-3
    My error is always said "invalid username and password",
        please any one can help?


    i want to fix some errors"'please help

    i want to do this like in this link please see" this is a program i like to do
    http://alumnisys.hostei.com/




please any one can solve this problem""
the error is is in variable sysntax""


code below is i like to fix 

    heres my other code""
    connect.php
    login.php
    index.php
    admin.php
    staff.php
    student.php


|

Username:
Password:

S u b m i t This is a sample program of 3 accounts use this as your guide to your case study. The pdf files is in the admin page login first before download:) note: you need to debug the codes :) note: the database is in the student page. Admin Account username: admin
password: admin

Staff Account username staff
password staff

student account username pedro
password pedropedro 

    Connect.php 
    <?php  
      $db = mysql_connect('localhost', 'root', ''); 
      mysql_select_db('psu1', $db); 
    ?> 

    Index.php 
    <?php 
    session_start(); 
    $pg='hm'; 
    if($_SESSION['usertype']=='admin'){ 
      header('location: admin.php'); 
    }elseif($_SESSION['usertype']=='staff'){ 
      header('location: staff.php'); 
    }elseif($_SESSION['usertype']=='alumni'){ 
      header('location: alumnu.php'); 
    }else{ 

    } 
    $msg=''; 
    if(isset($_POST['do'])){ 
      $uname = $_POST['username']; 
      $upass = $_POST['password']; 

      if(($uname=='') && ($upass=='')){ 
        $msg = 'frmError'; 
        $m = 'Dont leave blanks...'; 
      }else{ 
        include('connect.php'); 

    $sql="SELECT * FROM alumni_login WHERE userrname='".$uname."' AND password='".md5($upass)."'"; 
        $result=mysql_query($sql); 
        $rc = mysql_num_rows($result); 
        if($rc==0){ 
          $msg = 'frmError'; 
          $m = 'Invalid Username or Password'; 
        }else{ 
          $row = mysql_fetch_assoc($result); 
          $ip=$_SERVER['REMOTE_ADDR']; 
          $sql2="INSERT INTO login_infos VALUES(".$row['userid'].", 
    '".$row['username']."', '".date('Y-m-d H:i:s')."', '$ip')"; 
          $result2=mysql_query($sql2); 
          if($result2){ 
            $_SESSION['username'] = $row['username']; 
            $_SESSION['useraydi'] = $row['userid']; 
            $_SESSION['usertype'] = $row['usertype']; 
            if($row['usertype']=='admin'){ 
              header('location: admin.php'); 
            }elseif($row['usertype']=='staff'){ 
              header('location: staff.php'); 
            }elseif($row['usertype']=='alumni'){ 
              header('location: student.php'); 
            } 
          } 
        } 
      } 
    } 
    ?> 
    <head> 
      <title>index</title> 
      <meta http-equiv="Content-Type" content="text/html; charset=Windows-1251" /> 
      <link rel="stylesheet" href="css/main.css" type="text/css" /> 
        <style type="text/css"> 
    <!-- 
    .style1 {font-size: 10px} 
    .style2 { 
      font-size: 11px; 
      font-weight: bold; 
    } 
     </style> 
    </head> 
    <body>    
            <?php include('login.php'); ?> 
    </div> 
    </body> 
    </html> 


    Admin.php 
    <?php 
    session_start(); 
    $pg='hm'; 
    if($_SESSION['usertype']!='admin'){ 
      header('location: index.php'); 
    } 
    ?> 

    <head> 
      <title>Admin-Main Page</title> 

    </head> 

    <body>    
        <li style="background: none;"><a href="#">Welcome ADMIN</a></li>  

              <h3>Welcome  System Administration.</h3> 
              <p>&nbsp;</p> 
              <p>&nbsp;</p> 
              <p>&nbsp;</p> 
              <p>&nbsp;</p> 
              <li><a href="logout.php"><img src="menu/logout.png" 
    /></a></li> 
    </body> 
    </html> 


