Dear Students,
It is really important to understand the flow of data once a user log to a system and use various links in the user home pages and finally log out of the sytem.
Step1 : login using home.php
Step2: Navigate to faculty home or student home or admin home based on the privileges set in the database
Step3: logout from the system.
Flow of program
home.php [type username and password] -->check.php[check for authentication and SQL Injection threat] ---> navigate to either facultyhome.php or adminhome.php or studenthome.php or home.php ->logout.php[when you click logout link]
NB: create a Database 'SNIT' and copy paste the below given sql in the SQL tab of phpmyadmin;
CREATE TABLE IF NOT EXISTS `login` (
`username` text NOT NULL,
`password` text NOT NULL,
`type` text NOT NULL,
`status` text NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
--
-- Dumping data for table `login`
--
INSERT INTO `login` (`username`, `password`, `type`, `status`) VALUES
('admin', 'adm', 'admin', '1'),
('faculty', 'fac', 'faculty', '1'),
('student', 'stud', 'student', '1');
Check the system with these username, password pair
For Admin (admin,adm)
For Faculty (faculty,fac)
For Student (student,stud)
home.php
<html>
<!--
Authored by : Prof. Sajeev J. (sajeevjal@gmail.com)
Date : 16/12/2015
-->
<body>
<form id="form1" name="form1" method="post" action="check.php">
<a name=#top>
<table width="81%" border="0" align="center">
<tr>
<td colspan="4"><div align="right">
<label></label>
<!-- Code to show error message if invalid username and password is typed -->
<?php
$msg="";
if($_GET['msg'])
$msg=$_GET['msg'];
if($msg=="Invalid Username or Password" || $msg=="You have not logged yet"|| $msg=="Your are not privilleged for this activity")
echo "<font color=red >".$msg."</font>";
?></div></td>
<td> </td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><div align="right">Username</div></td>
<td><div align="right">
<input type="text" name="username" />
</div></td>
<td> </td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><div align="right">Password</div></td>
<td><div align="right">
<input type="password" name="password" />
</div></td>
<td> </td>
</tr>
<tr>
<td> </td>
<td> </td>
<td> </td>
<td><div align="right">
<input type="submit" name="Submit" value="Sign in" />
<input type="reset" name="Submit2" value="Clear" />
</div></td>
<td> </td>
</tr>
</table>
</form>
</body>
</html>
check.php
<!--
Authored by : Prof. Sajeev J. (sajeevjal@gmail.com)
Date : 16/12/2015
-->
<?php
$username=$_POST['username'];
$password=$_POST['password'];
$count1=0; $count2=0;
$count1=substr_count($username, "'");
$count2=substr_count($password, "'");
$err=0;
if ($count1>0 || $count2>0)
$err=1;
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("SNIT", $con);
$result = mysql_query("SELECT * from login where username='".$username."' and password='".$password."' and status='1'");
$flag=0;
while($row = mysql_fetch_array($result))
{
$flag=1;
$type=$row['type'];
session_start();
$_SESSION['user'] = $type; // store session data
$_SESSION['username'] = $username;
}
echo $flag;
echo $type;
if($err>0)
echo "<script>location.href='home.php?msg=Invalid Username or Password'</script>";
else if($flag==1 && $type=="admin")
echo "<script>location.href='adminhome.php'</script>";
else if($flag==1 && $type=="student")
echo "<script>location.href='studenthome.php'</script>";
else if($flag==1 && $type=="faculty")
echo "<script>location.href='facultyhome.php'</script>";
else
echo "<script>location.href='labhome.php?msg=Invalid Username or Password'</script>";
mysql_close($con);
?>
adminhome.php
<html >
<head>
<title>Admin Home</title>
<!--
Authored by : Prof. Sajeev J. (sajeevjal@gmail.com)
Date : 16/12/2015
-->
</head>
<body>
<h1>Admin Home</h1>
<a href=logout.php>Logout</a>
</body>
</html>
facultyhome.php
<html >
<head>
<!--
Authored by : Prof. Sajeev J. (sajeevjal@gmail.com)
Date : 16/12/2015
-->
<title>Faculty Home</title>
</head>
<body>
<h1>Admin Home</h1>
<table border=1>
<tr><td><a href='addstudent.php'>Add Student</a></td><td><a href='addparent.php'>Add Parent</td><td><a href='addmarks.php'>Enter Marks</a></td><td><a href=logout.php>Logout</a></td></tr>
</table>
</body>
</html>
studenthome.php
<html >
<head>
<title>Student Home</title>
<!--
Authored by : Prof. Sajeev J. (sajeevjal@gmail.com)
Date : 16/12/2015
-->
</head>
<body>
<h1>Student Home</h1>
<a href=logout.php>Logout</a>
</body>
</html>
logout.php
<!--
Authored by : Prof. Sajeev J. (sajeevjal@gmail.com)
Date : 16/12/2015
-->
<?php
session_start();
session_destroy();
echo "<script>location.href='home.php?msg=0'</script>";
?>
It is really important to understand the flow of data once a user log to a system and use various links in the user home pages and finally log out of the sytem.
