Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <form Name ="form1" Method ="POST" ACTION = "userlogin.php" id="form1">
- <div id="main_body" class="full-width">
- <label>Username:</label>
- <input type = "text"
- id = "usernameLogin"
- name="pat_username">
- <label>Password:</label>
- <input type = "password"
- id = "passwordLogin"
- name="pat_password">
- <input type="submit" onclick="click_button_login()" value="Login" name="submit" id="submit"/>
- </div>
- </form>
- <?php
- if(isset($_POST["submit"])){
- $servername = "localhost";
- $username = "root";
- $password = "";
- $dbname = "dbname";
- // Create connection
- $conn = new mysqli($servername, $username, $password, $dbname);
- //Check connection
- if ($conn->connect_error) {
- die("Connection failed: " . $conn->connect_error);
- }
- $newUsername = mysqli_real_escape_string($conn, $_POST['pat_username']);
- $newPassword = mysqli_real_escape_string($conn, $_POST['pat_password']);
- $result = $conn->query("SELECT * FROM tablename WHERE patient_username ='$newUsername' AND patient_password='$newPassword'");
- if (mysqli_num_rows($result)) {
- header("Location: mainmenu.html");
- }
- else
- {
- header("Location: index.html");
- }
- $conn->close();
- }
- ?>
- if(isset($_POST["submit"]))
- if ((isset($_POST["pat_username"]))&&(isset($_POST["pat_password"])))
- Your form, you should working on security and eliminating auto submission, this eliminates auto submission as form contains SESSION_ID() which are unique on web browsing session.
- <Form Name ="form1" Method ="POST" ACTION = "userlogin.php" id="form1">
- <div id="main_body" class="full-width">
- <br>
- <br>
- <label>Username:</label>
- <input type = "text"
- id = "usernameLogin"
- name="pat_username"> <br>
- <br> <label>Password:</label>
- <input type = "password"
- id = "passwordLogin"
- name="pat_password"> <br><button value="<?php echo session_id() ?>" type="submit" name="login_check">Login</button>
- </div>
- </Form>
- ##SPRINTF EXAMPLE CODE
- //$query = sprintf('SELECT * FROM TABLE WHERE username = "%s" AND password = "%s"',mysql_real_escape_string($username),mysql_real_escape_string($password));
- #### EXAMPLE END HERE##
- <?php
- if(isset($_POST["login_check"]) && $_POST['login_check']==session_id()){
- $servername = "localhost";
- $username = "root";
- $password = "";
- $dbname = "dbname";
- // Create connection
- $conn = new mysqli($servername, $username, $password, $dbname);
- //Check connection
- if ($conn->connect_error) {
- die("Connection failed: " . $conn->connect_error);
- }
- $newUsername = mysqli_real_escape_string($conn, $_POST['pat_username']);
- $newPassword = mysqli_real_escape_string($conn, $_POST['pat_password']);
- $result = $conn->query("SELECT * FROM tablename WHERE patient_username ='$newUsername' AND patient_password='$newPassword'");
- if (mysqli_num_rows($result)) {
- header("Location: mainmenu.html");
- }
- else
- {
- header("Location: index.html");
- }
- $conn->close();
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement