0

can you help me ..

<?php
    session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
    if (empty($_POST['ID']) || empty($_POST['password'])) {
        $error = "You must enter a username and password";
    }
    else
    {
        // Define $username and $password
        $date = date('m/d/y - h:i A');
        $ID=$_POST['ID'];
        $password=$_POST['password'];
        // To protect MySQL injection for Security purpose
        $ID = stripslashes($ID);
        $password = stripslashes($password);
        $ID = mysql_real_escape_string($ID);
        $password = mysql_real_escape_string($password);
        // Selecting Database
        $db = mysql_select_db($database, $connection);

        // SQL query to fetch information of registerd users and finds user match.
        $query = mysql_query("SELECT ID, password, pin, time FROM facultymember ".
                             "WHERE password='$password' AND ID='$ID'", $connection);



        $query2 = mysql_query("SELECT time FROM facultymember ".
                             "WHERE password='$password' AND ID='$ID'", $connection);
        $row = mysql_fetch_assoc($query);

        list($lastlogin) = mysql_fetch_row($query2);

        $update = mysql_query("UPDATE facultymember SET time=NOW() WHERE ID='$ID'",$connection);
        $_SESSION['lastlogin'] = $lastlogin;


         if (($_POST['ID']) != ($row['ID']) ||($_POST['password']) != ($row['password']) ) {
        $error = "You entered an invalid username or password, your attempt has been stored.";

         } else {

         if(false != $row){ // user info exists/correct
            $_SESSION['login_user'] = $row['ID'];

            if('1' == $row['pin']) { //not admin
                header("location: homeFM.php"); // Redirecting To Other Page
                die;
            } else { 
                //admin
                header("location: homeA.php"); // Redirecting To Other Page
                die;
            }
        } else { //login doesn't exist
            $error = "Username or Password is invalid";
        }
        $_SESSION['login_user'] = 1;
        mysql_close($connection); // Closing Connection
    }
}

}
?>

The above code is login code in PHP

How can I can attempt login for specific user ID?

i tried some ways to do that but did not succeed

note that : the code have connection to database , but i do not write here .

m.m.aljazaeri
  • 9
  • 3

2 Answers2

0

So just to correct you, the previous code you pasted already uses a database:

 // Selecting Database
    $db = mysql_select_db($database, $connection);

    // SQL query to fetch information of registerd users and finds user match.
    $query = mysql_query("SELECT ID, password, pin, time FROM facultymember ".
                         "WHERE password='$password' AND ID='$ID'", $connection);



    $query2 = mysql_query("SELECT time FROM facultymember ".
                         "WHERE password='$password' AND ID='$ID'", $connection);
    $row = mysql_fetch_assoc($query);

    list($lastlogin) = mysql_fetch_row($query2);

    $update = mysql_query("UPDATE facultymember SET time=NOW() WHERE ID='$ID'",$connection);
    $_SESSION['lastlogin'] = $lastlogin;

Your code is first checking if someone has tried to login to your website with a username and password: 

if (empty($_POST['ID']) || empty($_POST['password'])) {
    $error = "You must enter a username and password";
}
else
{ .... }

Then your code saved the username and password that the user wrote into two variables and did a bit of "cleaning":

    $date = date('m/d/y - h:i A');
    $ID=$_POST['ID'];
    $password=$_POST['password'];
    // To protect MySQL injection for Security purpose
    $ID = stripslashes($ID);
    $password = stripslashes($password);

NOW ANSWERING YOUR QUESTION: To login a user, you have to compare the users password and username to a stored password and username somewhere else. I highly recommend using a database to keep this stored information because it tends to be very sensative, and storing usernames and passwords in a text file is riskier and slower in terms of extracting that information when you need it. Now once you have compared the username and password, if they match, you can have the following code do whatever your website needs to do, and if they don't match, you display an error message saying they didn't match :).

Webeng
  • 7,050
  • 4
  • 31
  • 59
0

You will need to use a database.

If you do not have the login attempts stored in a database, how will you prevent the user from trying again from a different session or a different browser?

Very Important:

If you are storing passwords in a database, then PLEASE do not store them as plain text. You should hash the password and store the resulting value, then when the user attempts to login, hash the password they enter and compare the values to check for a match.

As a starter, please see Secure hash and salt for PHP passwords.

Community
  • 1
  • 1
Karl Gjertsen
  • 4,690
  • 8
  • 41
  • 64