If you enter the wrong username then no result is returned so the "while" loop is never executed.
You need a "if (mysql_num_rows())" block containing your containing "while"loop, and then an "else" clause with the same redirect (repeated).
You also don't need to match the username within that while loop. It will match, or else it would not have been returned by the query.
If you assume the username is unique, then you needn't use the "while" at all, just call the mysql_fetch_array() function.
Code: Select all
# require 'DBConnect.php';
#
# $Date = getdate();
# $LastLogin = $Date['month'] . ' ' . $Date['mday'] . ' ' . $Date['year'] . ' at ' . $Date['hours'] . ':' . $Date['minutes'];
#
#
# $username = $_POST['username'];
# $password = md5($_POST['password']);
#
# $query = "SELECT username, password,lastLogin FROM users WHERE username='$username'";
# $result = mysql_query($query);
# if (mysql_num_rows($result)) {
# $row = mysql_fetch_array($result, MYSQL_ASSOC);
# if ($password == $row['password']){
# $query = "UPDATE users SET lastLogin = '$LastLogin' WHERE username = '$username'"; //get last login date from DB
# mysql_query($query) or die('Error, query failed');
# mysql_close($conn);
# echo "<center><h2>Welcome $username!</h2></center>"; //welcome screen
# echo "Last Login was on " . $row['lastLogin']; //display last date/time logged in
# }else{
# ?>//redirect to login screen
# <script type="text/javascript">
# <!--
# window.location = "http://www.what-i-think.org/Examples/Main.html"
# //-->
# </script>
# <?
#
# }else{
# ?>//redirect to login screen
# <script type="text/javascript">
# <!--
# window.location = "http://www.what-i-think.org/Examples/Main.html"
# //-->
# </script>
# <?
#
# }
#