Hayford
September 14, 2022, 9:31am
1
kstuhallbooking.42web.io
<?php
session_start();
include('dbconn.php');
if(isset($_POST['login']))
{
$email=$_POST['email'];
$password=$_POST['password'];
$password = md5($password);
$stmt=$mysqli->prepare("SELECT email,password,id FROM userregistration WHERE email=? and password=? ");
$stmt->bind_param('ss',$email,$password);
$stmt->execute();
$stmt -> bind_result($email,$password,$id);
$rs=$stmt->fetch();
$stmt->close();
$_SESSION['id']=$id;
$_SESSION['login']=$email;
$uip=$_SERVER['REMOTE_ADDR'];
$ldate=date('d/m/Y h:i:s', time());
if($rs){
$uid=$_SESSION['id'];
$uemail=$_SESSION['login'];
$ip=$_SERVER['REMOTE_ADDR'];
$geopluginURL='http://www.geoplugin.net/php.gp?ip='.$ip;
$addrDetailsArr = unserialize(file_get_contents($geopluginURL));
$city = $addrDetailsArr['geoplugin_city'];
$country = $addrDetailsArr['geoplugin_countryName'];
$log="insert into userLog(userId,userEmail,userIp,city,country) values('$uid','$uemail','$ip','$city','$country')";
$mysqli->query($log);
if($log){
header("location:student/dashboard.php");
}
} else {
echo "";
}
}
?>
Hostel Management System
<script type="text/javascript">
function valid() {
if(document.registration.password.value!= document.registration.cpassword.value){
alert("Password and Re-Type Password Field do not match !!");
document.registration.cpassword.focus();
return false;
}
return true;
}
</script>
<!-- ============================================================== -->
<!-- Login box.scss -->
<!-- ============================================================== -->
<div class="auth-wrapper d-flex no-block justify-content-center align-items-center position-relative"
style="background:url(../assets/images/big/auth-bg.jpg) no-repeat center center;">
<div class="auth-box row">
<div class="col-lg-7 col-md-5 modal-bg-img" style="background-image: url(assets/images/hostel-img.jpg);">
</div>
<div class="col-lg-5 col-md-7 bg-white">
<div class="p-3">
<div class="text-center">
<img src="assets/images/big/icon.png" alt="wrapkit">
</div>
<h2 class="mt-3 text-center">Student Login</h2>
<form class="mt-4" method="POST">
<div class="row">
<div class="col-lg-12">
<div class="form-group">
<label class="text-dark" for="uname">Email</label>
<input class="form-control" name="email" id="uname" type="email"
placeholder="Enter your email" required>
</div>
</div>
<div class="col-lg-12">
<div class="form-group">
<label class="text-dark" for="pwd">Password</label>
<input class="form-control" name="password" id="pwd" type="password"
placeholder="Enter your password" required>
</div>
</div>
<div class="col-lg-12 text-center">
<button type="submit" name="login" class="btn btn-block btn-dark">LOGIN</button>
</div>
<div class="col-lg-12 text-center mt-5">
<a href="admin/index.php" class="text-danger">Go to Admin Panel</a>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
<!-- By CodeAstro - codeastro.com -->
<!-- ============================================================== -->
<!-- Login box.scss -->
<!-- ============================================================== -->
</div>
<!-- ============================================================== -->
<!-- All Required js -->
<!-- ============================================================== -->
<script src="assets/libs/jquery/dist/jquery.min.js "></script>
<!-- Bootstrap tether Core JavaScript -->
<script src="assets/libs/popper.js/dist/umd/popper.min.js "></script>
<script src="assets/libs/bootstrap/dist/js/bootstrap.min.js "></script>
<!-- ============================================================== -->
<!-- This page plugin js -->
<!-- ============================================================== -->
<script>
$(".preloader ").fadeOut();
</script>
I always get the else statement “Sorry, Invalid Username/Email or Password!” when done online. But when i run it on my localhost it runs without the alert statement.
