Username/Password Login Trouble with PHP

Question

Thanks in advance for help. Trying to program a basic login with username and password using php. Have created basic form with username and password input box with submit button in html and have also set up phpmyadmin database.

Have already entered in two entries into the table, and have confirmed that the mysql connection in php is working properly and connecting to database. But when I try entering in the correct username and password into the form, I am constantly getting "incorrect password" instead of "You're In".

Can anyone please tell me where my coding is off? (Sorry for the poor formatting. I was using a funny text editor)

<?php

$username = $_POST['username']; 
$password = $_POST['password'];

$domainname     = 'mydomainname'; 
$domainpassword = 'mypassword'; 
$hostname       = 'localhost'; 
$database       = 'mydomainname_...phplogin'; 

if($username && $password)  {

    mysql_connect($hostname, $domainname, $domainpassword) or die("Couldn't Connect!");  
    @mysql_select_db($database) or die("Unable to select database");

    $query = mysql_query("SELECT * FROM users WHERE username='$username'");

    $numrows = mysql_num_rows($query);

    if ($numrows!=0)  {      
        while ($row = mysql_fetch_assoc($query))    {      
            $dbusername = $row['username']; 
            $dbpassword = $row['password'];    
        }

        if ($username==$dbusername&&$password==$dbpassword){        
            echo "You're in!";     
        } else {
            echo "Incorrect Password!"; 
        }

    } else {
        die("I'm afraid there isn't a user with that name!");
    }

} else {
    die("Please enter an actual username and a password!");
}

?>

Answer 1

There was a problem with your SQL query.

I have edited your code..

<?php

$username = $_POST['username']; 
$password = $_POST['password'];

$domainname     = 'mydomainname'; 
$domainpassword = 'mypassword'; 
$hostname       = 'localhost'; 
$database       = 'mydomainname_...phplogin'; 

if($username && $password)  {

mysql_connect($hostname, $domainname, $domainpassword) or die("Couldn't Connect!");  
@mysql_select_db($database) or die("Unable to select database");

$query = mysql_query("SELECT * FROM users WHERE username='".$username."'");

$numrows = mysql_num_rows($query);

if ($numrows!=0)  {      
    while ($row = mysql_fetch_assoc($query))    {      
        $dbusername = $row['username']; 
        $dbpassword = $row['password'];    
    }

    if ($username==$dbusername&&$password==$dbpassword){        
        echo "You're in!";     
    } else {
        echo "Incorrect Password!"; 
    }

} else {
    die("I'm afraid there isn't a user with that name!");
}

} else {
die("Please enter an actual username and a password!");
}

?>