Admin panel on my domain says wrong user & password . databsse, phpmyadmin related problem?

Question

I have a problem logging into a domain admin panel that is connected to my app.

I get wrong username and password, even though I have copying the username and password from tbl_admin from phpmyadmin.

this is from my phpmyadmin SQL Structure.

CREATE TABLE `tbl_admin` (
  `id` int(11) NOT NULL,
  `full_name` varchar(255) NOT NULL,
  `username` varchar(100) NOT NULL,
  `password` varchar(100) NOT NULL,
  `email` varchar(200) NOT NULL,
  `phone` varchar(255) NOT NULL,
  `image` varchar(255) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

/////////////////////code below is my function.php from filemanager////////////////////////////////////

#Admin Login
function adminUser($username, $password)
{

    global $mysqli;

    $sql = "SELECT id,username FROM tbl_admin where username = '".$username."' and password = '".md5($password)."'";       
    $result = mysqli_query($mysqli,$sql);
    $num_rows = mysqli_num_rows($result);

    if ($num_rows > 0)
    {
        while ($row = mysqli_fetch_array($result))
        {
            echo $_SESSION['ADMIN_ID'] = $row['id'];
                        echo $_SESSION['ADMIN_USERNAME'] = $row['username'];

        return true; 
        }
    }

}

Answer 1

At your query

$sql = "SELECT id,username FROM tbl_admin where username = '".$username."' and password = '".md5($password)."'";

you compares your password to password coded to md5 at database row. If you try to copy a password directly from table tbl_admin remove md5 command at you query

$sql = "SELECT id,username FROM tbl_admin where username = '".$username."' and password = '".$password."' LIMIT 1;" ;

Then you can copy a password from your tbl_admin. If you want to keep md5 command at you query you have to know a password before coding to md5 string.

LIMIT 1

is for faster mysql preformance