Hayford
September 14, 2022, 9:32am
2
<?php
session_start();
include('dbconn.php');
if(isset($_POST['login']))
{
$email=$_POST['email'];
$password=$_POST['password'];
$password = md5($password);
$stmt=$mysqli->prepare("SELECT email,password,id FROM userregistration WHERE email=? and password=? ");
$stmt->bind_param('ss',$email,$password);
$stmt->execute();
$stmt -> bind_result($email,$password,$id);
$rs=$stmt->fetch();
$stmt->close();
$_SESSION['id']=$id;
$_SESSION['login']=$email;
$uip=$_SERVER['REMOTE_ADDR'];
$ldate=date('d/m/Y h:i:s', time());
if($rs){
$uid=$_SESSION['id'];
$uemail=$_SESSION['login'];
$ip=$_SERVER['REMOTE_ADDR'];
$geopluginURL='http://www.geoplugin.net/php.gp?ip='.$ip;
$addrDetailsArr = unserialize(file_get_contents($geopluginURL));
$city = $addrDetailsArr['geoplugin_city'];
$country = $addrDetailsArr['geoplugin_countryName'];
$log="insert into userLog(userId,userEmail,userIp,city,country) values('$uid','$uemail','$ip','$city','$country')";
$mysqli->query($log);
if($log){
header("location:student/dashboard.php");
}
} else {
echo "<script>alert('Sorry, Invalid Username/Email or Password!');</script>";
// header("location:student/dashboard.php");
}
}
?>
<!-- By CodeAstro - codeastro.com -->
<!DOCTYPE html>
<html dir="ltr">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<!-- Tell the browser to be responsive to screen width -->
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="">
<meta name="author" content="">
<!-- Favicon icon -->
<link rel="icon" type="image/png" sizes="16x16" href="assets/images/favicon.png">
<title>Hostel Management System</title>
<!-- Custom CSS -->
<link href="dist/css/style.min.css" rel="stylesheet">
<script type="text/javascript">
function valid() {
if(document.registration.password.value!= document.registration.cpassword.value){
alert("Password and Re-Type Password Field do not match !!");
document.registration.cpassword.focus();
return false;
}
return true;
}
</script>
</head>
<!-- By CodeAstro - codeastro.com -->
<body>
<div class="main-wrapper">
<!-- ============================================================== -->
<!-- Preloader - style you can find in spinners.css -->
<!-- ============================================================== -->
<div class="preloader">
<div class="lds-ripple">
<div class="lds-pos"></div>
<div class="lds-pos"></div>
</div>
</div>
<!-- ============================================================== -->
<!-- Preloader - style you can find in spinners.css -->
<!-- ============================================================== -->
<!-- By CodeAstro - codeastro.com -->
<!-- ============================================================== -->
<!-- Login box.scss -->
<!-- ============================================================== -->
<div class="auth-wrapper d-flex no-block justify-content-center align-items-center position-relative"
style="background:url(../assets/images/big/auth-bg.jpg) no-repeat center center;">
<div class="auth-box row">
<div class="col-lg-7 col-md-5 modal-bg-img" style="background-image: url(assets/images/hostel-img.jpg);">
</div>
<div class="col-lg-5 col-md-7 bg-white">
<div class="p-3">
<div class="text-center">
<img src="assets/images/big/icon.png" alt="wrapkit">
</div>
<h2 class="mt-3 text-center">Student Login</h2>
<form class="mt-4" method="POST">
<div class="row">
<div class="col-lg-12">
<div class="form-group">
<label class="text-dark" for="uname">Email</label>
<input class="form-control" name="email" id="uname" type="email"
placeholder="Enter your email" required>
</div>
</div>
<div class="col-lg-12">
<div class="form-group">
<label class="text-dark" for="pwd">Password</label>
<input class="form-control" name="password" id="pwd" type="password"
placeholder="Enter your password" required>
</div>
</div>
<div class="col-lg-12 text-center">
<button type="submit" name="login" class="btn btn-block btn-dark">LOGIN</button>
</div>
<div class="col-lg-12 text-center mt-5">
<a href="admin/index.php" class="text-danger">Go to Admin Panel</a>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
<!-- By CodeAstro - codeastro.com -->
<!-- ============================================================== -->
<!-- Login box.scss -->
<!-- ============================================================== -->
</div>
<!-- ============================================================== -->
<!-- All Required js -->
<!-- ============================================================== -->
<script src="assets/libs/jquery/dist/jquery.min.js "></script>
<!-- Bootstrap tether Core JavaScript -->
<script src="assets/libs/popper.js/dist/umd/popper.min.js "></script>
<script src="assets/libs/bootstrap/dist/js/bootstrap.min.js "></script>
<!-- ============================================================== -->
<!-- This page plugin js -->
<!-- ============================================================== -->
<script>
$(".preloader ").fadeOut();
</script>
</body>
</html>
Admin
September 14, 2022, 10:14am
3
What does the $stmt->error value say is the problem with the query?
2 Likes
YT_Xaos
September 14, 2022, 10:34am
5
If you don’t respond to what he asked I don’t think he can help.
I suggest you don’t use MD5 to hash your passwords as it has no way back and easy to decode.
4 Likes
Hayford
September 14, 2022, 10:56am
6
Thanks Boss after I removed the md5 it works now
Wait, so you are storing the password as plain text? That is a horrible idea!
Um, that’s literally how you are supposed to store passwords, using a one-way cryptographic function. MD5 is ok, but not really recommended anymore. SHA256 or SHA512 should be used instead.
4 Likes
YT_Xaos
September 14, 2022, 12:29pm
8
No! MD5 is very vulnerable and is very easy to decrypt!
Yes, butpassword_hash()
Is a more secure approach and is what secure websites use.https://www.php.net/manual/en/function.password-hash.php
5 Likes
system
September 21, 2022, 12:29pm
9
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.
