Note:
"The password will be double md5 converted, which will be put offline in the SQL"
INSERT CODE:
INSERT INTO 'login'('id','username','password')VALUES(1,"ABC",md5(md5("abc"))));
THIS IS MY login.php PAGE
Code: Select all
<?php
error_reporting(0);
session_start();
include_once 'oesdb.php';
if($_REQUEST['submit'])
{
$result = executeQuery("select username as std from login where username='".htmlspecialchars(preg_replace('/[^A-Za-z0-9\. -]/', '...',($_REQUEST
['loginid'])),ENT_QUOTES)."' and password= '".htmlspecialchars(md5(md5($_REQUEST['pass'])),ENT_QUOTES)."';");
if(mysql_num_rows($result)>0)
{
$r=mysql_fetch_array($result);
if(strcmp(htmlspecialchars($r['std'],ENT_QUOTES),(htmlspecialchars($_REQUEST['pass'],ENT_QUOTES)))==0)
{
$_SESSION['loginid']=htmlspecialchars($r['username'],ENT_QUOTES);
$_SESSION['user_id']=$r['id'];
unset($_GLOBALS['message']);
header('Location: index.php');
}
else
{
$_GLOBALS['message']="Check Your user name and Password.";
}
}
else
{
$_GLOBALS['message']="Check Your user name and Password.";
}
closedb();
}
?>
<?php
if(isset($_SESSION['loginid']))
{
header('Location: index.php');
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title></title>
<body>
<div>
<form method="post" action="">
<div>
<div>
<span class="errors">
<?php
if($_GLOBALS['message'])
{
echo "<div class=\"message\">".$_GLOBALS['message']."</div>";
}
?>
</span>
</div>
<div>
<span><i></i></span>
<input type="text" name="loginid" placeholder="Username" autofocus>
</div>
<div>
<span><i></i></span>
<input type="password" name="pass" placeholder="Password">
</div>
<label class="checkbox" style="margin-left: 20px;">
<input type="checkbox" value="remember-me"> Remember me
</label>
<button class="btn btn-primary btn-lg btn-block" type="submit" name="submit" id="submit">Login</button>
</div>
</form>
</div>
</body>
</html>
<?php
THIS IS MY oesdb.php PAGE...
include_once 'dbsettings.php';
$conn=false;
function executeQuery($query)
{
global $conn,$dbserver,$dbname,$dbpassword,$dbusername;
global $message;
if (!($conn = @mysql_connect ($dbserver,$dbusername,$dbpassword)))
$message="Cannot connect to server";
if (!@mysql_select_db ($dbname, $conn))
$message="Cannot select database";
$result=mysql_query($query,$conn);
if(!$result)
$message="Error while executing query.<br/>Mysql Error: ".mysql_error();
else
return $result;
}
function closedb()
{
global $conn;
if(!$conn)
mysql_close($conn);
}
?>
THIS IS dbsettings.php PAGE
<?php
//This is the name of your server where the MySQL database is running
$dbserver="localhost";
//username of the MySQL server
$dbusername="root";
//password
$dbpassword="";
//database name of the online Examination system
$dbname="examination";
?>PLEASE GIVE ME FULL MODIFIED CODE..
OR MAIL ME TO rameshwar129@gmail.com