<!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "http://www.wapforum.org/DTD/xhtml-mobile10.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml">  
    <head>
        <link rel="icon" 
      type="image/png" 
      href="images/ump-logo.png" />
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1"> 
    <title>Universiti Malaysia Sabah</title> 
    <link rel="stylesheet"  href="jquery.mobile-1.0.min.css" />  
    <link rel="stylesheet" href="_assets/css/jqm-docs.css"/>
    <script src="jquery.js"></script>
    <script src="_assets/js/jqm-docs.js"></script>
    <script src="jquery.mobile-1.0.min.js"></script>
</head> 
<body> 

    <div data-role="page" class="type-index">

        <div data-role="header" data-theme="f">
        <h1>Sistem Kompaun Pelajar</h1>
            <a href="index.php" data-icon="home" data-iconpos="notext" class="ui-btn-right">Home</a>
    </div><!-- /header -->

    <div data-role="content">

        <ul data-role="listview" data-inset="true">
            <li>Login</li>
            <li>
            <form name="login" action="login-exec.php" method="post">
              <label for="basic">Katanama</label>

              <label for="basic">:</label>
            <input type="text" name="login" id="login" value=""  />
            <label for="basic">Katalaluan:</label>
            <input type="password" name="password" id="password" value=""  />
            <select name="pilihan" id="pilihan" data-theme="b" data-overlay-theme="d" data-native-menu="false">
              <option value="">Kategori</option>
              <option value="1">Pelajar</option>
              <option value="2">Staf</option>
              <option value="3">Admin</option>
            </select>
            <button type="submit">Masuk</submit>
            <button type="reset">Padam</reset>

              </form>
            </li>

        </ul>

    </div><!-- /ui-body wrapper -->   
</div><!-- /page -->   
<div align="right">


</div>
</body>
</html>




<?php
    //Start session
    session_start();

    //Include database connection details
    include('config.php');

    //Array to store validation errors
    $errmsg_arr = array();

    //Validation error flag
    $errflag = false;

    //Connect to mysql server
    //$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
    //if(!$link) {
    //  die('Failed to connect to server: ' . mysql_error());
    //}

    //Select database
    $db = mysql_select_db($db_name);
    if(!$db) {
        die("Unable to select database");
    }

    //Function to sanitize values received from the form. Prevents SQL injection
    function clean($str) {
        $str = @trim($str);
        if(get_magic_quotes_gpc()) {
            $str = stripslashes($str);
        }
        return mysql_real_escape_string($str);
    }

    //Sanitize the POST values
    $login = clean($_POST['login']);
    $password = clean($_POST['password']);
    $pilihan = clean($_POST['pilihan']);

    //Input Validations
    if($login == '') {
        $errmsg_arr[] = 'Login ID missing';
        $errflag = true;
    }
    if($password == '') {
        $errmsg_arr[] = 'Password missing';
        $errflag = true;
    }
    if($pilihan == '') {
        $errmsg_arr[] = 'kesilapan';
        $errflag = true;
    }
    //If there are input validations, redirect back to the login form
    if($errflag) {
        $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
        session_write_close();
        header("location: login.html");
        exit();
    }

    if($pilihan == 1){
    //Create query
    $qry="SELECT * FROM students WHERE user='$login' AND pwd='".md5($_POST['password'])."'";
    $result=mysql_query($qry);

    //Check whether the query was successful or not
    if($result) {
        if(mysql_num_rows($result) == 1) {
            //Login Successful
            session_regenerate_id();
            $member = mysql_fetch_assoc($result);
            $_SESSION['SESS_ID'] = $member['std_id'];
            $_SESSION['SESS_NAME'] = $member['nama'];
            session_write_close();
            header("location: students.php");
            exit();
        }else {
            //Login failed
            header("location: login-failed.html");
            exit();
        }
    }else {
        die("Query failed");
    }
    }
    if($pilihan == 2){
    //Create query
    $qry="SELECT * FROM staff WHERE username='$login' AND password='".md5($_POST['password'])."'";
    $result=mysql_query($qry);

    //Check whether the query was successful or not
    if($result) {
        if(mysql_num_rows($result) == 1) {
            //Login Successful
            session_regenerate_id();
            $member = mysql_fetch_assoc($result);
            $_SESSION['SESS_ID'] = $member['staff_id'];
            $_SESSION['SESS_NAME'] = $member['nama'];
            session_write_close();
            header("location: staff.php");
            exit();
        }else {
            //Login failed
            header("location: login-failed.html");
            exit();
        }
    }else {
        die("Query failed");
    }
    }
    else{
    header("location: login-failed.html");
    }
    if($pilihan == 3){
    //Create query
    $qry="SELECT * FROM admin WHERE username='$login' AND password='".md5($_POST['password'])."'";
    $result=mysql_query($qry);

    //Check whether the query was successful or not
    if($result) {
        if(mysql_num_rows($result) == 1) {
            //Login Successful
            session_regenerate_id();
            $member = mysql_fetch_assoc($result);
            $_SESSION['SESS_ID'] = $member['id'];
            $_SESSION['SESS_NAME'] = $member['nama'];
            session_write_close();
            header("location: admin.php");
            exit();
        }else {
            //Login failed
            header("location: login-failed.html");
            exit();
        }
    }else {
        die("Query failed");
    }
    }
    else{
    header("location: login-failed.html");
    }
?>


//example for table student. the rest almost the same
` varchar(50) NOT NULL,
  `pwd` varchar(50) NOT NULL,
  `nama` varchar(50) NOT NULL,
  `std_id` varchar(50) NOT NULL,
  `std_ic` varchar(50) NOT NULL,
  `sekolah` varchar(50) NOT NULL,
  `kos` varchar(50) NOT NULL,
  `tahun` int(2) NOT NULL,
  PRIMARY KEY (`ID`)
) ENGINE=InnoDB  DEFAULT CHARSET=armscii8 COMMENT='student xda s d ujung k' AUTO_INCREMENT=2 ;





//config.php
<?php
    define('DB_HOST', 'localhost');
    define('DB_USER', 'root');
    define('DB_PASSWORD', '');
    define('DB_DATABASE', 'ca10109');
?>

Recommended Answers

All 3 Replies

I honestly do not think that this code really does execute. Coz, to start with; the line that contains the connection string has been commented out. Sort that out first, then let us know.

And when you say "You can't create a login script", yet you have posted the above code; I am moved to ask; Does the above code give you errors?? If so, then what errors are they?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.