i am new in code world as well as new in this forum too. this is my first post here...
i am doing my college project where i am building an intranet website for an organisation. i don't know what is the problem, at the login page it seems that the session variables r not being assigned. can anybody identify whats the problem in my code and suggest me what to do? any other loophole identification will be appreciated too. as my project ends in 3 days, i need to complete this page as soon as possible..
thanks
Code: Select all
<?php
session_start();
session_register("is_logged_in");
session_register("perm");
$myusername=$_POST['uid'];
$mypassword=md5($_POST['pass']);
if (!isset($myusername) || !isset($mypassword)) {
header( "Location: index.html" );
exit;
}
elseif (empty($myusername) || empty($mypassword)) {
header( "Location: index.htmll" );
exit;
}
else{
$host="localhost"; // Host name
$username="Aritra; // Mysql username
$password="*****";//Mysql password
$db_name="****"; // Database name
$tbl_name="login_details"; // Table name
$db_connect=mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DataBase");
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE login_id='$myusername' and passwd='md5($mypassword)'";
$result=mysql_query($sql, $db_connect);
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count>0){
$_SESSION['is_logged_in'] = TRUE;
$fetch_perm="select permission from $result where login_id='$myusername' and passwd='md5($mypassword)'";
$_session['perm']=$fetch_perm;
}
if(!isset($_SESSION['is_logged_in'])) {
header("location: index.php");
exit;
} else {
header("location: upload.php");
exit;
}
}
?>