Below is my login part code
Code: Select all
<?php
if(isset($_SESSION['usernamejob']))
{
echo "<center><br>Hello, <font color=\"blue\">".$_SESSION['usernamejob'].".<br /><br /></center></font>";
include("ucp.php");
echo
"<center>
<input type=\"submit\" name=\"Logout\" value=\"Logout\" onClick=\"parent.location='?page=logout'\" />
</center>";
}
else
{
if(!isset($_POST['login_x']))
{
echo
"<table border=\"0\" >
<tr>
<form method=\"POST\">
<tr> Username:</tr>
<tr><input class=\"cleardefault\" size=\"14\" type=\"text\" name=\"usernamejob\" maxlength=\"12\" style=\"width: 170px;\" />
<tr> Password:</tr>
<tr><input class=\"cleardefault\" size=\"14\" type=\"password\" name=\"password\" style=\"width: 170px;\" />
<center>
</tr>
</table>
<table>
<tr>
<br/><center>
<input type=\"image\" src=\"images/login.png\" name=\"login\" value=\"Login\" alt=\"login\" /></form></center>
</tr>
</center>
</table>";
}
else
{
$usernamejob = $_POST['usernamejob'];
$password = $_POST['password'];
if ($usernamejob&&$password)
{
$conn = mysql_connect("localhost","root","") or die ("Cannot connect!");
mysql_select_db("job_seeks") or die("cannot find the db");
$usernamejob = mysql_real_escape_string($_POST['usernamejob']);
$password = mysql_real_escape_string($_POST['password']);
$query = mysql_query("SELECT * FROM employee_user WHERE usernamejob='$usernamejob'");
$numrows = mysql_num_rows($query);
if ($numrows!=0)
{
while ($row = mysql_fetch_assoc($query))
{
$dbemployee_id = $row['employee_id'];
$dbusernamejob = $row['usernamejob'];
$dbpassword = $row['password'];
}
if ($usernamejob==$dbusernamejob&&$password==$dbpassword)
{
$_SESSION['employee_id']=$dbemployee_id;
$_SESSION['usernamejob']=$dbusernamejob;
}
echo "<META HTTP-EQUIV=Refresh CONTENT=\"0; URL=\"?page=index\">";
}
else
{
echo "<br />The username or password is incorrect. Please try again.<br>You will be redirected in 3 seconds<br />
<meta http-equiv='refresh' content='4;url=\"?page=index\"'><br />";
}
}
}
}
?>