i need help with this code

General PHP Help
#1

i need help with this…cant seem to make it work

[php]<?php
session_start();
include(“connection.php”);
if(isset($_POST[“login”])){
$username=$_POST[“username”];
$password=md5($_POST[“password”]);

$query=“SELECT * FROM admin WHERE username=’$username’ && password=’$password’”;
$check=mysqli_query($connect,$query) or die(mysqli_error());
if(mysqli_num_rows($check)>0){
$_SESSION[“username”]=$username;
header(“location:home.php”);
}
else{
echo ’';
}
}
?>

Job Recruitment System 
<div class="wrap">

<div class="head">
<img src="images/logo.jpg" />
<form method="POST" class="loginForm">
<input name="username" type="text" placeholder="Enter Your Username" class="loginField" required />
<input name="password" type="password" placeholder="Enter Your Password" class="loginField" required />
<input name="login" type="submit" value="Login" class="loginBtn" />
</form>
</div>
<div class="banner">
Organization Job Recruitment System Administrator
</div>	


<div class="body">
<center><img src="images/rrr.jpg" class="bodyImage" /></center>

</div>



<div class="foot">
&copy; Job Recruitment 2014. All Rights Reserved.
</div>	
</div>
[/php]
#2

What doesn’t work? Do you get any errors?

[hr]

You are using Mysqli which support prepared/paramterized queries which protect you from SQL injection hacks. Please use it. http://php.net/manual/en/mysqli-stmt.bind-param.php

You are using MD5 to hash passwords which it was not designed for and was considered insecure in 2000. Please change to use PHPs native password_hash api. http://php.net/manual/en/function.password-hash.php

#3

This looks to be an issue with understanding sessions.

[php]$_SESSION[“username”][/php] doesn’t look to ever be set.

Sponsor our Newsletter | Privacy Policy | Terms of Service