So, this is how I'm checking the username and password:
Expand|Select|Wrap|Line Numbers
- <?php
- session_start();
- include ('includes/DbCon.php');
- // username and password sent from form
- $user=$mysqli->real_escape_string($_POST['user']);
- $password=$mysqli->real_escape_string($_POST['password']);
- $sql="SELECT * FROM xyz WHERE user='$user' and password='$password'";
- $result=$mysqli->query($sql);
- // Mysqli_num_rows is counting table rows
- if(mysqli_num_rows($result) == 1){
- $row = mysqli_fetch_array($result, MYSQLI_BOTH);
- // Register $user, $password and redirect to admin area
- $_SESSION['user']=="admin";
- $_SESSION['password']=="password";
- echo '<script type="text/javascript">';
- echo 'document.location.href = "/pc.v.2/admin.php";';
- echo '</script>';
- }
- else {
- echo '<script type="text/javascript">';
- echo 'alert("Invalid Username or Password");';
- echo 'history.back();';
- echo '</script>';
- }
- mysqli_close($mysqli);
- ?>
Expand|Select|Wrap|Line Numbers
- <?php
- session_start();
- if(!isset($_SERVER['PHP_AUTH_USER'])) {
- header("location:login.php");
- }
- else{
- echo '<script type="text/javascript">document.getElementsByClassName("login").innerHTML="Logout";</script>';
- echo "</script>";
- }
- ?>