I have done enough researching ,when logging in it does not redirect me to the resource page in case of correct password also.. i had tried SHA1 on passwords before but first dealing with simpler cases,i removed it.
when i ask NAME = ‘$usr’,
As i have user as username,
if i enter User too,it doenot show wrong username,on terminal also if we try this,for username ‘user’ or ‘User’,it shows the same thing.
<?php
$con = mysql_connect("localhost","root","*****");
session_start();
if(isset($_POST['submit1']))
{
if (!$con)
{
die("OOPS!Could not connect to server".mysql_error());
}
$passwd = $_POST['password'];
$usr=$_POST['username'];
mysql_select_db('USERS',$con) or die(mysql_error());
$result = mysql_query("SELECT PASSWD FROM USERS WHERE USERNAME='$usr'",$con) Or die(mysql_error());
$pass = mysql_result($result,0);
if ($pass==$passwd) {
header('Location : resource.html');}
else
{echo "sorry $usr wrong username or password"; }
}
else if(isset($_POST['submit2']))
{
$usr = $_POST['user'];
$passwd = $_POST['password1'];
$name = $_POST['fullname'];
mysql_select_db('USERS',$con) or die(mysql_error());
$result = mysql_query("SELECT * FROM USERS WHERE USERNAME='$usr'",$con) Or die(mysql_error());
$num = mysql_num_rows($result);
if ($num==0) {
mysql_query("INSERT INTO USERS(NAME,USERNAME,PASSWD) VALUES('$name','$usr','$passwd')");
echo "congrats! you have been added.Go back to resources and log in";
}
else echo "Someone already has that username. Go back and try with another username";
}
mysql_close($con);
?>
Your missing a semicolon before an echo
Also you are not sanitizing your user input, look into prepared statements (PDO, mysqli)