Izzatur Rahman Posted December 7, 2014 Share Posted December 7, 2014 Hello there..I need some help regarding on my project..I'm having problem with my login...I cannot go through the next page when login..I'm using session because need to drag all user's info till they logout from the system.. I need your help to figure it out because I'm lost..Here's the code..The code given to you is the process for the login... Thanks for your help..<?phpsession_start();?><?php$db = "penyelenggaraan";$link = mysql_connect('localhost', 'root', '');if (!$link) die(mysql_error());mysql_select_db($db ,$link)or die("Couldn't open $db: " .mysql_error());$id=$_POST['id'];$password=$_POST['password'];$a="SELECT FROM admin WHERE id='$id', password='$password'";$result=mysql_query($a);$count=mysql_num_rows($result);if($count > 0){header("Location: admin_option.php");}else{header("Location: admin.php");}mysql_close($link);?> Link to comment Share on other sites More sharing options...
Ingolme Posted December 7, 2014 Share Posted December 7, 2014 There are multiple problems. First of all, your SQL query might not work because you should be using the AND operator in your query: WHERE id='$id' AND password='$password' Secondly, the mysql library is deprecated due to security vulnerabilities. Use MySQLi or PDO Third, and very important, you're wide open for hacking. You have not sanitized the data coming from the user, so they can easily get in without a password. Search for "SQL injection" on your favorite search engine. If they use "' OR 1" as their ID they can access your secret page without needing a password I hope your page admin_option.php is checking to make sure that the user is logged in before showing anything. If not, people can simply type admin_option.php in their browser and get to the page, bypassing the login system. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now