Converting sql to PDO

Hi have an urgent need to convert our current SQL code to PDO, I have spent all day today just trying to get our login system right can gave up restoring the code back to the original. I can play with the rest after if I can just get into the system. Can someone please help me convert the following to PDO. I have no idea what I am doing here and I know I am asking a lot but the help will be immensly appreciated.

LOGIN CODE:

    <?php 
        session_start();
        ob_start();
        include "edb.php";
        include "./functions.php";
        ?> 

        <?php
        //If the user has submitted the form
        	if($_POST['submit']){
        		$Username = protect($_POST['Username']);
        		$Password = protect(sha1($_POST['Password']));
        		if(!$Username || !$Password){
        		echo "<center>Please enter your <b>Username</b> and <b>Password</b>!</center>";
        			}else{
        		$res = mysql_query("SELECT * FROM `eusers` WHERE `Username` = '".$Username."'");
        				$num = mysql_num_rows($res);
        				if($num == 0){
        				echo "<center>The <b>Username</b> or <b>Password</b> you supplied is incorrect!</center>";
        				}else{
        				$res = mysql_query("SELECT * FROM `eusers` WHERE `Username` = '".$Username."' AND Password = '".$Password."'");
        				$num = mysql_num_rows($res);
        				if($num == 0){
        				echo "<center>The <b>Password</b> you supplied is incorrect!</center>";
        					}else{
        				$row = mysql_fetch_assoc($res);
        				if($row['Active'] != 1){
        				echo "<center>Your login has been <b>deactivated</b></center>";
        						}else{
        				header('Location: secure.php');
        				$time = date('U')+7200; //2 Hours
        				mysql_query("UPDATE `eusers` SET `Online` = '".$time."' WHERE `id` = '".$_SESSION['uid']."'");
        				$_SESSION['uid'] = $row['id'];
         						}
        					}
        				}
        			}
        		}
        		?>

SESSION CODE on Each Page

    <?php
    session_start();
    include "edb.php";
    include "./functions.php";
    if(strcmp($_SESSION['uid'],"") == 0){
    printf("<script>location.href='index.php'</script>"); // note: the forum s/w is not displaying the closing > and " that are near the end of this line
    }else{
    $time = date('U')+7200; //2 Hours
    $update = mysql_query("UPDATE `eusers` SET `Online` = '".$time."' WHERE `id` = '".$_SESSION['uid']."'");
    }
    ?>

you can start here

it helps people giving you useful answers when you format your code with the </> button

I’ll do it for you for £50.

The session check code on each page, because it doesn’t stop program execution after the redirect, is still executing all the remaining code on the protected page. Every redirect needs an exit; statement after it.

1 Like
Sponsor our Newsletter | Privacy Policy | Terms of Service