Error when doing login page

[thientanchuong]

I am doing a login page which uses php source code from google and I have problem with it, please have a look and fix the code for me.

 

login.php:

 

<?php
require_once '../connection/connection.php';
require_once './library/functions.php';

$errorMessage = ' ';

if (isset($_POST['txtUserName'])) {
    $result = doLogin();
    
    if ($result != '') {
        $errorMessage = $result;
    }
}

?>

<table width="750" border="0" align="center" cellpadding="0" cellspacing="1" >
<tr>
  <td valign="top"> <table width="100%" border="0" cellspacing="0" cellpadding="20">
    <tr>
     <td>
      <form method="post" name="frmLogin" id="frmLogin">
       <p> </p>
       <table width="350" border="0" align="center" cellpadding="5" cellspacing="1" bgcolor="#FFFFFF" >
        <tr id="entryTableHeader">
         <td>:: Admin Login ::</td>
        </tr>
        <tr>
         <td >
         <div align="center"><?php echo $errorMessage; ?></div>
          <table width="100%" border="0" cellpadding="2" cellspacing="1" class="text">
           <tr align="center">
            <td colspan="3"> </td>
           </tr>
           <tr class="text">
            <td width="100" align="right">User Name</td>
            <td width="10" align="center">:</td>
            <td><input name="txtUserName" type="text" id="txtUserName" value="admin" size="10" maxlength="20"></td>
           </tr>
           <tr>
            <td width="100" align="right">Password</td>
            <td width="10" align="center">:</td>
            <td><input name="txtPassword" type="password"  id="txtPassword" value="admin" size="10"></td>
           </tr>
           <tr>
            <td colspan="2"> </td>
            <td><input name="btnLogin" type="submit" class="box" id="btnLogin" value="Login"></td>
           </tr>
          </table></td>
        </tr>
       </table>
       <p> </p>
      </form></td>
    </tr>
   </table></td>
</tr>
</table>

</body>
</html> 

 

và đây là cái function của nó ở trang function.php

 

<?php

/*
    Check if a session user id exist or not. If not set redirect
    to login page. If the user session id exist and there's found
    $_GET['logout'] in the query string logout the user
*/
function checkUser()
{
    // if the session id is not set, redirect to login page
    if (!isset($_SESSION['plaincart_user_id'])) {
        header('Location: admin/login.php');
        exit;
    }
    
    // the user want to logout
    if (isset($_GET['logout'])) {
        doLogout();
    }
}

/*
    
*/
function doLogin()
{
    // if we found an error save the error message in this variable
    $errorMessage = '';
    
    $userName = $_POST['txtUserName'];
    $password = $_POST['txtPassword'];
    
    // first, make sure the username & password are not empty
   if ($userName == '' && $password == ''){
   $errorMessage = 'You must enter All Fields';
   }
   else if ($userName == '') {
        $errorMessage = 'You must enter your username';
    } else if ($password == '') {
        $errorMessage = 'You must enter the password';
    } else {
        // check the database and see if the username and password combo do match
        $sql = "SELECT user_id
                FROM admin
                WHERE user_name = '$userName' AND user_password = PASSWORD('$password')";
        $result = mysql_query($sql);
    	$dbNumRows=mysql_fetch_assoc($result);
        if ($dbNumRows == 1) {
            $row = mysql_fetch_assoc($result);
            $_SESSION['plaincart_user_id'] = $row['user_id'];
            
            // log the time when the user last login
            $sql = "UPDATE admin
                    SET user_last_login = NOW()
                    WHERE user_id = '{$row['user_id']}'";
            mysql_query($sql);

            // now that the user is verified we move on to the next page
            // if the user had been in the admin pages before we move to
            // the last page visited
            if (isset($_SESSION['login_return_url'])) {
                header('Location: ' . $_SESSION['login_return_url']);
                exit;
            } else {
                header('Location: index.php');
                exit;
            }
        } else {
            $errorMessage = 'Wrong username or password';
        }        
            
    }
    
    return $errorMessage;
}

/*
    Logout a user
*/
function doLogout()
{
    if (isset($_SESSION['plaincart_user_id'])) {
        unset($_SESSION['plaincart_user_id']);
        session_unregister('plaincart_user_id');
    }
        
    header('Location: admin/login.php');
    exit;
}
?>

 

These images are my results for each function:

 

1- check all field

 

2- check user name

 

3 check password

 

4 Login

On this step, I input all user name and password with "admin", but it gave me an error saying "Wrong user name and password". I dont know why this happens and how I can fix it. please me fix the code.

 

 

 

And this is my datable table named admin

 

 

thanks 4 helping me

[premiso]

The password you have in your database is raw text and non-hashed. The PASSWORD function in mysql will hash the password before checking it against the data.

 

Either, when you input the user data, use PASSWORD as well or do not use PASSWORD. Either way be consistent or else they will not match.

[PFMaBiSmAd]

The PASSWORD() function is used by the authentication system in MySQL Server; you should not use it in your own applications. For that purpose, consider MD5() or SHA1() instead.

 

Don't use the mysql PASSWORD() function for what you are doing. Use either MD5() or SHA1()