0

im having trouble accessing profile page after login and I also have another problem I have login data such as email and password in a different database and table name profile information is in another database and table name how can they be connected to retrieve profile information how can these problems be resolved?

here is my login php

 <?php

  include('com.php');

  // Connect to server and select databse.

  mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
  mysql_select_db("$db_name")or die("cannot select DB");


   // username and password sent from form 

  $email=$_POST['email']; 
  $password=$_POST['password']; 

 // To protect MySQL injection (more detail about MySQL injection)

   $email = stripslashes($email);

   $password = stripslashes($password);

   $email = mysql_real_escape_string($email);

   $password = mysql_real_escape_string($password);

   $sql="SELECT * FROM $tbl_name WHERE email='$email' and password='$password'";

   $result=mysql_query($sql);

   // Mysql_num_row is counting table row

   $count=mysql_num_rows($result);

  // If result matched $email and $password, table row must be 1 row

  if($count==1){

   // Register $email, $password and redirect to file "report.php"

   session_register("email");
   session_register("password"); 
   header("location:profile.php");

  }

 else {

   echo "Wrong Username or Password";

 }

 ?>
Luis LL
  • 2,912
  • 2
  • 19
  • 21
tazmania
  • 19
  • 2
  • 9
  • *sidenote:* stop using deprecated `mysql_*` functions. use MySQLi or PDO instead. – Raptor Sep 03 '13 at 03:34
  • please reformulate your question,also what do you see as result – Charaf JRA Sep 03 '13 at 03:39
  • 1
    expanding on @ShivanRaptor's sidenote: [How can I prevent SQL injection in PHP?](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) and [Why shouldn't I use mysql_* functions in PHP?](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). Also assuming `$password=$_POST['password'];` is the password in plaintext, it's **really** insecure. You may want to read up on _hashing_. –  Sep 03 '13 at 03:52
  • @user2062950 hashing is inadequate for password, as reverse engineering is common for hashing methods like MD5 & SHA1. consider using `mcrypt` PHP libraries. – Raptor Sep 03 '13 at 04:32
  • 1
    @ShivanRaptor good point, I wasn't suggesting MD5 or SHA1 specifically, but the choice of method is important. there's good info in this question: [Secure hash and salt for PHP passwords](http://stackoverflow.com/questions/401656/secure-hash-and-salt-for-php-passwords) –  Sep 03 '13 at 04:40

0 Answers0