below is my code.
Expand|Select|Wrap|Line Numbers
- <?php
- ob_start();
- $host="localhost"; // Host name
- $username="root"; // Mysql username
- $password="root"; // Mysql password
- $db_name="test"; // Database name
- $tbl_name="user"; // Table name
- // Connect to server and select databse.
- mysql_connect("$host", "$username", "$password")or die("cannot connect");
- mysql_select_db("$db_name")or die("cannot select DB");
- // Define $myusername and $mypassword
- $myusername=$_POST['myusername'];
- $mypassword=$_POST['mypassword'];
- // To protect MySQL injection (more detail about MySQL injection)
- $myusername = stripslashes($myusername);
- $mypassword = stripslashes($mypassword);
- $myusername = mysql_real_escape_string($myusername);
- $mypassword = mysql_real_escape_string($mypassword);
- //$sql="SELECT * FROM $tbl_name WHERE user_name='$myusername' and password='$mypassword'";
- //$result=mysql_query($sql);
- $query = "SELECT * FROM `user` WHERE user_name = '$myusername'
- AND password = '$mypassword'";
- /* query the database */
- $result = mysql_query($query);
- mysql_close();
- /* Allow access if a matching record was found, else deny access. */
- if (mysql_fetch_row($result)) {
- /* access granted */
- session_start();
- header("Cache-control: private");
- $_SESSION["access"] = "authorized";
- //echo"success";
- header("Location:admin.php");
- } else
- /* access denied – redirect back to login */
- echo '<html>
- <head>
- <title></title>
- <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
- <META HTTP-EQUIV="refresh" CONTENT="5;URL=main_login.php">
- </head>
- <body bgcolor="black">
- <h1 style="color:red" align="center">ACCESS DENIED !!</h1>
- <p style="color:red" align="center">You have provided invalid login information.
- <br />Your IP address has been logged
- <br /></p>
- </body>
- </html>
- ';
- //header("Location: ./admin_login.php");
- ?>
Expand|Select|Wrap|Line Numbers
- <?
- session_start();
- header("Cache-control: private");
- $access = $_SESSION["access"];
- if ($access != "authorized"){
- header("Location: main_login.php");
- die;
- }
- echo "<font color='#FFFFFF'><strong><a href='logout.php'>LOGOUT</a></strong></font>";
- echo"<br/>";
- echo"<br/>";
- ?>
- <html>
- <body>
- <b>welcome to the admin page.....!</b><br/><br/><br/>
- <?php
- $host="localhost"; // Host name
- $username="root"; // Mysql username
- $password="root"; // Mysql password
- $db_name="test"; // Database name
- //$tbl_name="question"; // Table name
- // Connect to server and select databse.
- mysql_connect("$host", "$username", "$password")or die("cannot connect");
- mysql_select_db("$db_name")or die("cannot select DB");
- $query="select * from subject";
- $result=mysql_query($query) or die ("Error in query: $query. ".mysql_error());
- while($nt=mysql_fetch_array($result)){
- $var=$nt[subject_code];
- $sub=$nt[Name];
- //echo $var;
- echo "$nt[subject_code]"." <a href='entry.php?code=$var&Name=$sub'> $nt[Name]</a><br/>";// subject code and subject name will be printed with one line break at the end
- }
- //<a href="add.html"><input type ="button" name="add" value="Add Question"></a>
- // <a href="update.html"><input type ="button" name="Update" value="Update Question"></a>
- //<a href="delete.html"><input type ="button" name="delete" value="Delete Question"></a>
- ?>
- </body>
- </html>