0
<link rel="stylesheet" type="text/css" href="admin/css/style.css" />
<?php include('dbcon.php');
include('header.php');
 ?>
</head>
<body>

    <div class="navbar navbar-fixed-top">
    <div class="navbar-inner">
    <div class="container">

        <a class="brand">
        <img src="admin/images/dee.png" width="150" height="50">
    </a>
    <a class="brand">
     <h2>UNITOUCH GLOBAL ONLINE E-VOTING</h2>
     <div class="chmsc_nav"><font size="4" color="white">Uniquely Touching The Universe</font></div>
    </a>

    <?php include('head.php'); ?>

    </div>
    </div>
    </div>
<div class="wrapper_admin">
</br>
</br>
</br>
    <div id="element" class="hero-body-index">

    <p><font color="white"><h2>Voter Login</h2></font></p>

    <form method="POST" >
    <table>
    <tr><td><font color="white">UserName:</font>&nbsp;&nbsp;</td><td><input type="text"  name="UserName" class="UserName_hover"></td></tr>
    <tr><td>...<td></tr>
    <tr><td><font color="white">Password:</font>&nbsp;&nbsp;</td><td><input type="Password" name="Password" class="Password_hover"></td></tr>
    <tr><td>...<td></tr>
    <tr><td></td><td>   <button class="btn btn-primary" name="Login"><i class="icon-ok icon-large"></i>&nbsp;Login</button>

    </td></tr>
    <tr><td>
    </td><tr>
    </form>
    </table>

    </br>
    <div class="error">
            <?php

if (isset($_POST['Login'])){

$UserName=$_POST['UserName'];
$Password=$_POST['Password'];




$login_query=mysqli_query($GLOBALS["___mysqli_ston"], "select * from voters where Username='$UserName' and Password='$Password' and Status='Unvoted' and Year='1st year'") or die(((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)));
$login_query3=mysqli_query($GLOBALS["___mysqli_ston"], "select * from voters where Username='$UserName' and Password='$Password' and Status='Unvoted' and Year='2nd year'") or die(((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)));
$login_query4=mysqli_query($GLOBALS["___mysqli_ston"], "select * from voters where Username='$UserName' and Password='$Password' and Status='Unvoted' and Year='3rd year'") or die(((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)));
$login_query5=mysqli_query($GLOBALS["___mysqli_ston"], "select * from voters where Username='$UserName' and Password='$Password' and Status='Unvoted' and Year='4th year'") or die(((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)));
//
$login_query1=mysqli_query($GLOBALS["___mysqli_ston"], "select * from voters where Username='$UserName' and Password='$Password' and Status='Voted'");
$login_query2=mysqli_query($GLOBALS["___mysqli_ston"], "select * from voters where Username='$UserName' and Password='$Password' and Status='Voted'");
$count=mysqli_num_rows($login_query);
$count1=mysqli_num_rows($login_query1);
$count3=mysqli_num_rows($login_query3);
$count4=mysqli_num_rows($login_query4);
$count5=mysqli_num_rows($login_query5);
$row=mysqli_fetch_array($login_query);
$row3=mysqli_fetch_array($login_query3);
$row4=mysqli_fetch_array($login_query4);
$row5=mysqli_fetch_array($login_query5);
$id=$row['VoterID'];
?>
<?php 
if($count == 1){
session_start();
$_SESSION['id']=$row['VoterID'];
header('location:voting.php');
}
if($count3 == 1){
session_start();
$_SESSION['id']=$row3['VoterID'];
header('location:voting.php');
}
if($count4 == 1){
session_start();
$_SESSION['id']=$row4['VoterID'];
header('location:voting.php');
}
if($count5 == 1){
session_start();
$_SESSION['id']=$row5['VoterID'];
header('location:voting.php');
}
if($count1 == 1){ ?>
    <div class="alert alert-error">
    <button class="close" data-dismiss="alert">×</button>
   You Can Only Vote Once
    </div>
<?php
}else{ ?>
<div class="alert alert-error">
    <button class="close" data-dismiss="alert">×</button>
   Please check your username and password
    </div>

    <?php 
    }
?>

<?php
}

?>
</div>
</div>
</br>
</br>
</br>
</br>
</br>

    <?php include('footer.php')?>    
</div>

    </body>

</html>
3
Contributors
7
Replies
15
Views
3 Years
Discussion Span
Last Post by nana.k.denise
0

Let me get this right, you want us to convert your code for you? If you are new to PDO, then a good way to get started would be to research PDO and attempt it yourself. I am tempted to say "RTFM", but that would be rude. This code is not yours I take it. It looks very old.

You're probably better starting from scratch. Check out pritaeas' tutorials in the code snippets section of this forum.

0

ok thanks..yh the code is not mine..am using it for a voting site..and i needed it to be protected against sql injection. am still researching on PDO but i wont be able to correct the problem now since am new to it.would be glad if you could help correct the coding

0

chose PDO because it does protect against sql injection.how wil the binding be like for this code?

0

As pritaeas states, mysqli has binding too, so there's not much difference between PDO and mysqli for this purpose. Have you looked at the php manual for mysqli (or PDO) - there are examples there.

How about Google: "php mysqli binding example"

Edited by diafol

0

ohkk thanks..will check it out.But will still appreciate if you could help correct the code to prevent injections

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.