I wonder if anyone can help. I have just really started on php and I am having trouble with an admin login script. I have learnt off w3schools and I have tried to piece my script together but it still isn’t working. I have taken everything through the MySQLi Object-Oriented way as w3schools have shown. I know I still have a lot of work to do on the script such as password_hash and mysql injection.
I have my database connect
<?
/* DATEBASE CONFIGURATION */
$servername = "";
$dbName = "";
$username = "";
$password = "";
// Create connection
$conn = new mysqli($servername, $username, $password);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
?>
I have my admin_login.php
<?php
session_start();
if (isset($_SESSION["manager"])) {
header("location: index.php");
exit();
}
?>
<?php
// Parse the log in form if the user has filled it out and pressed "Log In"
if (isset($_POST["username"]) && isset($_POST["password"])) {
$manager = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["username"]); // filter everything but numbers and letters
$password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password"]); // filter everything but numbers and letters
// Connect to the MySQL database
include "../storescripts/connect_to_mysql.php";
$sql = mysqli_query("SELECT id FROM admin WHERE username='$manager' AND password='$password' LIMIT 1"); // query the person
// ------- MAKE SURE PERSON EXISTS IN DATABASE ---------
$existCount = $conn->query($sql);
if ($existCount->mysqli_num_rows == 1) {
while($row = mysqli_fetch_array($sql)){
$id = $row["id"];
}
$_SESSION["id"] = $id;
$_SESSION["manager"] = $manager;
$_SESSION["password"] = $password;
header("location: index.php");
exit();
} else {
echo 'That information is incorrect, try again <a href="index.php">Click Here</a>';
exit();
}
}
?>
And i have my the page in which it is suppose to go to after it passes through the code called index.php
<?php
session_start();
if (!isset($_SESSION["manager"])) {
header("location: admin_login.php");
exit();
}
// Be sure to check that this manager SESSION value is in fact in the database
$managerID = preg_replace('#[^0-9]#i', '', $_SESSION["id"]); // filter everything but numbers and letters
$manager = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["manager"]); // filter everything but numbers and letters
$password = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["password"]); // filter everything but numbers and letters
// Run mySQL query to be sure that this person is an admin and that their password session var equals the database information
// Connect to the MySQL database
include "../storescripts/connect_to_mysql.php";
$sql = mysqli_query("SELECT * FROM admin WHERE id='$managerID' AND username='$manager' AND password='$password' LIMIT 1"); // query the person
// ------- MAKE SURE PERSON EXISTS IN DATABASE ---------
$existCount = $conn->query($sql);
$existCount = mysqli_num_rows($sql); // count the row nums
if ($existCount == 0) { // evaluate the count
echo "Your login session data is not on record in the database.";
exit();
}
?>
After it passes through the script it goes to the else in admin_login
else {
echo 'That information is incorrect, try again <a href="index.php">Click Here</a>';
exit();
Can someone please tell me where i am going wrong. i am only a beginner in php and really would appreciate some help, The more people explain it to me the more i can understand other bits of code i am trying to put together, many thanks, Gary