login.php
Expand|Select|Wrap|Line Numbers
- if(isset($_POST['submit']))
- {
- include 'connection.php';
- $username = trim(addslashes($_POST['username']));
- $password = trim(addslashes($_POST['password']));
- if ($username != '' && $password != '')
- {
- $sql = "SELECT * FROM admin
- WHERE admin_username = '$username' AND admin_password = '$password'";
- $result = mysql_query($sql) or die('Query failed. ' . mysql_error());
- $row = mysql_fetch_array($result, MYSQL_ASSOC);
- if (mysql_num_rows($result) == 1)
- {
- $_SESSION['admin_name']=$row['admin_name'];
- $_SESSION['admin_addr']=$row['admin_addr'];
- $_SESSION['admin_position']=$row['admin_position'];
- $_SESSION['admin_ic']=$row['admin_ic'];
- if(isset($_SESSION['admin_username']) && $_SESSION['admin_username'] === TRUE )
- {
- print "<script>";
- print "window.alert('Welcome Admin'); self.location='admin.php';";
- print "</script>";
- }
- else
- {
- echo "<script languange = 'Javascript'>
- alert('please check again!!');
- location.href = 'login.php';</script>";
- }
- }
- }
- }
- if(isset($_POST['submit']))
- {
- include 'connection.php';
- $username = trim(addslashes($_POST['username']));
- $password = trim(addslashes($_POST['password']));
- if ($username != '' && $password != '')
- {
- $sql = "SELECT * FROM staff
- WHERE staff_username = '$username' AND staff_password = '$password'";
- $result = mysql_query($sql) or die('Query failed. ' . mysql_error());
- $row = mysql_fetch_array($result, MYSQL_ASSOC);
- if (mysql_num_rows($result) == 1)
- {
- $_SESSION['staff_name']=$row['staff_name'];
- $_SESSION['staff_addr']=$row['staff_addr'];
- $_SESSION['staff_position']=$row['staff_position'];
- $_SESSION['staff_ic']=$row['staff_ic'];
- if ($_SESSION['staff_username']=='staff_username')
- {
- print "<script>";
- print "window.alert('Welcome user'); self.location='user.php';";
- print "</script>";
- }
- else
- {
- echo "<script languange = 'Javascript'>
- alert('Please check again!!');
- location.href = 'login.php';</script>";
- }
- }
- }
- }
- ?>
the outcome will always be "please check again!" eventhough the username and password is correct.
why? :(