Authorization

The error is that when I enter at least the correct login and password, it displays “Invalid Login or password”, please tell me the error, here is the code:

<?php
mysql_connect('') or die("can't connect");
mysql_select_db(refresh615) or die(mysql_error());
$username = $_POST['username'];
$password = $_POST['password'];
$sql = mysql_query("SELECT * FROM users WHERE username='$username' and password='$password'");
$result = mysql_query($sql);
$count = mysql_num_rows($result);
if($count==1) {
  session_register("username");
  session_register("password");
  header("location:page.php");
}
else{  
echo "   ";
}
?>

Answer 1, authority 100%

This is how my work with the database works (Although the connection can be opened once, I do this every time I access the database).
We will be interested in the do_login function from here.

This example is convenient because it has a fairly simple approach to extending it.
P.S. There are a few extra features, but I decided to leave them for clarity.
+ I also left the block with authorization as it is….. well, just like that)))

abstract class i_storage_service {
    abstract public function get_query($c);
}
abstract class i_storage_manager {
    private $_ss;
    public function __construct(i_storage_service $ss) {
        $this->_ss = $ss;
    }
    public function query($val) {
        return $this->_ss->get_query($val);
    }
}
class Storage extends i_storage_service {
    private static $DB_L = "login";
    private static $DB_P = "passwd";
    private static $DB_B = "db_name";
    private static $DB_H = "host";
    public function get_query ($query) {        
        $mysql_connect = mysql_connect(self::$DB_H, self::$DB_L, self::$DB_P);
        mysql_select_db(self::$DB_B, $mysql_connect);
        mysql_query('SET NAMES "UTF-8"');
        if(!$return = mysql_query($query)) {    
            trace_log("Storage service error : \"" . mysql_error()) . "\""; //   
            mysql_close($mysql_connect);
            return false;
        }   
        mysql_close($mysql_connect);
        return $return;
    }
}
class User extends i_storage_manager {
    private $user = NULL;
    public function get_by_id($val) {
        $res = parent::query("SELECT * from `users` WHERE `id`=" . $val);
        (!$res) ? false : $this->user = mysql_fetch_object($res);
        return $this->user;
    }
    public function get_by_login($val) {
        $res =  parent::query("SELECT * from `users` WHERE `login`='".$val . "'");
            (!$res) ? false : $this->user = mysql_fetch_object($res);
        return $this->user;
    }
    public function do_login($l,$p="") {
        $res = NULL;
        if (!$l)
            return false;
        if ($p)
            $p = md5($p);
        else 
            $p = "";
        $res = parent::query("SELECT * from `users` WHERE `login`='" .$l . "' && `password`='".$p."'");
        if ($res) {
            if(!$res = mysql_fetch_object($res)){   
                trace_log("Error started session by login \"".$l."\" . Remote IP: " . $_SERVER['REMOTE_ADDR']);
                return false;
            }
            $this->user = $res;
            trace_log("Session started by login \"".$res->login."\" . Remote IP: " . $_SERVER['REMOTE_ADDR']);
        }
        return $this->user;
    }
}

And here is the authorization:

$Storage = new Storage;
$User = new User($Storage);
if($res = $User->do_login( $login, $passwd ))
    $json = json_encode(array('login' => true));
else 
    $json = json_encode(array('err' => 'login incorrect'));

By the way, $res will return all the necessary information about the user (if, of course, the authorization is successful, otherwise it will be false)


Answer 2

It makes you want to say: “Well, you and @Prikol! “, but I won’t do that.
Remove the first mysql_query, leave it as a string.


Answer 3

<?php
mysql_connect('') or die("can't connect");
mysql_select_db(refresh615) or die(mysql_error());
$username = $_POST['username'];
$password = $_POST['password'];
$sql=mysql_query("SELECT COUNT(*) FROM users WHERE username='$username' and password='$password'");
if(mysql_result($sql),0)==1)
{
$sql=mysql_fetch_assoc($sql);
  session_register($sql[username]);
  session_register($sql[password]);
  header("location:page.php");
}
else{  
echo "   ";
}
?>