<!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "http://www.wapforum.org/DTD/xhtml-mobile10.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="icon"
type="image/png"
href="images/ump-logo.png" />
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Universiti Malaysia Sabah</title>
<link rel="stylesheet" href="jquery.mobile-1.0.min.css" />
<link rel="stylesheet" href="_assets/css/jqm-docs.css"/>
<script src="jquery.js"></script>
<script src="_assets/js/jqm-docs.js"></script>
<script src="jquery.mobile-1.0.min.js"></script>
</head>
<body>
<div data-role="page" class="type-index">
<div data-role="header" data-theme="f">
<h1>Sistem Kompaun Pelajar</h1>
<a href="index.php" data-icon="home" data-iconpos="notext" class="ui-btn-right">Home</a>
</div><!-- /header -->
<div data-role="content">
<ul data-role="listview" data-inset="true">
<li>Login</li>
<li>
<form name="login" action="login-exec.php" method="post">
<label for="basic">Katanama</label>
<label for="basic">:</label>
<input type="text" name="login" id="login" value="" />
<label for="basic">Katalaluan:</label>
<input type="password" name="password" id="password" value="" />
<select name="pilihan" id="pilihan" data-theme="b" data-overlay-theme="d" data-native-menu="false">
<option value="">Kategori</option>
<option value="1">Pelajar</option>
<option value="2">Staf</option>
<option value="3">Admin</option>
</select>
<button type="submit">Masuk</submit>
<button type="reset">Padam</reset>
</form>
</li>
</ul>
</div><!-- /ui-body wrapper -->
</div><!-- /page -->
<div align="right">
</div>
</body>
</html>
<?php
//Start session
session_start();
//Include database connection details
include('config.php');
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Connect to mysql server
//$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
//if(!$link) {
// die('Failed to connect to server: ' . mysql_error());
//}
//Select database
$db = mysql_select_db($db_name);
if(!$db) {
die("Unable to select database");
}
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//Sanitize the POST values
$login = clean($_POST['login']);
$password = clean($_POST['password']);
$pilihan = clean($_POST['pilihan']);
//Input Validations
if($login == '') {
$errmsg_arr[] = 'Login ID missing';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
if($pilihan == '') {
$errmsg_arr[] = 'kesilapan';
$errflag = true;
}
//If there are input validations, redirect back to the login form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: login.html");
exit();
}
if($pilihan == 1){
//Create query
$qry="SELECT * FROM students WHERE user='$login' AND pwd='".md5($_POST['password'])."'";
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) == 1) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_ID'] = $member['std_id'];
$_SESSION['SESS_NAME'] = $member['nama'];
session_write_close();
header("location: students.php");
exit();
}else {
//Login failed
header("location: login-failed.html");
exit();
}
}else {
die("Query failed");
}
}
if($pilihan == 2){
//Create query
$qry="SELECT * FROM staff WHERE username='$login' AND password='".md5($_POST['password'])."'";
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) == 1) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_ID'] = $member['staff_id'];
$_SESSION['SESS_NAME'] = $member['nama'];
session_write_close();
header("location: staff.php");
exit();
}else {
//Login failed
header("location: login-failed.html");
exit();
}
}else {
die("Query failed");
}
}
else{
header("location: login-failed.html");
}
if($pilihan == 3){
//Create query
$qry="SELECT * FROM admin WHERE username='$login' AND password='".md5($_POST['password'])."'";
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) == 1) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_ID'] = $member['id'];
$_SESSION['SESS_NAME'] = $member['nama'];
session_write_close();
header("location: admin.php");
exit();
}else {
//Login failed
header("location: login-failed.html");
exit();
}
}else {
die("Query failed");
}
}
else{
header("location: login-failed.html");
}
?>
//example for table student. the rest almost the same
` varchar(50) NOT NULL,
`pwd` varchar(50) NOT NULL,
`nama` varchar(50) NOT NULL,
`std_id` varchar(50) NOT NULL,
`std_ic` varchar(50) NOT NULL,
`sekolah` varchar(50) NOT NULL,
`kos` varchar(50) NOT NULL,
`tahun` int(2) NOT NULL,
PRIMARY KEY (`ID`)
) ENGINE=InnoDB DEFAULT CHARSET=armscii8 COMMENT='student xda s d ujung k' AUTO_INCREMENT=2 ;
//config.php
<?php
define('DB_HOST', 'localhost');
define('DB_USER', 'root');
define('DB_PASSWORD', '');
define('DB_DATABASE', 'ca10109');
?>
aqualove 0 Newbie Poster
pritaeas 2,194 ¯\_(ツ)_/¯ Moderator Featured Poster
What exactly is the problem? Why is line 77 commented?
Webville312 14 Newbie Poster
I honestly do not think that this code really does execute. Coz, to start with; the line that contains the connection string has been commented out. Sort that out first, then let us know.
Webville312 14 Newbie Poster
And when you say "You can't create a login script", yet you have posted the above code; I am moved to ask; Does the above code give you errors?? If so, then what errors are they?
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.