-3

How do I change the below to mysql? This is my authentication page.

I have tried changing but all it gives me is a blank page with no error. All my other pages are in mysql format and I don't want to use PDO.

require 'connect.php';

session_start();

$username = "";
$password = "";

if(isset($_POST['username'])){
    $username = $_POST['username'];
}
if (isset($_POST['password'])) {
    $password = $_POST['password'];

}

echo $username ." : ".$password;

$q = 'SELECT * FROM users WHERE username=:username AND password=:password';

$query = $dbh->prepare($q);

$query->execute(array(':username' => $username, ':password' => $password));


if($query->rowCount() == 0){
    header('Location: ind.php?err=1');
}else{

    $row = $query->fetch(PDO::FETCH_ASSOC);

    session_regenerate_id();
    $_SESSION['sess_user_id'] = $row['id'];
    $_SESSION['sess_username'] = $row['username'];
    $_SESSION['sess_userrole'] = $row['role'];

    echo $_SESSION['sess_userrole'];
    session_write_close();

    if( $_SESSION['sess_userrole'] == "admin"){
        header('Location: adminhome.php');
    }else{
        header('Location: userhome.php');
    }


}
vhu
  • 12,244
  • 11
  • 38
  • 48
flevian
  • 31
  • 4

1 Answers1

1

I think you have a grave misunderstanding here.

As several people have pointed out in comments, you don't want to convert your code to use mysql_ -style functions. These functions have been deprecated since PHP 5.5.0. Setting this aside, it also needs to be used very carefully to avoid SQL injections.

I understand that for some reason you may not want to use PDO, in which case you do have options like mysqli. Please also see manual for other database abstraction layers.

My suggestion is that you:

  1. Debug what's wrong with your login page.
  2. Refactor your other pages to use something else than mysql_ functions.
  3. Evaluate whether existing CMS or PHP frameworks would be more fit for your use case.
Community
  • 1
  • 1
vhu
  • 12,244
  • 11
  • 38
  • 48