0

i have the following code : 

   <?php
    session_start();
    ?>

<!DOCTYPE html>
<html>
<body>
<form name="form1" method="POST">
    <table>
        <tr>
            <td>Username</td>
            <td> <input type="text" name="text1"></td>

        </tr>
        <tr>
            <td>Password</td>
            <td><input type="password" name="pwd"></td>


        </tr>
        <tr>
            <td><input type="submit" name="submit1"></td>           

        </tr>
    </table>
</form>


</body>
</html>



<?php
include 'config.php';
mysql_select_db("sess_db",$con);

?>

<?php
if(isset($_POST['submit1'])) {
      $result=mysql_query("SELECT username,password FROM siteinfo ");
      $result2=mysql_fetch_row($result);
      $count=mysql_num_rows($result);
    $nm = $_POST['text1'];
    $pwd = $_POST['pwd'];
    if ($result == $nm && $result == $pwd) {
        $_SESSION['luser'] = $name;
        $_SESSION['start'] = time();
        //the expire u put it
        $_SESSION['expire'] = $_SESSION['start'] + (30 * 60);
        header('Location: homepage.php');
    }
    else {
        echo "Please Enter a Correct Username & Password ! ";
    }
}
?>

in the login page i must enter username : joseph and password : moon

but i want to remove this two variables $name & $password and link it to my database that contains usernames and passwords, if i enter one of them redirect me to the

homepage.php

Improve this question
6
  • 2
    First add session_start(); after your <?php Commented Jan 23, 2014 at 11:15
  • Your question shows that you don't know how to interact with a Database in PHP. You should read some documentation or tutorials first Commented Jan 23, 2014 at 11:21
  • i know how to connect it but the problem i don't know where must i put it @Tounu Commented Jan 23, 2014 at 11:26
  • before using the output Commented Jan 23, 2014 at 11:28
  • @Tounu i edited my question take a look and i'd to know where is the problem ! Commented Jan 23, 2014 at 11:43

2 Answers 2

Reset to default
1

TRy this. But it is too simple

     <?php
            if(isset($_POST['submit1'])) {

                $name = "Joseph";
                $password = "moon";
                $nm = $_POST['text1'];
                $con=myssql_connect('localhost','root','');// mysql_connect('your host name','database username','database password')
                mysql_select_db('your database name',$con) or die("Can't select DB");
                $pwd = $_POST['pwd'];
                $qry="SELECT * FROM login_labe WHERE username='$name' AND 
password='$password'";
                $result=mysql_query($qry);
                $res=mysql_fetch_array($result);
                 $nm=$res['username'];
                 $pwd=$res['password'];
                if ($name == $nm && $password == $pwd) {
                    session_start();  ///////////////You need to add session_start()
                    $_SESSION['luser'] = $res['your name form DB'];
                    $_SESSION['start'] = time();
                    //the expire u put it
                    $_SESSION['expire'] = $_SESSION['start'] + (30 * 60);
                    header('Location: homepage.php');
                }
                else {
                    echo "Please Enter a Correct Username & Password ! ";
                }
            }
            ?>
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

i added a session_start() at the top of my page ! what i want is how to connect with my db
You mean mysql php connection?
i want only the usernames and passwords that form my db to login if not show me > Please Enter a Correct Username & Password ! if you see in my code i removed $name = "Joseph"; & $password = "moon"; ...
May be this will help you stackoverflow.com/questions/20441699/…
0

First, you should add some filters on $_POST['text1'] and $_POST['pwd'], to avoid injections in your SQL query, or unexpected behaviors.

$name = $_POST['text1'];
$pw = $_POST['pwd'];

Then, just build a query like this :

SELECT count(*) from user_table where name = $name and pwd = $pw

if count != 0 then the association name/password is correct, and you can redirect the user to homepage.

This is very basic, you can do safer.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.