Been playing around with php for a couple of days, and wrote this:
<html>
<head>
<title>Login</title>
</head>
<body>
<?php
if ($submit) {
$db = mysql_connect("localhost", "root");
mysql_select_db("users", $db);
if ($result = mysql_query("SELECT username, password FROM users WHERE username = '$username'", $db)) {
$row = mysql_fetch_array($result);
if( ($password) == $row['password']) {
echo "login successful";
} else {
echo "wrong password";
}
} else {
echo "No such user in db";
}
} else {
?>
<form method="post" action="<?php echo $PHP_SELF ?>">
Username:<input type="Text" name="username"><br>
Password:<input type="Password" name="password"><br>
<input type="Submit" name="submit" value="Login">
</form>
<?php
}
?>
</body>
</html>
It works if you type a username thats in the database. If you have a username thats not in the database, leave the password field blank and it logs in, if you put a password then the "wrong password" bit comes up (instead of skipping to the "no such user" bit.)
Bear in mind I have register globals on, so thats not the problem.
