Your SQL query/logic is completely wrong.
What you should do is check if that user and password combination exits in database using WHERE clause. But actually you are doing is fetching each row and checking for equality. In such situation you can also get n numbers of wrong credentials.
$query = mysql_query("SELECT * FROM table WHERE userName="$_POST[user]" AND pass="$_POST[pass]"") or die(mysql_error());
$row = mysql_fetch_array($query) or die(mysql_error());
if(!empty($row['userName']) AND !empty($row['pass'])) {
echo "SUCCESSFULLY LOGIN TO USER PROFILE PAGE..."; }
else {
echo "SORRY... YOU ENTERD WRONG ID AND PASSWORD... PLEASE RETRY...";
}
Here again a better check would be to check if number of rows==1, which is best practice and convention you should follow.
1
solved Sign in form always showing “Wrong Credentials”