4 Replies - 437 Views - Last Post: 11 May 2013 - 03:38 PM Rate Topic: -----

#1 ankit1990rana  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 3
  • Joined: 11-May 13

Is there any error in this code?

Posted 11 May 2013 - 08:42 AM

This code works on my computer but not on my friend's , my teacher says it has an error, and I am sure it is perfect, it is the code of a lo-gin page.
<?php
session_start();
require "header.php";
mysql_connect("localhost","root","") or die("Can't Connect Database");

mysql_select_db("himanshu") or die("Database Problem");

head();

if(isset($_POST['login'])){
$intake = $_POST['intake'];
$password = $_POST['password'];
$type=$_POST['type'];
if(!empty($intake)&&!empty($password)){


$query = "SELECT * FROM `register` WHERE `intake`='$intake' AND `password`='$password'";

$result = mysql_query($query);
if($type=='Student'||$type=='student'){
if( mysql_num_rows($result)==1){
	$user=mysql_result($result,0,'intake');
	$_SESSION['user']=$user;
	header("Location: home.php");
}
else if(mysql_num_rows($result)==0){
	echo '<script>alert("Please Enter Valid Intake Id & Password");</script>';

}
}elseif($type=='teacher'||$type=='Teacher'){
$teacher=mysql_result($result,0,'intake');
	$_SESSION['teacher']=$teacher;
	header("Location: home_c.php");
}elseif($type=='Admin'||$type=='admin'){
$admin=mysql_result($result,0,'intake');
	$_SESSION['admin']=$admin;
	header("Location: home_b.php");
}elseif($type=='cordinator'||$type=='Cordinator'){
$cordinator=mysql_result($result,0,'intake');
	$_SESSION['cordinator']=$cordinator;
	header("Location: home_a.php");
}
}
else {
	echo '<script>alert("Please Enter All Fields");</script>';
}
}
headend();
?>
<div id="side" >
<img src="logo_feedback.jpg" ><br>
<img src="images.jpg"><br>
<img src="logo_tracking.jpg">
</div>
<div id="login">
<form id="form1" name="form1" method="post" action="Login.php">
<table width="468" height="25" border="0" align="center">
    <tr>
      <td >&nbsp;</td>
      <td >Log In to access your accout</td>
    </tr>
    <tr>
      <td>Intake Id</td>
      <td> <input type="text" name="intake"  /></td>
    </tr>
    <tr>
      <td> Password</td>
      <td><input type="password" name="password"  /></td>
    </tr>
    <tr>
    <td>User Type</td>
      <td><select name="type">
      <option value="admin">Admin</option>
      <option value="teacher">Faculty</option>
      <option value="cordinator">Program Coordinator</option>
      <option value="Student">Student</option></select></td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td><input type="submit" name="login" value="Login" /></td>
    </tr>
    <tr>
      <td> </td><br />
      <td><a href="register.php" target="_new">Register </a> if you do not have account.</td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td>&nbsp;</td>
    </tr>
  </table> 
  </fieldset>
  </form>
  </div>


This post has been edited by Atli: 11 May 2013 - 09:07 AM
Reason for edit:: Fixed the [code] tags.


Is This A Good Question/Topic? 0
  • +

Replies To: Is there any error in this code?

#2 Atli  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3712
  • View blog
  • Posts: 5,964
  • Joined: 08-June 10

Re: Is there any error in this code?

Posted 11 May 2013 - 09:06 AM

Moved to the PHP forum. Try to post your questions in the appropriate forums.
Was This Post Helpful? 0
  • +
  • -

#3 Atli  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3712
  • View blog
  • Posts: 5,964
  • Joined: 08-June 10

Re: Is there any error in this code?

Posted 11 May 2013 - 09:19 AM

At a glance, I can tell you with certainty that this code is far from perfect.

For one, the style is a complete mess; just the lack of coherent indentation makes it painful to read.

Another issue is it's vulnerability to SQL Injection. Imagine what would happen if I were to pass a valid intake ID of somebody with, say, admin privileges, and then this as the password: ' OR 1='1. You're basically giving any amateur script kiddie access to all your user accounts.

And on a similar note, the old MySQL API functions are deprecated. (mysql_connect, mysql_query, etc...) These days you should use PDO or MySQLi, with prepared statements to avoid SQL Injection.

Quote

This code works on my computer but not on my friend's , my teacher says it has an error...

If your teacher says there is an error and it only works intermittently, why do you doubt it?

More to the point. What is the problem exactly? How is it not working? What happens that shouldn't be happening; what isn't happening that should be? - Debugging tends to be easier when you know the problem.
Was This Post Helpful? 0
  • +
  • -

#4 Slice  Icon User is online

  • sudo pacman -S moneyz


Reputation: 242
  • View blog
  • Posts: 702
  • Joined: 24-November 08

Re: Is there any error in this code?

Posted 11 May 2013 - 03:21 PM

Does your friend computer have a database set up with the same login credentials and permissions? Enable error reporting to help find the problem.

error_reporting(E_ALL); //near top of your code


Was This Post Helpful? 0
  • +
  • -

#5 andrewsw  Icon User is offline

  • Fire giant boob nipple gun!
  • member icon

Reputation: 3243
  • View blog
  • Posts: 10,882
  • Joined: 12-December 12

Re: Is there any error in this code?

Posted 11 May 2013 - 03:38 PM

This combination is usually recommended:

error_reporting(E_ALL);
ini_set('display_errors', '1');

which will report all errors and force their display. Of course, this should be turned off in production code.
Was This Post Helpful? 1
  • +
  • -

Page 1 of 1