<?php //Start session session_start(); //Include database connection details require_once('config.php'); //Array to store validation errors $errmsg_arr = array(); //Validation error flag $errflag = false; //Connect to mysql server $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $user_email = clean($_POST['user_email']); $pwd = clean($_POST['password']); //Input Validations if($user_email == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($pwd == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: login-form.php"); exit(); } //Create query $qry="SELECT * FROM customer WHERE user_email='$user_email' AND password='$pwd' "; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $customer = mysql_fetch_assoc($result); $_SESSION['SESS_id'] = $customer['id']; $_SESSION['SESS_fname'] = $customer['first_name']; $_SESSION['SESS_lname'] = $customer['last_name']; if (isset($_SESSION['SESS_user_email']) && $_SESSION['user_email'] == "harpuneet12@yahoo.com"){ header("Location:admin-index.php"); } else { session_write_close(); header("location: member-index.php"); exit(); }else { //Login failed header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?>
header("location: member-index.php"); exit();
var
This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)