Why can't I login?

[soc86]

I am trying to create a login form.  But when i enter the correct username and password it will not redirect me to the correct mage (index.php).  Can anyone help, my code is below:

 

<?php
session_start();
if(isset($_SESSION["manager"])){
    header("location: index.php");
    exit();
}
?>
<?php
//Parse the log in form if the user has filled it out and pressed "Log In"
if(isset($_POST["username"])&& isset($_POST["password"])){

    $manager=preg_replace('#[^A-Za-z0-9]#i','',$_POST["username"]);
    $password=preg_replace('#[^A-Za-z0-9]#i','',$_POST["password"]);
    //Connect to the MySQL database
    include"../storescripts/connect_to_mysql.php";
    $sql=mysql_query("SELECT id FROM admin WHERE username='$manager' AND password='$password' LIMIT 1"); //query the person
    //-----MAKE SURE PERSON EXISTS IN DATABASE -----
    $existCount=mysql_num_rows($sql); //count the row nums
    if($existsCount==1){ //evaluate the count
        while($row=mysql_fetch_array($sql)){
        $id=$row["id"];
        }
        $_SESSION["id"]=$id;
        $_SESSION["manager"]=$manager;
        $_SESSION["password"]=$password;
        header("location: ../index.php");
        exit();
    }else{
    echo 'That information is incorrect try again <a href="admin_login.php">Click Here</a>';
    exit();
    }
}
?>

[Pikachu2000]

Echo the query string and make sure it contains the values you'd expect it to contain.

 

Echo the value of mysql_num_rows() to make sure it isn't zero.

 

Paste the echoed query string into phpMyAdmin and see what results it returns.

 

What application is that code from?

[soc86]

What do you mean application, Its coded by myself?

[soc86]

run the quey and $existCount is equal to 1?

[RobertP]

i recommend encrypting your password

 

$password = hash('sha1',$password);

 

and make the password row varchar(40)