Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // PHP code
- session_start();
- //connected to db
- // required variables (make them explciit no need for foreach loop)
- $teacherusername = (isset($_POST['teacherusername'])) ? $_POST['teacherusername'] : '';
- $teacherpassword = (isset($_POST['teacherpassword'])) ? $_POST['teacherpassword'] : '';
- $loggedIn = false;
- if (isset($_POST['submit'])) {
- $teacherpassword = md5(md5("j3Jf92".$teacherpassword."D203djS"));
- // don't use $mysqli->prepare here
- $query = "SELECT * FROM Teacher WHERE TeacherUsername = ? AND TeacherPassword = ? LIMIT 1";
- // prepare query
- $stmt=$mysqli->prepare($query);
- // You only need to call bind_param once
- $stmt->bind_param("ss",$teacherusername,$teacherpassword);
- // execute query
- $stmt->execute();
- // get result and assign variables (prefix with db)
- $stmt->bind_result($dbTeacherForename,$dbTeacherSurname,$dbTeacherUsername,$dbTeacherPassword);
- while($stmt->fetch()) {
- if ($teacherusername == $dbTeacherUsername && $teacherpassword == $dbTeacherPassword) {
- $loggedIn = true;
- }
- }
- if ($loggedIn == true){
- // left your session code as is - but think wisely about using
- $_SESSION['teacherforename'] = $dbTeacherForename;
- $_SESSION['teachersurname'] = $dbTeacherSurname;
- header( 'Location: menu.php' ) ;
- die();
- }
- /* close statement */
- $stmt->close();
- /* close connection */
- $mysqli->close();
- }
- ?>
- SELECT TeacherForname, TeacherSurname, TeacherUsername, TeacherPassword FROM Teacher WHERE TeacherUsername = ? AND TeacherPassword = ? LIMIT 1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement