/checklogin.php
PHP | 42 lines | 28 code | 9 blank | 5 comment | 3 complexity | 8a9320ec68ada3593449142b35fc071e MD5 | raw file
- <?php
- session_start();
- include("lib/db.class.php");
- include_once "config.php";
- $db = new DB($config['database'], $config['host'], $config['username'], $config['password']);
- $tbl_name="stock_user"; // Table name
- // username and password sent from form
- $myusername=$_REQUEST['username'];
- $mypassword=$_REQUEST['password'];
-
- // To protect MySQL injection (more detail about MySQL injection)
- $myusername = stripslashes($myusername);
- $mypassword = stripslashes($mypassword);
- $myusername = mysqli_real_escape_string($db->getConnection(),$myusername);
- $mypassword = mysqli_real_escape_string($db->getConnection(),$mypassword);
-
- $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'" ;
- $result=mysqli_query($db->getConnection(),$sql) or die("Error al procesar consulta");
-
-
- // Mysql_num_row is counting table row
- $count=mysqli_num_rows($result);
- // If result matched $myusername and $mypassword, table row must be 1 row
- if($count==1){
- // Register $myusername, $mypassword and redirect to file "dashboard.php"
- $row = mysqli_fetch_row($result);
-
- $_SESSION['id']=$row[0];
- $_SESSION['username']=$row[1];
- $_SESSION['usertype']=$row[3];
-
- if($row[3]=="admin")
- header("location:dashboard.php");
- else
- die("Not Valid User Type. Check with your application administartor");
- }else {
- header("location:index.php?msg=Wrong%20Username%20or%20Password&type=error");
- }
- ?>