CODEWITHSUNDEEP
phpmysqldatabasesession
user1887616
user1887616

Reputation:

PHP Session getting data from database

i have the following code : 

   <?php
    session_start();
    ?>

<!DOCTYPE html>
<html>
<body>
<form name="form1" method="POST">
    <table>
        <tr>
            <td>Username</td>
            <td> <input type="text" name="text1"></td>

        </tr>
        <tr>
            <td>Password</td>
            <td><input type="password" name="pwd"></td>


        </tr>
        <tr>
            <td><input type="submit" name="submit1"></td>           

        </tr>
    </table>
</form>


</body>
</html>



<?php
include 'config.php';
mysql_select_db("sess_db",$con);

?>

<?php
if(isset($_POST['submit1'])) {
      $result=mysql_query("SELECT username,password FROM siteinfo ");
      $result2=mysql_fetch_row($result);
      $count=mysql_num_rows($result);
    $nm = $_POST['text1'];
    $pwd = $_POST['pwd'];
    if ($result == $nm && $result == $pwd) {
        $_SESSION['luser'] = $name;
        $_SESSION['start'] = time();
        //the expire u put it
        $_SESSION['expire'] = $_SESSION['start'] + (30 * 60);
        header('Location: homepage.php');
    }
    else {
        echo "Please Enter a Correct Username & Password ! ";
    }
}
?>

in the login page i must enter username : joseph and password : moon

but i want to remove this two variables $name & $password and link it to my database that contains usernames and passwords, if i enter one of them redirect me to the

homepage.php

Upvotes: 0

Views: 132

Answers (2)

Lal krishnan S L
Lal krishnan S L

Reputation: 1745

TRy this. But it is too simple

     <?php
            if(isset($_POST['submit1'])) {

                $name = "Joseph";
                $password = "moon";
                $nm = $_POST['text1'];
                $con=myssql_connect('localhost','root','');// mysql_connect('your host name','database username','database password')
                mysql_select_db('your database name',$con) or die("Can't select DB");
                $pwd = $_POST['pwd'];
                $qry="SELECT * FROM login_labe WHERE username='$name' AND 
password='$password'";
                $result=mysql_query($qry);
                $res=mysql_fetch_array($result);
                 $nm=$res['username'];
                 $pwd=$res['password'];
                if ($name == $nm && $password == $pwd) {
                    session_start();  ///////////////You need to add session_start()
                    $_SESSION['luser'] = $res['your name form DB'];
                    $_SESSION['start'] = time();
                    //the expire u put it
                    $_SESSION['expire'] = $_SESSION['start'] + (30 * 60);
                    header('Location: homepage.php');
                }
                else {
                    echo "Please Enter a Correct Username & Password ! ";
                }
            }
            ?>

Upvotes: 1

Tounu
Tounu

Reputation: 563

First, you should add some filters on $_POST['text1'] and $_POST['pwd'], to avoid injections in your SQL query, or unexpected behaviors.

$name = $_POST['text1'];
$pw = $_POST['pwd'];

Then, just build a query like this :

SELECT count(*) from user_table where name = $name and pwd = $pw

if count != 0 then the association name/password is correct, and you can redirect the user to homepage.

This is very basic, you can do safer.

Upvotes: 0

Related Questions