · Answer 1 · answered Sep 27 '14 at 05:29

Change this line

if(!empty($row['Username']) AND !empty($row['Password']))
    {
        $_SESSION['Username'] = $row['Password'];
        echo "SUCCESSFULLY LOGIN TO USER PROFILE PAGE...";

    }

To this

if(mysql_num_rows($query)>0)
{
    $_SESSION['Username'] = $row['Password'];
        echo "SUCCESSFULLY LOGIN TO USER PROFILE PAGE...";
}

score 0 · Answer 2 · answered Sep 27 '14 at 05:30

Try this might give you the idea

$username=mysql_real_escape_string($_POST['username']);
    $password=mysql_real_escape_string($_POST['password']);

    $sql=mysql_query("SELECT * FROM admin WHERE username='$username' AND password='$password'");;
    $count=mysql_num_rows($sql);

    if($count==1)
    {
        $_SESSION['admin']=$username;
        redirect();
    }
    else
    {
        echo "<script>alert('Username or password is incorrect...');</script>";
    }

Good luck!

score 0 · Answer 3 · answered Sep 27 '14 at 05:32

$row = mysql_fetch_array($query)....

you can change this code as like:

$row = mysql_num_rows($query);
if($row >=1){
 $data = mysql_fetch_array($query);
 $_SESSION['Username'] = $data['Username'];
 echo "SUCCESSFULLY LOGIN TO USER PROFILE PAGE...";
}else{
 echo "Invalid Username or Password";
}

score 0 · Answer 4 · answered Sep 27 '14 at 05:47

I've taken the liberty of rewriting your code to address a number of potential issues, as well as demonstrating some better practices, including:

Using PDO_mysql instead of the "Maintenance only" mysql API;
Using the password_hash extension for verifying the users' passwords
Handling errors with exceptions

It's possible that your hosting provider doesn't offer all of these features, but I thought it would be a good chance to offer a brief survey of them, so you could get an idea of where you should be looking.

    <?php
    session_start();   //starting the session as soon as the script begins
    try {
        $db = new PDO('mysql:host=localhost;dbname=radio;charset=utf8', 'anuar', 'admin');
        $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
    } catch(PDOException $ex) {
        echo $ex->getMessage();
    }

    /*
    $ID = $_POST['user'];
    $Password = $_POST['pass'];
    */
    function SignIn()
    {
        if(!empty($_POST['user']))   //checking the 'user' name which is from Sign-In.html, is it empty or have some text
        {
            try {
                $stmt = $db->prepare("SELECT * FROM members where Username = :user");
                $stmt->execute(array(':user' => $_POST['user']));
                $results = $stmt->fetchAll(PDO::FETCH_ASSOC);

                if (((count($results) != 1) || !password_verify($_POST['pass'], $results[0]['Password'])) {
                    // Either password verification failed, or we did not get back exactly one row with the given username;
                    // do something sensible about that, please.

                    return false;
                }

                $_SESSION['Username'] = $results[0]['Username'];

            } catch (PDOException $ex) {
                // Our database code failed somewhere - you should log this somewhere and check on them regularly,
                // if you're getting a lot of them give some thought as to why.
                echo $ex->getMessage();
            }
        }
    }

    if(isset($_POST['submit']))
    {
        SignIn();
    }

My PHP else is not showing properly

4 Answers4