Step1 : login using home.php
Step2: Navigate to faculty home or student home or admin home based on the privileges set in the database
Step3: logout from the system.
Flow of program
home.php [type username and password] -->check.php[check for authentication and SQL Injection threat] ---> navigate to either facultyhome.php or adminhome.php or studenthome.php or home.php ->logout.php[when you click logout link]
NB: create a Database 'SNIT' and copy paste the below given sql in the SQL tab of phpmyadmin;
CREATE TABLE IF NOT EXISTS `login` (
`username` text NOT NULL,
`password` text NOT NULL,
`type` text NOT NULL,
`status` text NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
--
-- Dumping data for table `login`
--
INSERT INTO `login` (`username`, `password`, `type`, `status`) VALUES
('admin', 'adm', 'admin', '1'),
('faculty', 'fac', 'faculty', '1'),
('student', 'stud', 'student', '1');
Check the system with these username, password pair
For Admin (admin,adm)
For Faculty (faculty,fac)
For Student (student,stud)
home.php
<html>
<!--
Authored by : Prof. Sajeev J. (sajeevjal@gmail.com)
Date : 16/12/2015
-->
<body>
<form id="form1" name="form1" method="post" action="check.php">
<a name=#top>
<table width="81%" border="0" align="center">
<tr>
<td colspan="4"><div align="right">
<label></label>
<!-- Code to show error message if invalid username and password is typed -->
<?php
$msg="";
if($_GET['msg'])
$msg=$_GET['msg'];
if($msg=="Invalid Username or Password" || $msg=="You have not logged yet"|| $msg=="Your are not privilleged for this activity")
echo "<font color=red >".$msg."</font>";
?></div></td>
<td> </td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><div align="right">Username</div></td>
<td><div align="right">
<input type="text" name="username" />
</div></td>
<td> </td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><div align="right">Password</div></td>
<td><div align="right">
<input type="password" name="password" />
</div></td>
<td> </td>
</tr>
<tr>
<td> </td>
<td> </td>
<td> </td>
<td><div align="right">
<input type="submit" name="Submit" value="Sign in" />
<input type="reset" name="Submit2" value="Clear" />
</div></td>
<td> </td>
</tr>
</table>
</form>
</body>
</html>
check.php
<!--
Authored by : Prof. Sajeev J. (sajeevjal@gmail.com)
Date : 16/12/2015
-->
<?php
$username=$_POST['username'];
$password=$_POST['password'];
$count1=0; $count2=0;
$count1=substr_count($username, "'");
$count2=substr_count($password, "'");
$err=0;
if ($count1>0 || $count2>0)
$err=1;
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("SNIT", $con);
$result = mysql_query("SELECT * from login where username='".$username."' and password='".$password."' and status='1'");
$flag=0;
while($row = mysql_fetch_array($result))
{
$flag=1;
$type=$row['type'];
session_start();
$_SESSION['user'] = $type; // store session data
$_SESSION['username'] = $username;
}
echo $flag;
echo $type;
if($err>0)
echo "<script>location.href='home.php?msg=Invalid Username or Password'</script>";
else if($flag==1 && $type=="admin")
echo "<script>location.href='adminhome.php'</script>";
else if($flag==1 && $type=="student")
echo "<script>location.href='studenthome.php'</script>";
else if($flag==1 && $type=="faculty")
echo "<script>location.href='facultyhome.php'</script>";
else
echo "<script>location.href='labhome.php?msg=Invalid Username or Password'</script>";
mysql_close($con);
?>
adminhome.php
<html >
<head>
<title>Admin Home</title>
<!--
Authored by : Prof. Sajeev J. (sajeevjal@gmail.com)
Date : 16/12/2015
-->
</head>
<body>
<h1>Admin Home</h1>
<a href=logout.php>Logout</a>
</body>
</html>
facultyhome.php
<html >
<head>
<!--
Authored by : Prof. Sajeev J. (sajeevjal@gmail.com)
Date : 16/12/2015
-->
<title>Faculty Home</title>
</head>
<body>
<h1>Admin Home</h1>
<table border=1>
<tr><td><a href='addstudent.php'>Add Student</a></td><td><a href='addparent.php'>Add Parent</td><td><a href='addmarks.php'>Enter Marks</a></td><td><a href=logout.php>Logout</a></td></tr>
</table>
</body>
</html>
studenthome.php
<html >
<head>
<title>Student Home</title>
<!--
Authored by : Prof. Sajeev J. (sajeevjal@gmail.com)
Date : 16/12/2015
-->
</head>
<body>
<h1>Student Home</h1>
<a href=logout.php>Logout</a>
</body>
</html>
logout.php
<!--
Authored by : Prof. Sajeev J. (sajeevjal@gmail.com)
Date : 16/12/2015
-->
<?php
session_start();
session_destroy();
echo "<script>location.href='home.php?msg=0'</script>";
?>
No comments:
Post a Comment