I have my 2 php pages, one is the login page and the other is the cms page. I need to login into my account, whenever i Give my id and password in the login form the page should first check in the database whether the user exists or not. If it does than i should login successfully else it should give me an error.
Now whenever I am trying to sign my id in, its always signing in with the name I enter in the login form. Means its also logging the persons in which are even not available in the database. Can some one guide me up? that where i am doing the mistake?
Here is my login.php.
<!DOCTYPE html>
<html lang='en'>
<head>
<meta charset="UTF-8" />
<title>
HTML Document Structure
</title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<div id="wrapper">
<form name="login-form" class="login-form" action="../cms/cms.php" method="post">
<div class="header">
<h1>Login Form</h1>
<span>Fill out the form below to login to my super awesome imaginary control panel.</span>
</div>
<div class="content">
<input name="username" type="text" class="input username" placeholder="Username" />
<div class="user-icon"></div>
<input name="password" type="password" class="input password" placeholder="Password" />
<div class="pass-icon"></div>
</div>
<div class="footer">
<input type="submit" name="button" value="submit" class="button" />
<a href="../qmc-reg/reg.php" style="color:#000" > Register</a>
</div>
</form>
</div>
<div class="gradient"></div>
</body>
</html>
This is the CMS.php..
<?php session_start(); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="style.css" />
<title>QMC Home</title>
</head>
<body>
<?php
$connection = mysql_connect('localhost','root','');
if(!$connection){
die("Database Connection Failed". mysql_error());
}
$select_db = mysql_select_db('hamdard_attendance');
if(!$select_db){
die("Database Connection Failed" . mysql_error());
}
if(isset($_POST['username']) && isset($_POST['password'])){
$username = $_POST['username'];
$password = $_POST['password'];
$query_one = "SELECT * FROM users WHERE user_name = '".$username."' AND user_pass = '".$password."' LIMIT 1";
$result = mysql_query($query_one) or die(mysql_error());
$count = mysql_num_rows($result);
if ($count == 1){
$final_result = mysql_fetch_array($result);
$_SESSION['username'] = $username;
}else{
echo "Invalid Login Credentials.";
}
}
if (isset($_SESSION['username'])){
$username = $_SESSION['username'];
}
?>
<div id="container">
<div id="header">
<h1 style="text-align:left">Quality Management<span class="off"> Cell</span></h1>
</div>
<div id="menu">
<ul>
<li class="menuitem"><a href="cms.php">Home</a></li>
<li class="menuitem"><a href="cms-attendance.php">Attendance</a></li>
<li class="menuitem"><a href="cms-courses.php">Courses</a></li>
<li class="menuitem"><a href="cms-settings.php">Settings</a></li>
</ul>
<a style="text-align:right" href="cms-logout.php">Logout</a>
</div>
</div>
<div id="content">
<div id="content_top"></div>
<div id="content_main">
<?php echo "<h2> Welcome ".$username."</h2>"?>
<?php
$connection = mysql_connect('localhost','root','');
if(!$connection){
die("Database Connection Failed". mysql_error());
}
$select_db = mysql_select_db('hamdard_attendance');
if(!$select_db){
die("Database Connection Failed" . mysql_error());
}
//if(isset($_POST['stdnt_name']) && isset($_POST['course_name']) && isset($_POST['stdnt_rfid_tag']) && isset($_POST['student_id']) && isset($_POST['course_id'])){
//$sname = $_POST['stdnt_name'];
//$cname = $_POST['course_name'];
//$rfid_code = $_POST['stdnt_rfid_tag'];
//$sid = $_POST['student_id'];
//$cid = $_POST['course_id'];
/*$query_two ="SELECT c.course_name, sa.st_classes_attempt FROM students s INNER JOIN student_attendance sa ON s.stdnt_rfid_tag = sa.st_id INNER JOIN courses c ON sa.c_name = c.course_name";
$result_attendance = mysql_query($query_two) or die(mysql_error());
while($row = mysql_fetch_array($result_attendance)){
echo "<br />";
echo $row['course_name']. " " . $row['st_classes_attempt'] ."<br/ >";
}*/
$query_three = "SELECT s.stdnt_name, c.course_name FROM students s inner JOIN student_courses sc ON sc.student_id = s.stdnt_rfid_tag INNER JOIN users u ON s.stdnt_name = u.name INNER JOIN courses c ON c.course_id = sc.course_id where u.user_name = '".$username."'";
$result_attendance3 = mysql_query($query_three) or die(mysql_error());
echo "<table border='1': border-color: silver;'>";
echo "<tr>";
echo "<td align='center' width='200'>" . "<h4>"."Student Name" ."</h4>". "</td>";
echo "<td align='center' width='200'>". "<h4>"."Course Name" ."</h4>". "</td>";
echo "</tr>";
echo "</table>";
while($row = mysql_fetch_array($result_attendance3)){
echo "<br />";
//echo "<td align='center' width='200'>".$row['st_classes_attempt'] . "</td>";
echo "<table border='1': border-color: silver;'>";
echo "<tr>";
echo "<td align='center' width='200'>".$row['stdnt_name'] . "</td>";
echo "<td align='center' width='200'>".$row['course_name'] . "</td>";
//echo "<td align='center' width='200'>".$row['st_classes_attempt'] . "</td>";
echo "</tr>";
echo "</table>";
}
/*$query_three = "SELECT sc.stdnt_name, sa.st_classes_attempt FROM students s INNER JOIN student_attendance sa ON s.stdnt_rfid_tag = sa.st_id";
$result_attendance2 = mysql_query($query_three) or die(mysql_error());
while($row = mysql_fetch_array($result_attendance2)){
echo "<br />";
echo "<h3> User Summary:</h3> <br />";
echo $row['stdnt_name']." = ".$row['st_classes_attempt']."<br/ >";
}
*/
?>
<p> </p>
<p> </p>
<div id="content_bottom"></div>
</div>
</div>
</body>
</html>