PHP:
<?php
include("includes/db.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST")
{
// username and password sent from Form
$username=mysql_real_escape_string($_POST['username']);
$password=mysql_real_escape_string($_POST['password']);
$password=md5($password); // Encrypted Password
$sql = "SELECT `uid` FROM `users` WHERE `username` = '$username' AND `password` = '$password'";
$result = mysql_query($sql) or die(mysql_error());
$tmp = mysql_fetch_assoc( $result );
$count = count( $tmp );
// If result matched $username and $password, table row must be 1 row
if($count==1)
{
header("location: home.php");
}
else
{
$error="Your Login Name or Password is invalid";
}
}
?>
<form action="signin.php" method="post">
<label>UserName :</label>
<input type="text" name="username"/><br />
<label>Password :</label>
<input type="password" name="password"/><br/>
<input type="submit" value=" Login "/><br />
</form>
dari script diatas apakah ada yang salah? saya coba masuk dengan username dan password yang salah malah masuk ke home.php