samowns Posted November 13, 2015 Share Posted November 13, 2015 here is loginact.php i just want if user login see the profile restriction means if admin login they can change ..i think i need to put one field 'type' admin or user..plz somone figure out..am new to sql this code is running <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <link href="css/style.css" rel="stylesheet"> <head> <style> .red { color:#F00; font-size:15px; } </style> <?php include "header.php";?> <?php include ("db.php"); $error=""; ?> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> </head><?php session_start(); ?> <?php if(isset($_POST['sb'])) { $a=$_POST ['eml']; $b=$_POST['pass']; $c="select * from users where eml='$a' && pass='$b'"; $s=mysql_query ($c); $row=mysql_num_rows($s); if($row==1 ) { $_SESSION['eml']=$a; header("location:fetch.php?msg=Scuessfull login"); } else{ $error= "Invalid Email or Password *"; } } ?> </head> <body><?php if(isset($_GET['logout'])) { session_unregister('eml'); } ?> <h3>Admin Login </h3> <div class="usr"> <form action="loginact.php" method="post" required="required"> <div class="col-lg-6"><div class="input-group"> Email id<input type="text" class="form-control" name="eml" required="required"/> <br /> <div class="red"><?php if($error!="") { echo $error; } ?></div> Password<input type="password" class="form-control" name="pass" required="required"/><br /> <input style="width:100px;" class="btn-success k" type="submit" name="sb" value="Login"/> </form> </div> </body> </html> Quote Link to comment Share on other sites More sharing options...
QuickOldCar Posted November 13, 2015 Share Posted November 13, 2015 (edited) Is so many things wrong with this code is not worth fixing. I'll list some items wrong or bad with it. can't use header() after there is any output on the page start your session top of the script mysql_* functions are deprecated use mysqli and mysqli_real_escape_string or pdo with prepared statements use password_hash and password_verify upon verifying the user and their hashed password, set the appropriate users id or name plus users rights in a session, from then on can use and check from the session values You can do a users rights in the database 1-9 and the highest being admin with lesser permissions as go lower I have a simple example of user rights in this post keep all the coding logic up top and display html down below could be using html5 You are better off looking on the net and find a tutorial using pdo, password_hash and sessions Edited November 13, 2015 by QuickOldCar Quote Link to comment Share on other sites More sharing options...
samowns Posted November 13, 2015 Author Share Posted November 13, 2015 (edited) ok Edited November 13, 2015 by samowns Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted November 13, 2015 Share Posted November 13, 2015 code runs scuessfull bro . iknow so many mistakes in my code bt this is not my question bro QuickOldCar has answered your question. Read his reply again. You should take the advise given seriously. Your code is very outdated, yes it runs but it is not very insecure. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.