    Staff.php 
    <?php 
    session_start(); 
    $pg='st'; 
    if($_SESSION['usertype']!='staff'){ 
      header('location: index.php'); 
    } 
    include('connect.php'); 
    $sql = "SELECT * FROM alumni_login WHERE userid='".$_SESSION['useraydi']."'"; 
    $result = mysql_query($sql); 
    $rc=@mysql_num_rows($result); 
    if($rc>0){ 
      $row=mysql_fetch_assoc($result); 
      $neym=$row['username']; 
    } 
    ?> 

    <html><title>staff page</title> 
    </head> 
    <body>    
        <li style="background: none;"><a href="#">Welcome STAFF</a></li>  
                      <h3>Staff Main Page</h3> 
              <p>&nbsp;</p> 
              <p>&nbsp;</p> 
              <p>&nbsp;</p> 
              <p>&nbsp;</p> 
              <li><a href="logout.php"><img src="menu/logout.png" 
    /></a></li> 
              </div> 
    </body> 
    </html> 



    Student.php 

    <?php 
    session_start(); 
    if($_SESSION['usertype']!='student'){ 
      header('location: index.php'); 
    } 
    $pg='hm'; 
    include('../student_for_demo correct codes/connect.php'); 

    $sql = "SELECT * FROM alumni_info WHERE userid='".$_SESSION['useraydi']."'"; 
    $result = mysql_query($sql); 
    $rc=@mysql_num_rows($result); 
    if($rc>0){ 
      $row=mysql_fetch_assoc($result); 
      $neym=$row['firstname']; 

      if($row['myphoto']!='') 
          if(file_exists($uploads.$row['myphoto'])) 
            $imgphoto = $uploads.$row['myphoto']; 
          else 
            $imgphoto = $uploads.'nopic.gif'; 
        else 
          $imgphoto = $uploads.'nopic.gif';   
    } 
    ?> 

    <html> 
    <head> 
      <title>student page</title> 
      <td id="content" valign="top"><h2>Welcome, <?php echo $neym;?></h2> 
        <p>&nbsp;</p> 
        <p>&nbsp;</p> 
        <p>&nbsp;</p> 
        <p>&nbsp;</p> 
        <li><a href="../student_for_demo correct codes/logout.php"><img src="../student_for_demo 
    correct codes/menu/logout.png" /></a></li> 
    </div> 
    </body> 
    </html> 


    Inc.login.php 
      <form method="post" id="loginform" action="index.php"> 

      <div align="center"><strong><font color="#003300" size="2"><span class="<?php echo $msg; 
    ?>"><font color="#EDF5FE">|</font><?php echo $m; ?></span></font></strong></div> 
                   <table width="222"><tr height="30"> 
            <td align="right"><strong>Username:</strong></td> 
            <td><input name="username" type="text"></td> 
          </tr><tr> 
            <td align="right"><strong>Password:</strong></td> 
            <td><input name="password" type="password"></td> 
          </tr></table> 
                   <br /> 


        <input type="image" align="center" src="images/login.png" name="do" value="S u b m i t" /> 

                  </form> 


    Logout.php 

    <?php 
    session_start(); 
    session_destroy(); 

    header("location: index.php"); 
    ?>
Henry Mindres Tiozon
  • 1
  • 1
  • You must check the output from `echo mysql_error();` rather than blindly assume the query succeeded. I see what I believe to be a misspelling at `WHERE userrname` (instead of `username`) – Michael Berkowski Oct 07 '15 at 02:49
  • Please also review [How can I prevent SQL injection in PHP](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). Your code is presently vulnerable to tampering via injection and at a minimum you must use `mysql_real_escape_string()` on the query values from `$_POST`. But the `mysql_*()` functions are deprecated and the best course of action is to begin using PDO with prepared statements and parameters as illustrated in that linked question. – Michael Berkowski Oct 07 '15 at 02:51
  • Have you stored the password using md5 in the first place ? – Rohit Gupta Oct 07 '15 at 03:10

1 Answers1

0

I have check, In your query there is spelling mistake

New Query 

$sql="SELECT * FROM alumni_login WHERE username='".$uname."' AND password='".md5($upass)."'";

You have used userrname it should be username

Mitul
  • 3,431
  • 2
  • 22
  • 35