engrjd91 0 Junior Poster in Training

I have my 2 php pages, one is the login page and the other is the cms page. I need to login into my account, whenever i Give my id and password in the login form the page should first check in the database whether the user exists or not. If it does than i should login successfully else it should give me an error.

Now whenever I am trying to sign my id in, its always signing in with the name I enter in the login form. Means its also logging the persons in which are even not available in the database. Can some one guide me up? that where i am doing the mistake?

Here is my login.php.

<!DOCTYPE html>

<html lang='en'>
<head>
    <meta charset="UTF-8" /> 
    <title>
        HTML Document Structure
    </title>
    <link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>

<div id="wrapper">

    <form name="login-form" class="login-form" action="../cms/cms.php" method="post">

        <div class="header">
        <h1>Login Form</h1>
        <span>Fill out the form below to login to my super awesome imaginary control panel.</span>
        </div>

        <div class="content">
        <input name="username" type="text" class="input username" placeholder="Username" />
        <div class="user-icon"></div>
        <input name="password" type="password" class="input password" placeholder="Password" />
        <div class="pass-icon"></div>     
        </div>



        <div class="footer">
        <input type="submit" name="button" value="submit" class="button" />
        <a href="../qmc-reg/reg.php" style="color:#000" >  Register</a>
        </div>

    </form>

</div>
<div class="gradient"></div>

</body>
</html>

This is the CMS.php..

<?php session_start(); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="style.css" />
<title>QMC Home</title>
</head>

<body>
<?php
$connection = mysql_connect('localhost','root','');
if(!$connection){
    die("Database Connection Failed". mysql_error());
    }
$select_db = mysql_select_db('hamdard_attendance');
if(!$select_db){
    die("Database Connection Failed" . mysql_error());
    }

if(isset($_POST['username']) && isset($_POST['password'])){
$username = $_POST['username'];
$password = $_POST['password'];

$query_one = "SELECT * FROM users WHERE user_name = '".$username."' AND user_pass = '".$password."' LIMIT 1";
$result = mysql_query($query_one) or die(mysql_error());
$count = mysql_num_rows($result);

if ($count == 1){
$final_result = mysql_fetch_array($result);
$_SESSION['username'] = $username;
}else{
echo "Invalid Login Credentials.";
}
}
if (isset($_SESSION['username'])){
$username = $_SESSION['username'];
}
?>
<div id="container">
        <div id="header">
            <h1 style="text-align:left">Quality Management<span class="off"> Cell</span></h1>

        </div>   

        <div id="menu">
            <ul>
                <li class="menuitem"><a href="cms.php">Home</a></li>
                <li class="menuitem"><a href="cms-attendance.php">Attendance</a></li>
                <li class="menuitem"><a href="cms-courses.php">Courses</a></li>
                <li class="menuitem"><a href="cms-settings.php">Settings</a></li>

            </ul>
            <a style="text-align:right" href="cms-logout.php">Logout</a>
        </div>

        </div>        
        <div id="content">
        <div id="content_top"></div>
        <div id="content_main">
<?php echo "<h2> Welcome ".$username."</h2>"?>
<?php 
$connection = mysql_connect('localhost','root','');
if(!$connection){
    die("Database Connection Failed". mysql_error());
    }
$select_db = mysql_select_db('hamdard_attendance');
if(!$select_db){
    die("Database Connection Failed" . mysql_error());
    }
//if(isset($_POST['stdnt_name']) && isset($_POST['course_name']) && isset($_POST['stdnt_rfid_tag']) && isset($_POST['student_id']) && isset($_POST['course_id'])){
//$sname = $_POST['stdnt_name'];
//$cname = $_POST['course_name'];
//$rfid_code = $_POST['stdnt_rfid_tag'];
//$sid = $_POST['student_id'];
//$cid = $_POST['course_id'];

/*$query_two ="SELECT c.course_name, sa.st_classes_attempt FROM students s INNER JOIN student_attendance sa ON s.stdnt_rfid_tag = sa.st_id INNER JOIN courses c ON sa.c_name = c.course_name";
            $result_attendance = mysql_query($query_two) or die(mysql_error());
                        while($row = mysql_fetch_array($result_attendance)){
                                    echo "<br />";
                                    echo $row['course_name']. " " . $row['st_classes_attempt'] ."<br/ >";
                        }*/

$query_three = "SELECT s.stdnt_name, c.course_name FROM students s inner JOIN student_courses sc ON sc.student_id = s.stdnt_rfid_tag INNER JOIN users u ON s.stdnt_name = u.name INNER JOIN courses c ON c.course_id = sc.course_id where u.user_name = '".$username."'"; 
$result_attendance3 = mysql_query($query_three) or die(mysql_error());
                                    echo "<table border='1': border-color: silver;'>";
                                    echo "<tr>";
                                    echo "<td align='center' width='200'>" . "<h4>"."Student Name" ."</h4>". "</td>";
                                    echo "<td align='center' width='200'>". "<h4>"."Course Name" ."</h4>". "</td>";
                                    echo "</tr>";
                                    echo "</table>";
                        while($row = mysql_fetch_array($result_attendance3)){
                                    echo "<br />";
                                    //echo "<td align='center' width='200'>".$row['st_classes_attempt'] . "</td>";
                                    echo "<table border='1': border-color: silver;'>";
                                    echo "<tr>";
                                    echo "<td align='center' width='200'>".$row['stdnt_name'] . "</td>";
                                    echo "<td align='center' width='200'>".$row['course_name'] . "</td>";
                                    //echo "<td align='center' width='200'>".$row['st_classes_attempt'] . "</td>";
                                    echo "</tr>";
                                    echo "</table>";
} 

/*$query_three = "SELECT sc.stdnt_name, sa.st_classes_attempt FROM students s INNER JOIN student_attendance sa ON s.stdnt_rfid_tag = sa.st_id";
            $result_attendance2 = mysql_query($query_three) or die(mysql_error());
                        while($row = mysql_fetch_array($result_attendance2)){
                                    echo "<br />";
                                    echo "<h3> User Summary:</h3> <br />";
                                    echo $row['stdnt_name']."   =   ".$row['st_classes_attempt']."<br/ >";
}
*/
?>

            <p>&nbsp;</p>
            <p>&nbsp;</p>

        <div id="content_bottom"></div>


      </div>
   </div>
</body>
</html>
Be a part of the DaniWeb community

We're a friendly, industry-focused community of 1.21 million developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.