Login
Tested Log
<?php
include('connection.php');
$username = $_POST['user'];
$password = $_POST['pass'];
//to prevent from mysqli injection
$username = stripcslashes($username);
$password = stripcslashes($password);
$username = mysqli_real_escape_string($con, $username);
$password = mysqli_real_escape_string($con, $password);
$sql = "select * from login where User = '$username' and Password = '$password'";
$result = mysqli_query($con, $sql);
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
$count = mysqli_num_rows($result);
if($count == 1){
header("location: BL1.php");
}
else{
echo "<h1> Login failed. Invalid username or password.</h1>";
}
?>
From Web
<?php
include('DBC.php');
if(isset($_POST['bt1'])){
$Pass = $_POST['Pass'];
if(empty($_POST['User']) || empty($_POST['Pass'])){
echo' Pass and name needed';
}
else{
$User = $_POST['User'];
$Pass = $_POST['Pass'];
$sql = "select * from login where User = '$User' and Password = '$Pass' ";
$query = mysqli_query($con, $sql);
if($row = mysqli_fetch_object($query)){
if($row->Status == 'Admin'){
header("location: MainAdmin.php");
mysql_close($con);
}
else if($row->Status == 'Student'){
switch($User){
case 'year1M1':
header("location: BL1.php");
break;
case 'year1M2':
header("location: BL2.php");
break;
case 'year2M1':
header("location: BL3.php");
break;
case 'year2M2':
header("location: BL4.php");
break;
case 'year3M1':
header("location: BL5.php");
break;
default:
echo 'ໃສ່ຂໍ້ມູນບໍ່ຖືກຕ້ອງ';
break;
}
}
else{$error='ຂໍ້ມູນບໍ່ຖືກຕ້ອງ';}
}
else{$error='ຊື່ແລະລະຫັດບໍ່ຖືກຕ້ອງ';}
}
}
?>
Hash and salt
https://www.youtube.com/watch?v=Wu6RNXDIHn8in
Form Design
https://stackoverflow.com/questions/54469576/float-login-form-to-right-of-the-nav