Click here to Skip to main content
15,867,686 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
i have just started working on jquery mobile. i was trying to display dialouge box if it gets no user from db on submit button
here's what i have trying to do in else clause that if user_id and password aren't equal then show dialouge box.
any help would be really appreciated!

What I have tried:

<?php
date_default_timezone_set("Asia/Karachi");
session_start();
include_once('db.php');
$con = getDB();
?>
    <!DOCTYPE html>
    <html>
    <head>
        <meta name="viewport" content="width=device-width, initial-scale=1">
        <script src="http://code.jquery.com/jquery-1.11.3.min.js"></script>
        <link rel="stylesheet" href="jquery.mobile/jquery.mobile-1.4.5.min.css">
        <script src="jquery.mobile/jquery.mobile-1.4.5.min.js"></script>
        <link href="//maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" rel="stylesheet" id="bootstrap-css">
        <script src="//maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js"></script>
        <script src="https://unpkg.com/sweetalert/dist/sweetalert.min.js"></script>
        <!------ Include the above in your HEAD tag ---------->
        <title>Home</title>
        
    </head>

    <body>
    <section class="login-block">
        <div class="container">
            <div class="row">

                <div class="col login-sec">
                    <div class="row">
                        <div class="col-sm-3"></div>
                    <div class=" col-sm-6 header text-center">
                    <img src="img/poa-logo.png" class="text-center" width="200px" height="250px">
                    </div>
                </div>
<!--                    <h2 class="text-center">Login</h2>-->
                    <form class="login-form" method="POST"  enctype="multipart/form-data">
                        <div class="form-group">
                            <label for="userid" class="text-uppercase">User ID</label>
                            <input type="text" name="userid"class="form-control" placeholder="Enter Your Mobile No.">

                        </div>
                        <div class="form-group">
                            <label for="password" class="text-uppercase">Password</label>
                            <input type="password" name="password" class="form-control"
                                   placeholder="Enter Your Password">
                        </div>


                        <div class="form-group">
                            <input type="submit" name="login" class="ui-btn ui-shadow form-control" value="Login">
                        </div>
                    </form>
                </div>
            </div>
        </div>
    </section>
    </body>

    </html>

<?php
if (isset($_POST['login'])) {
    $user_id = $_POST['userid'];
    $password = $_POST['password'];

    $login = "SELECT * FROM tbl_user WHERE user_id = '$user_id' && password = '$password'";
    $run = $con->prepare($login);
    $run->execute();
    $fetch_user = $run->fetch(PDO::FETCH_ASSOC);
    if ($fetch_user) {

        $_SESSION['user_id'] = $fetch_user['user_id'];
        $_SESSION['role'] = $fetch_user['role'];
        $_SESSION['status'] = $fetch_user['status'];
        $role = $_SESSION['role'];
        if ($role == 1) {

            header("Location: dashboard.php");
        } elseif ($role == 2) {
            header("Location: quiz.php");
        }
    } else {
        echo '<a href="dialog.html" role="button" class="ui-shadow ui-btn ui-corner-all ui-btn-inline" data-transition="slidedown">hello</a>';
    }

}


?>
Posted
Updated 14-Oct-20 22:26pm
v2
Comments
Richard Deeming 15-Oct-20 5:00am    
Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

PHP: SQL Injection - Manual[^]
Richard Deeming 15-Oct-20 5:01am    
You're also storing passwords in plain text. Don't do that.
Secure Password Authentication Explained Simply[^]
Salted Password Hashing - Doing it Right[^]

PHP even has built-in functions to help you do the right thing:
PHP: password_hash[^]
PHP: password_verify[^]
Member 13784265 15-Oct-20 5:17am    
i get that but would it help me in displaying the jquery mobile dialoug box ?

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900