Login by mysql user and password

I can't make it work.
The table users has email and password fields.
Please help me.

<?php
// we must never forget to start the session
session_start();
$errorMessage = '';


function dbConnect()
{
global $mysql_host, $mysql_user, $mysql_pass, $mysql_db;
@mysql_connect(localhost, root, root) or error( mysql_error() );
mysql_select_db(database);
//sets encoding to utf8
mysql_query("SET NAMES utf8");
}
ob_start();
dbConnect();
$query="SELECT * FROM users WHERE email='$txtUserId' && password='$txtPassword'";
$result=mysql_query($query);
$num=mysql_num_rows($result);
if ($num==1) {
// the user id and password match,
// set the session
$_SESSION['basic_is_logged_in'] = true;

// after login we move to the main page
header('Location: b-main.php');
ob_end_flush();
exit;
} else {
$errorMessage = 'Sorry, wrong user id / password';
}

?>


<html>
<head>
<title>Basic Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<?php
if ($errorMessage != '') {
?>
<p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p>
<?php
}
?>
<form method="post" name="frmLogin" id="frmLogin">
<table width="400" border="1" align="center" cellpadding="2" cellspacing="2">
<tr>
<td width="150">User Id</td>
<td><input name="txtUserId" type="text" id="txtUserId"></td>
</tr>
<tr>
<td width="150">Password</td>
<td><input name="txtPassword" type="password" id="txtPassword"></td>
</tr>
<tr>
<td width="150">&nbsp;</td>
<td><input type="submit" name="btnLogin" value="Login"></td>
</tr>
</table>
</form>
</body>
</html>

There could be a number of problems here.

The first is that I don't see any $_POST used to get the variables
from your form. This is probably because your script is really old
and these days, "register_globals" is normally disabled. So the
values from the form are never getting read by the script.

Not being able to test it myself, try this and see what happens:

<?php
// we must never forget to start the session
session_start();
$errorMessage = '';

// Get form variables via POST method and sanitize any variables used in a query ...
$txtUserId = mysql_real_escape_string($_POST['txtUserID']);
$txtPassword = mysql_real_escape_string($_POST['txtPassword']);

function dbConnect()
{
global $mysql_host, $mysql_user, $mysql_pass, $mysql_db;
@mysql_connect(localhost, root, root) or error( mysql_error() );
mysql_select_db(database);
//sets encoding to utf8
mysql_query("SET NAMES utf8");
}
ob_start();
dbConnect();
$query="SELECT * FROM users WHERE email='$txtUserId' && password='$txtPassword'";
$result=mysql_query($query);
$num=mysql_num_rows($result);
if ($num==1) {
// the user id and password match,
// set the session
$_SESSION['basic_is_logged_in'] = true;

// after login we move to the main page
header('Location: b-main.php');
ob_end_flush();
exit;
} else {
$errorMessage = 'Sorry, wrong user id / password';
}

?>


<html>
<head>
<title>Basic Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<?php
if ($errorMessage != '') {
?>
<p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p>
<?php
}
?>
<form method="post" name="frmLogin" id="frmLogin">
<table width="400" border="1" align="center" cellpadding="2" cellspacing="2">
<tr>
<td width="150">User Id</td>
<td><input name="txtUserId" type="text" id="txtUserId"></td>
</tr>
<tr>
<td width="150">Password</td>
<td><input name="txtPassword" type="password" id="txtPassword"></td>
</tr>
<tr>
<td width="150">&nbsp;</td>
<td><input type="submit" name="btnLogin" value="Login"></td>
</tr>
</table>
</form>
</body>
</html>

I added the $_POST.
still not working.

<?php
// we must never forget to start the session
session_start();
$errorMessage = '';


function dbConnect()
{
global $mysql_host, $mysql_user, $mysql_pass, $mysql_db;
@mysql_connect( $mysql_host, $mysql_user, $mysql_pass ) or error( mysql_error() );
mysql_select_db( $mysql_db );
//sets encoding to utf8
mysql_query("SET NAMES utf8");
}
ob_start();
require('paramlinks.inc.php');
dbConnect();
$txtUserId=$_POST['txtUserId'];
$txtPassword=$_POST['txtPassword'];
$query="SELECT * FROM users WHERE email='txtUserId' && password='$txtPassword'";
$result=mysql_query($query);
$num=mysql_num_rows($result);
$email=$row[email];
$password=$row[password];
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
// check if the user id and password combination is correct
if ($_POST['txtUserId'] === '$email' && $_POST['txtPassword'] === '$password') {
ob_start();
$_SESSION['basic_is_logged_in'] = true;

// after login we move to the main page
header('Location: b-main.php');
ob_end_flush();
exit;
} else {
$errorMessage = 'Sorry, wrong user id / password';
}
}
?>


<html>
<head>
<title>Basic Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<?php
if ($errorMessage != '') {
?>
<p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p>
<?php
}
?>
<form method="post" name="frmLogin" id="frmLogin">
<table width="400" border="1" align="center" cellpadding="2" cellspacing="2">
<tr>
<td width="150">User Id</td>
<td><input name="txtUserId" type="text" id="txtUserId"></td>
</tr>
<tr>
<td width="150">Password</td>
<td><input name="txtPassword" type="password" id="txtPassword"></td>
</tr>
<tr>
<td width="150">&nbsp;</td>
<td><input type="submit" name="btnLogin" value="Login"></td>
</tr>
</table>
</form>
</body>
</html>

Start troubleshooting by inserting an echo into various parts.

Example, after this line,
$num=mysql_num_rows($result);

Insert an echo and halt the program:

$num=mysql_num_rows($result);
echo "Number of finds: $num";
exit;

It will tell you what the value is, and stop the program at that place.
If $num = 0, then you didn't find any user/pass

Keep doing that in various places, using different variables.
You'll eventually see where the program is not working.

still can't get in.

When you put this into your code, what was the result?

echo "Number of finds: $num";
exit;

Did $num = 1 or 0 ?