login

You're making a mistake that many, many people make: you don't check return values of functions you call. When you do this:



$result = mysql_query($sql);



you should check if $result is false. If it is, then possibly your query isn't correct.

Or, in your case, the query IS correct but no users are found with the given user name. See the section on return values on the page I link to, below. Note also that use of this function is discouraged.

You will get this error if your mysql_query returns false, this could be because the tables or fields within the query don't exist, or the syntax of the query is incorrect (which it isn't), so check that.



You should also note the following mistakes in your code:



$password = md5(md5("hdihdlfih".$password."Hd6hD5fi3"));

adding "hdihdlfih" and "Hd6hD5fi3" to the beginning and end of a password does not change anything, you need to add a unique value for each user (commonly known as a salt), for example:



$password = md5($password.$userid); where $userid is a unique id for every user pulled from the database, you should also realise that md5() is a very weak algorithm and doing it twice wont change anything, you should look into using something like crypt().



$query = mysql_query("SELECT * FROM users WHERE username='$USER'");

variables are case-sensitive and putting $USER instead of $user wont work.



other stuff that you might care about:



if ($user) and if ($password)

even tho it shouldnt be a problem, if a username or a password of a user equivalates to false (such as "0") then this will fail, you could use if(isset($user)); instead.



require("connect.php");

if for some reason requiring the file fails then your script will throw a fatal error and stop executing , you are much better using include_once("./connect.php"); and then checking the connection if($connection) and using your own error message if the connection failed.

Look for // at the right side of below code



if ($_POST['loginbtn']) {

$user = $_POST['user'];

$password = $_POST['password'];



if ($user){

if ($password){

require("connect.php");



$password = md5 (md5("hdihdlfih".$password."Hd6hD5fi3"))…

//make sure login info correct

$query = mysql_query("SELECT * FROM users WHERE username='$USER'"); // the $USER here must be $user (as per $user=$_POST['user'])

$numrows = MYSQL_NUM_ROWS ($query); // remove space between mysql_num_rows & ($query)...should be mysql_num_rows($query);

if ($numrows == 1){

$row = mysql_fetch_assoc($query);

$dbid = $row['id'];

$dbuser = $row['username'];

$dbpass = $row['password'];

$dbactive = $row['active'];



if ($password == $dbpass){

if ($dbactive == 1){

// set session info

$_SESSION['userid'] = $dbid;

$_SESSION['username'] = $dbuser;



echo "Welcome $bduser!";



}

else

echo "Your account is currently NOT active please acivate in before loging on. $form";

}

else

echo "The password you entered didn't match our records! Plaese try again!. $form";

}

else

echo "Oops, That username you entered didn't seem to work! Please Try Again.$form";



mysql_close();









}

else

echo "You must enter your password!. $form";

}

else

echo "You must enter your username!. $form";



}

else

echo $form;

remove the space between MYSQL_NUM_ROWS and ($query);



Your Query is wrong then. Make sure those thing's exist.