mysql - Login PHP it's not working -

mysql - Login PHP it's not working -

is code ok? seek create php login page it's not working...can help me? below source of php page. form written in extjs.

<?php $loginusername = isset($_post["loginusername"]) ? $_post["loginusername"] : ""; $loginpassword = isset($_post["loginpassword"]) ? $_post["loginpassword"] : ""; /*if($loginusername == "f"){ echo "{success: true}"; } else { echo "{success: false, errors: { reason: 'login failed. seek again.' }}"; }*/ //baza de datesession_start(); $conn = mysql_connect("localhost","root","pass"); mysql_select_db("hgr",$conn); $result = mysql_query("select * utilizatori username='" . $loginusername . "' , parola = '". $loginusername."'"); $row = mysql_fetch_array($result); if(is_array($row)) { echo "{success: true}"; $_session["userid"] = $row[id]; $_session["username"] = $row[username]; $_session["nume"] = $row[nume]; $_session["casa"] = $row[casa]; $_session["rol"] = $row[nivel_acces]; } else { echo "{success: false, errors: { reason: 'login failed. seek again.' }}"; } ?>

you have many errors in code :

$result = mysql_query("select * utilizatori username='" . $loginusername . "' , parola = '". $loginusername."'");

you check username , parola on same var. want :

$result = mysql_query("select * utilizatori username='" . $loginusername . "' , parola = '". $loginpassword."'");

you affecting vars without quotes :

$_session["userid"] = $row['id'];

check :

json_encode() send message in json instead of writing yourself mysqli_* or pdo cause you're using mysql_* deprecated mysql injections in query

php mysql session post