Member Avatar for සශික

hey guys I'm doing lms project. I created login page and php file. I can't find where I stucked.
Here explanation of login form :

  • Check whether given username and password correct or not..
  • If correct then check user type...
  • redirect to different pages according to user's faculty...

here my php code :

<?php
   session_start();
   $db=mysql_connect("localhost","root","") or die("error : ".mysql_error());
   if(isset($_POST['btn_log']))
   {      
        $username=$_POST['username'];
        $password=$_POST['password'];
        mysql_select_db("lms");

        $query = mysql_query("select * from lms.user");

        while($row = mysql_fetch_assoc($query)){

            if(($row['user_name']==$username)&&($row['password']==$password)){
                if($row['u_type']=="admin"){
                    $_SESSION['username']=$username;
                    $_SESSION['password']=$pass;
                    header("location:lec_dash.php");
                }
                else if($row['u_type']=="user"){
                    if($row['faculty']=="School of Computing")
                    {
                        header("location:modules_SOC.php");
                    }
                    else if($row['faculty']=="School of Business")
                    {
                        header("location:modules_SOB.php");
                    }
                    else if($row['faculty']=="School of Engineering")
                    {
                        header("location:modules_SOE.php");
                    }
                }
            }
            else if(($row['user_name']!=$username)&&($row['password']!=$password))
            {
                header("location:log_error.php");
            }
        }     
    }
?>

this is the structure of datatable :

database name is lms
table name is user
field names are user_name,password,index_no,faculty,email,u_type

guys help me .....
Thank you !

When I see a login like that I cringe. The basic problem is that the password is stored in the clear rather than a hash salted result. Here's priors about this.

https://www.google.com/search?q=Dont'+store+passwords+in+databases

In those discussions you'll find many examples. Add the keyword PHP to get more specific.

In other words, you dug a hole and I shouldn't hand you a shovel.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.