Login Validation in php mysQL

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
engrjd91
Forum Newbie
Posts: 1
Joined: Fri May 09, 2014 5:45 am

Login Validation in php mysQL

Post by engrjd91 »

I have my 2 php pages, one is the login page and the other is the cms page. I need to login into my account, whenever i Give my id and password in the login form the page should first check in the database whether the user exists or not. If it does than i should login successfully else it should give me an error.

Now whenever I am trying to sign my id in, its always signing in with the name I enter in the login form. Means its also logging the persons in which are even not available in the database. Can some one guide me up? that where i am doing the mistake?

Here is my login.php.

Code: Select all

<!DOCTYPE html>
<html lang='en'>
<head>
    <meta charset="UTF-8" /> 
    <title>
        HTML Document Structure
    </title>
    <link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<div id="wrapper">
    <form name="login-form" class="login-form" action="../cms/cms.php" method="post">
        <div class="header">
        <h1>Login Form</h1>
        <span>Fill out the form below to login to my super awesome imaginary control panel.</span>
        </div>
        <div class="content">
        <input name="username" type="text" class="input username" placeholder="Username" />
        <div class="user-icon"></div>
        <input name="password" type="password" class="input password" placeholder="Password" />
        <div class="pass-icon"></div>     
        </div>
        <div class="footer">
        <input type="submit" name="button" value="submit" class="button" />
        <a href="../qmc-reg/reg.php" style="color:#000" >  Register</a>
        </div>
    </form>
</div>
<div class="gradient"></div>
</body>
</html>
CMS.php

Code: Select all

<?php session_start(); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="style.css" />
<title>QMC Home</title>
</head>
<body>
<?php
$connection = mysql_connect('localhost','root','');
if(!$connection){
    die("Database Connection Failed". mysql_error());
    }
$select_db = mysql_select_db('hamdard_attendance');
if(!$select_db){
    die("Database Connection Failed" . mysql_error());
    }
if(isset($_POST['username']) && isset($_POST['password'])){
$username = $_POST['username'];
$password = $_POST['password'];
$query_one = "SELECT * FROM users WHERE user_name = '".$username."' AND user_pass = '".$password."' LIMIT 1";
$result = mysql_query($query_one) or die(mysql_error());
$count = mysql_num_rows($result);
if ($count == 1){
$final_result = mysql_fetch_array($result);
$_SESSION['username'] = $username;
}else{
echo "Invalid Login Credentials.";
}
}
if (isset($_SESSION['username'])){
$username = $_SESSION['username'];
}
?>
<div id="container">
        <div id="header">
            <h1 style="text-align:left">Quality Management<span class="off"> Cell</span></h1>
        </div>   
        <div id="menu">
            <ul>
                <li class="menuitem"><a href="cms.php">Home</a></li>
                <li class="menuitem"><a href="cms-attendance.php">Attendance</a></li>
                <li class="menuitem"><a href="cms-courses.php">Courses</a></li>
                <li class="menuitem"><a href="cms-settings.php">Settings</a></li>
            </ul>
            <a style="text-align:right" href="cms-logout.php">Logout</a>
        </div>
        </div>        
        <div id="content">
        <div id="content_top"></div>
        <div id="content_main">
<?php echo "<h2> Welcome ".$username."</h2>"?>
<?php 
$connection = mysql_connect('localhost','root','');
if(!$connection){
    die("Database Connection Failed". mysql_error());
    }
$select_db = mysql_select_db('hamdard_attendance');
if(!$select_db){
    die("Database Connection Failed" . mysql_error());
    }
//if(isset($_POST['stdnt_name']) && isset($_POST['course_name']) && isset($_POST['stdnt_rfid_tag']) && isset($_POST['student_id']) && isset($_POST['course_id'])){
//$sname = $_POST['stdnt_name'];
//$cname = $_POST['course_name'];
//$rfid_code = $_POST['stdnt_rfid_tag'];
//$sid = $_POST['student_id'];
//$cid = $_POST['course_id'];
/*$query_two ="SELECT c.course_name, sa.st_classes_attempt FROM students s INNER JOIN student_attendance sa ON s.stdnt_rfid_tag = sa.st_id INNER JOIN courses c ON sa.c_name = c.course_name";
            $result_attendance = mysql_query($query_two) or die(mysql_error());
                        while($row = mysql_fetch_array($result_attendance)){
                                    echo "<br />";
                                    echo $row['course_name']. " " . $row['st_classes_attempt'] ."<br/ >";
                        }*/
$query_three = "SELECT s.stdnt_name, c.course_name FROM students s inner JOIN student_courses sc ON sc.student_id = s.stdnt_rfid_tag INNER JOIN users u ON s.stdnt_name = u.name INNER JOIN courses c ON c.course_id = sc.course_id where u.user_name = '".$username."'"; 
$result_attendance3 = mysql_query($query_three) or die(mysql_error());
                                    echo "<table border='1': border-color: silver;'>";
                                    echo "<tr>";
                                    echo "<td align='center' width='200'>" . "<h4>"."Student Name" ."</h4>". "</td>";
                                    echo "<td align='center' width='200'>". "<h4>"."Course Name" ."</h4>". "</td>";
                                    echo "</tr>";
                                    echo "</table>";
                        while($row = mysql_fetch_array($result_attendance3)){
                                    echo "<br />";
                                    //echo "<td align='center' width='200'>".$row['st_classes_attempt'] . "</td>";
                                    echo "<table border='1': border-color: silver;'>";
                                    echo "<tr>";
                                    echo "<td align='center' width='200'>".$row['stdnt_name'] . "</td>";
                                    echo "<td align='center' width='200'>".$row['course_name'] . "</td>";
                                    //echo "<td align='center' width='200'>".$row['st_classes_attempt'] . "</td>";
                                    echo "</tr>";
                                    echo "</table>";
} 
/*$query_three = "SELECT sc.stdnt_name, sa.st_classes_attempt FROM students s INNER JOIN student_attendance sa ON s.stdnt_rfid_tag = sa.st_id";
            $result_attendance2 = mysql_query($query_three) or die(mysql_error());
                        while($row = mysql_fetch_array($result_attendance2)){
                                    echo "<br />";
                                    echo "<h3> User Summary:</h3> <br />";
                                    echo $row['stdnt_name']."   =   ".$row['st_classes_attempt']."<br/ >";
}
*/
?>
            <p>&nbsp;</p>
            <p>&nbsp;</p>
        <div id="content_bottom"></div>
      </div>
   </div>
</body>
</html>
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: Login Validation in php mysQL

Post by Celauran »

You're handling the login after you've already loaded the target page and failed logins are only displaying a message. Try handling the login before reaching the target page and only redirecting successful logins.
Post Reply