0

I have this code in my login.php, from sigin.php page if the user click on signin, it will display wrong username or password but the username and password is in the database named Username and Password.

Please i will appreciate if someone can fix this error for me. Your concern is sincerely appreciated.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<?php
$txtusername=$_POST['UserName'];
$txtpassword=$_POST['Password'];
$usertype=$_POST['rdType'];
if($usertype=="Admin")
{
$con = mysql_connect("localhost","sample","sample");
mysql_select_db("customer", $con);
$sql = "select * from admin_master where username='".$txtusername."' and password='".$txtpassword."'";
$result = mysql_query($sql,$con);
$records = mysql_num_rows($result);
$row = mysql_fetch_array($result);
if ($records==0)
{
echo '<script type="text/javascript">alert("Wrong UserName or Password");window.location=\'index.php\';</script>';
}
else
{
header("location:blend_oceancrest_details_highvertical/index.php");
} 
mysql_close($con);
}
else if($usertype=="Customer")
{
$con = mysql_connect("localhost","sample","sample");
mysql_select_db("customer", $con);
$sql = "select * from customer_registration where UserName='".$txtusername."' and Password='".$txtpassword."' ";
$result = mysql_query($sql,$con);
$records = mysql_num_rows($result);
$row = mysql_fetch_array($result);
if ($records==0)
{
echo '<script type="text/javascript">alert("Wrong Username or Password");window.location=\'signin.php\';</script>';
}
else
{
$_SESSION['id']=$row['customerid'];
$_SESSION['name']=$row['customername'];
header("location:customer/index.php");
} 

}

?>

</body>
</html>

Edited by pritaeas: Fixed markdown. Removed email. Keep it on-site.

5
Contributors
8
Replies
56
Views
2 Years
Discussion Span
Last Post by wareez
0

OK few thigs:

1) Don't mix php and html
2) Indent code and markup
3) stop using deprecated php (mysql)
4) escape your inputs - you are wide open to SQL Injection - solved if you use prepared statements and bind params/values (PDO/mysqli)

Edited by diafol

0

I have this code in my login.php, from sigin.php page if the user click on signin@JerrimePatient, the form is in the sigin.php
Agreed with @diafol's comments.
In addition, from you code, I assume you haven't encode your password?

To debug the problem, I suggest you to echo $sql before the query to ensure all variables parsing is correct, made sure the letter case and spaces(sometimes I input extra space in form without notice) is exactly as database.

-1
<form action="someaction">
$txtusername=$_POST['UserName'];
$txtpassword=$_POST['Password'];
$usertype=$_POST['rdType'];
if($usertype=="Admin")
{
$con = mysql_connect("localhost","sample","sample");
mysql_select_db("customer", $con);
$sql = "select * from admin_master where username='".$txtusername."' and password='".$txtpassword."'";
$result = mysql_query($sql,$con);
$records = mysql_num_rows($result);
$row = mysql_fetch_array($result);
if ($records==0)
{
echo '<script type="text/javascript">alert("Wrong UserName or Password");window.location=\'index.php\';</script>';
}
else
{
header("location:blend_oceancrest_details_highvertical/index.php");
} 
mysql_close($con);
}
else if($usertype=="Customer")
{
$con = mysql_connect("localhost","sample","sample");
mysql_select_db("customer", $con);
$sql = "select * from customer_registration where UserName='".$txtusername."' and Password='".$txtpassword."' ";
$result = mysql_query($sql,$con);
$records = mysql_num_rows($result);
$row = mysql_fetch_array($result);
if ($records==0)
{
echo '<script type="text/javascript">alert("Wrong Username or Password");window.location=\'signin.php\';</script>';
}
else
{
$_SESSION['id']=$row['customerid'];
$_SESSION['name']=$row['customername'];
header("location:customer/index.php");
} 
}

</form>

all you are missing is the first line and the last line.

0
<form action="someaction">
    $txtusername=$_POST['UserName'];
    $txtpassword=$_POST['Password'];
    $usertype=$_POST['rdType'];
    if($usertype=="Admin")
    {
        $con = mysql_connect("localhost","sample","sample");
        mysql_select_db("customer", $con);
        $sql = "select * from admin_master where username='".$txtusername."' and password='".$txtpassword."'";
        $result = mysql_query($sql,$con);
        $records = mysql_num_rows($result);
        $row = mysql_fetch_array($result);
        if ($records==0)
        {
            echo '<script type="text/javascript">alert("Wrong UserName or Password");window.location=\'index.php\';</script>';
        }
        else
        {
            header("location:blend_oceancrest_details_highvertical/index.php");
        } 
        mysql_close($con);
    }
    else if($usertype=="Customer")
    {
        $con = mysql_connect("localhost","sample","sample");
        mysql_select_db("customer", $con);
        $sql = "select * from customer_registration where UserName='".$txtusername."' and Password='".$txtpassword."' ";
        $result = mysql_query($sql,$con);
        $records = mysql_num_rows($result);
        $row = mysql_fetch_array($result);
        if ($records==0)
        {
            echo '<script type="text/javascript">alert("Wrong Username or Password");window.location=\'signin.php\';</script>';
        }
        else
        {
            $_SESSION['id']=$row['customerid'];
            $_SESSION['name']=$row['customername'];
            header("location:customer/index.php");
        } 
    }
</form>

@diafol: Sorry, I didn't indent it, I only copied the code of wareez.

0

I have the login form in a separate page. The code is to process the login. At this stage if you can help me to provide a login similar to this I don't mind, I wanted to use it for one of my project and I need login script for the user's, I mean the admin will select a radio button while the customer will select customer radio button but they will be directed to different page based on type of radio button they choose.

Kindly help me, I need it friends, brothers, father, and all.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.