Jump to content

Recommended Posts

i have been working on minor project this is login script of that page i am facing some problem i want to echo if user name password and category both 3 conditions dont match with error "wrong username/password" in form i have tried everything as per my knowledge please help me in this i am new to php so dont have much experience and knowledge of php

<?php
$msg='';
    $con=mysql_connect('localhost','root','');
    if(!$con)
    {
        die("Error While connecting.......");
    }
    else
    {
        mysql_select_db("sms",$con);
        if(isset($_POST['btnlog']))
        {
            $res=mysql_query("select * from tbl_login where un='".$_POST['username']."' and pw='".$_POST['password']."' and cat='".$_POST['cat']."'");
            while($r=mysql_fetch_array($res))
            
            {
                    mail("notification@receiver.com".$_POST['username']."Successfully Logged In"."From:notification@sender.com");
                    if($r['cat']=="admin")                            
                    header("Location:admin/admin.php");                                                                                                    
                    elseif($r['cat']=="faculty")
                    header("Location:faculty/faculty.php");

                    else $msg="Incorrect Username/Password";
                    
                    
            }
            
        }
    }
?>

<body>
<section class="login_container">
    <div class="login_box">
      <h1>Login</h1>
      <form method="post">
      <center><?php echo $msg; ?></center>
        <p><input type="text" name="username" value="" placeholder="Username"></p>
        <p><input type="password" name="password" value="" placeholder="Password"></p>
          <center><select class="select" name="cat">Category
              <option selected="selected">Select A Category</option>
            <option value="admin">Administrator</option>
            <option value="faculty">Faculty</option>
          </select></center>
        <p class="submit"><input type="submit" name="btnlog" value="Login">
                          <input type="reset" value="Clear" /></p>
      </form>
    </div>
  </section>

Not sure what this is doing wrong but...

 

A few suggestions:

 

You need a space after Location: in the header()

 

Use mysqli instead of mysql

 

sanitize your data to prevent SQL injection attacks $password=mysqli_real_escpe_string($con, $_POST['password'])

 

salt and hash your passwords so they are not stored in the clear.

 

when posting here put code in code tags (the <> symbol in the editor)

Edited by davidannis

Hey, you have a lot of problems in your code, spend a little time and go check out some resources on what you are trying to do. http://w3schools.com/php/ has all the basics and more. Doing this will help you quicker than we can and you will become a better developer over all.

 

Try setting out your connections and queries better, get into some good habits.

 <?php
    define("DB_SERVER", "server");
    define("DB_USER", "username");
    define("DB_PASS", "password");
    define("DB_NAME", "database_name");


  $connection = mysqli_connect(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
  
if(mysqli_connect_errno()) {
    die("Database connection failed: " .
         mysqli_connect_error() .
         " (" . mysqli_connect_errno() . ")"
    );
  }
    
        // set queries up like this
            $query  = "SELECT * ";
            $query .= "FROM table_name ";
            $query .= "ORDER BY value ASC";
            
            // query the database
            $data_set = mysqli_query($connection, $query);
            confirm_query($data_set);
        
        // use the results
        while($upload = mysqli_fetch_assoc($data_set)) {
            // do something here
        }
    
    function confirm_query($result_set) {
        if (!$result_set) {
            die("Database query failed.");
        }
    }
    ?>

I could also achieve the same with oop and set up a class and some class methods for crud.

class DatabaseObject {

    public static function find_all() {
        return static::find_by_sql("SELECT * FROM ".static::$table_name);
  }
 
  public static function find_by_id($id=0) {
      global $database;
    $result_array = static::find_by_sql("SELECT * FROM ".static::$table_name." WHERE id=".$database->escape_value($id)." LIMIT 1");
        return !empty($result_array) ? array_shift($result_array) : false;
  }
 
  public static function find_by_sql($sql="") {
    global $database;
    $result_set = $database->query($sql);
    $object_array = array();
    while ($row = $database->fetch_array($result_set)) {
      $object_array[] = static::instantiate($row);
    }
    return $object_array;
  }

    public static function count_all() {
      global $database;
      $sql = "SELECT COUNT(*) FROM ".static::$table_name;
      $result_set = $database->query($sql);
      $row = $database->fetch_array($result_set);
          return array_shift($row);
      }

    private static function instantiate($record) {
        // Could check that $record exists and is an array
        $class_name = get_called_class();
        $object = new $class_name;
        foreach($record as $attribute=>$value){
          if($object->has_attribute($attribute)) {
            $object->$attribute = $value;
          }
        }
        return $object;
    }
    
    private function has_attribute($attribute) {
      // We don't care about the value, we just want to know if the key exists
      // Will return true or false
      return array_key_exists($attribute, $this->attributes());
    }

    protected function attributes() {
        // return an array of attribute names and their values
      $attributes = array();
      foreach(static::$db_fields as $field) {
        if(property_exists($this, $field)) {
          $attributes[$field] = $this->$field;
        }
      }
      return $attributes;
    }
    
    public function save() {
      // A new record won't have an id yet.
      return isset($this->id) ? $this->update() : $this->create();
    }
    
    protected function sanitized_attributes() {
      global $database;
      $clean_attributes = array();
      // sanitize the values before submitting
      // Note: does not alter the actual value of each attribute
      foreach($this->attributes() as $key => $value){
        $clean_attributes[$key] = $database->escape_value($value);
      }
      return $clean_attributes;
    }
    
    
    public function create() {
        global $database;
        $attributes = $this->sanitized_attributes();
      $sql = "INSERT INTO ".static::$table_name." (";
        $sql .= join(", ", array_keys($attributes));
      $sql .= ") VALUES ('";
        $sql .= join("', '", array_values($attributes));
        $sql .= "')";
      if($database->query($sql)) {
        $this->id = $database->insert_id();
        return true;
      } else {
        return false;
      }
    }

    public function update() {
      global $database;
        $attributes = $this->sanitized_attributes();
        $attribute_pairs = array();
        foreach($attributes as $key => $value) {
          $attribute_pairs[] = "{$key}='{$value}'";
        }
        $sql = "UPDATE ".static::$table_name." SET ";
        $sql .= join(", ", $attribute_pairs);
        $sql .= " WHERE id=". $database->escape_value($this->id);
      $database->query($sql);
      return ($database->affected_rows() == 1) ? true : false;
    }

    public function delete() {
        global $database;
      $sql = "DELETE FROM ".static::$table_name;
      $sql .= " WHERE id=". $database->escape_value($this->id);
      $sql .= " LIMIT 1";
      $database->query($sql);
      return ($database->affected_rows() == 1) ? true : false;

    }
    
}
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.