mysql_fetch assoc refuses to return password row. Help needed

The username row comes out perfectly but the password row refuses to come through.

I am at a loss here.

Does anybody know what the solution is?

here is my code::

<?php

//Mass include file
include ("includes/mass.php");

//This is the login script
//Grabbing the login values and storing them

$username = $_POST['username'];
$password = $_POST['password'];
$submit   = $_POST['submit'];

if (isset($submit))
{
    if (strlen($username)<2) // put || ($username==(same as value on the database)
    {
        echo ("<br>You must enter a longer username</br>");
    }
    elseif (strlen($password)<=6)
    {
        echo ("<br>You must enter a longer password<br>");
    }
    el开发者_开发问答se
    {
        $sql = "SELECT * FROM user WHERE username = '$username'";
        $query = mysql_query($sql);
        $numrows = mysql_num_rows($query);

        if ($numrows != 0)
        {
            while ($row = mysql_fetch_assoc($query))
                $dbusername = $row['username'];
            $dbpassword = $row['password'];         

            if ($dbusername == $username && $dbpassword == $password)
            {
                echo "your in!";
            }
            else
            {
                echo "Wrong info";
            }
        }
        else
        {
            die ("That username doesnt exist");
        }
    }
}

?>

You have a missing parenthesis after the while.

Both

$dbusername = $row['username'];
$dbpassword = $row['password'];      

Should be within the while loop which is not the case.

You need to do something like:

while ($row = mysql_fetch_assoc($query)) {

    $dbusername = $row['username'];
    $dbpassword = $row['password'];           

    if ($dbusername == $username && $dbpassword == $password) {
        echo "your in!";
    }
....

Adding to what Matthew has said:

You should not show messages like "username doesnt exist" to the user. This provides valuable information to a hacker who wants to break in. In case the user provides a wrong username and/or wrong password, you should display "invalid username or password".

I like the suggestion about the {} that normally encompasses the code that occurs in a while loop. Id replace 

while ($row = mysql_fetch_assoc($query))
                $dbusername = $row['username'];
            $dbpassword = $row['password']; 

with

while ($row = mysql_fetch_assoc($query))
{
   $dbusername = $row['username'];
   $dbpassword = $row['password']; 
}
// this lets the loop finish so $dbusername and $dbpassword are potentially set
// so you can contine with your if statements

Another thing to check is your html - check your password field looks something
like <input type="password" name="password" />

You could always try echo $password; immediately after $_POST['password'] to see 
if it existed in the first place. Then echo any of your variables after they have
been set to see if they exist.

Your script would fail if username is not unique. Is that perhaps the case?

Apart from that, storing passwords as plain text and not cleaning user input: very bad ideas...

Edit: By the way, why don´t you check for a valid username / password combination in the query itself:

... WHERE username='" . mysql_real_escape_string($username) . "'
    AND password='" . some_hashing_function($password) .  "'";

Another edit: You have to look carefully at what is happening; my initial answer (non-unique user-id) could be a problem, but @codaddict's answer could already solve your problem.

Basically, what your statement is like without the curly braces is like this:

while ($row = mysql_fetch_assoc($query))
    $dbusername = $row['username'];
    $dbpassword = $row['password'];         
    ....

is the same to php as:

while ($row = mysql_fetch_assoc($query))
{
    $dbusername = $row['username'];
}
$dbpassword = $row['password'];
...

so by the time you want to fill your $dbpassword, $row is already empty.