Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // mysql_connect is deprecated and not secure
- // You can pass the DB name as the fourth argument of mysqli_connect
- $conn = mysqli_connect('localhost','accounting','', 'ffdbR4fsa');
- if (! isset($_SESSION)) {
- session_start();
- }
- ?>
- <form action="" method="post">
- <table width="50%" border="0">
- <tr>
- <td><h3>Admin Log In</h3></td>
- </tr>
- <tr>
- <td><label>Username</label><input type="text" name="username" placeholder="Username"></td>
- </tr>
- <tr>
- // Password type was missing
- <td><label>Password</label><input type="password" name="password" placeholder="Password"></td>
- </tr>
- </table>
- <input type="submit" value="Log In" name="s">
- </form>
- <?php
- if (isset($_POST['s'])) {
- // the post field must match the input field name, changed to username to match
- $user = $_POST['username'];
- $pass = $_POST['password'];
- // again mysq_query is deprecated
- $result = mysqli_query($conn, "select * from admin_list where user_name ='$user' and password = '$pass'");
- // agai mysq_num_rows is deprecated
- if (mysqli_num_rows($result) === 1) {
- $_SESSION['is_admin'] = True;
- $_SESSION['user'] = $user;
- echo "Logged in as $user";
- } else {
- $_SESSION['is_admin'] = False;
- $_SESSION['user'] = NULL;
- echo 'Invalid login or password';
- }
- }
- // Remove the closing tags, just a good practice so another file can continue
- // Some ; were missing too
Add Comment
Please, Sign In to add comment
