<link rel="stylesheet" type="text/css" href="admin/css/style.css" />
<?php include('dbcon.php');
include('header.php');
?>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container">
<a class="brand">
<img src="admin/images/dee.png" width="150" height="50">
</a>
<a class="brand">
<h2>UNITOUCH GLOBAL ONLINE E-VOTING</h2>
<div class="chmsc_nav"><font size="4" color="white">Uniquely Touching The Universe</font></div>
</a>
<?php include('head.php'); ?>
</div>
</div>
</div>
<div class="wrapper_admin">
</br>
</br>
</br>
<div id="element" class="hero-body-index">
<p><font color="white"><h2>Voter Login</h2></font></p>
<form method="POST" >
<table>
<tr><td><font color="white">UserName:</font> </td><td><input type="text" name="UserName" class="UserName_hover"></td></tr>
<tr><td>...<td></tr>
<tr><td><font color="white">Password:</font> </td><td><input type="Password" name="Password" class="Password_hover"></td></tr>
<tr><td>...<td></tr>
<tr><td></td><td> <button class="btn btn-primary" name="Login"><i class="icon-ok icon-large"></i> Login</button>
</td></tr>
<tr><td>
</td><tr>
</form>
</table>
</br>
<div class="error">
<?php
if (isset($_POST['Login'])){
$UserName=$_POST['UserName'];
$Password=$_POST['Password'];
$login_query=mysqli_query($GLOBALS["___mysqli_ston"], "select * from voters where Username='$UserName' and Password='$Password' and Status='Unvoted' and Year='1st year'") or die(((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)));
$login_query3=mysqli_query($GLOBALS["___mysqli_ston"], "select * from voters where Username='$UserName' and Password='$Password' and Status='Unvoted' and Year='2nd year'") or die(((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)));
$login_query4=mysqli_query($GLOBALS["___mysqli_ston"], "select * from voters where Username='$UserName' and Password='$Password' and Status='Unvoted' and Year='3rd year'") or die(((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)));
$login_query5=mysqli_query($GLOBALS["___mysqli_ston"], "select * from voters where Username='$UserName' and Password='$Password' and Status='Unvoted' and Year='4th year'") or die(((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)));
//
$login_query1=mysqli_query($GLOBALS["___mysqli_ston"], "select * from voters where Username='$UserName' and Password='$Password' and Status='Voted'");
$login_query2=mysqli_query($GLOBALS["___mysqli_ston"], "select * from voters where Username='$UserName' and Password='$Password' and Status='Voted'");
$count=mysqli_num_rows($login_query);
$count1=mysqli_num_rows($login_query1);
$count3=mysqli_num_rows($login_query3);
$count4=mysqli_num_rows($login_query4);
$count5=mysqli_num_rows($login_query5);
$row=mysqli_fetch_array($login_query);
$row3=mysqli_fetch_array($login_query3);
$row4=mysqli_fetch_array($login_query4);
$row5=mysqli_fetch_array($login_query5);
$id=$row['VoterID'];
?>
<?php
if($count == 1){
session_start();
$_SESSION['id']=$row['VoterID'];
header('location:voting.php');
}
if($count3 == 1){
session_start();
$_SESSION['id']=$row3['VoterID'];
header('location:voting.php');
}
if($count4 == 1){
session_start();
$_SESSION['id']=$row4['VoterID'];
header('location:voting.php');
}
if($count5 == 1){
session_start();
$_SESSION['id']=$row5['VoterID'];
header('location:voting.php');
}
if($count1 == 1){ ?>
<div class="alert alert-error">
<button class="close" data-dismiss="alert">×</button>
You Can Only Vote Once
</div>
<?php
}else{ ?>
<div class="alert alert-error">
<button class="close" data-dismiss="alert">×</button>
Please check your username and password
</div>
<?php
}
?>
<?php
}
?>
</div>
</div>
</br>
</br>
</br>
</br>
</br>
<?php include('footer.php')?>
</div>
</body>
</html>
nana.k.denise 0 Newbie Poster
diafol
Let me get this right, you want us to convert your code for you? If you are new to PDO, then a good way to get started would be to research PDO and attempt it yourself. I am tempted to say "RTFM", but that would be rude. This code is not yours I take it. It looks very old.
You're probably better starting from scratch. Check out pritaeas' tutorials in the code snippets section of this forum.
nana.k.denise 0 Newbie Poster
ok thanks..yh the code is not mine..am using it for a voting site..and i needed it to be protected against sql injection. am still researching on PDO but i wont be able to correct the problem now since am new to it.would be glad if you could help correct the coding
pritaeas 2,194 ¯\_(ツ)_/¯ Moderator Featured Poster
MySQLi supports binding too, so why the step to PDO?
nana.k.denise 0 Newbie Poster
chose PDO because it does protect against sql injection.how wil the binding be like for this code?
diafol
As pritaeas states, mysqli has binding too, so there's not much difference between PDO and mysqli for this purpose. Have you looked at the php manual for mysqli (or PDO) - there are examples there.
How about Google: "php mysqli binding example"
pritaeas 2,194 ¯\_(ツ)_/¯ Moderator Featured Poster
how wil the binding be like for this code?
http://www.daniweb.com/web-development/php/code/462098/mysqli-binding-example
nana.k.denise 0 Newbie Poster
ohkk thanks..will check it out.But will still appreciate if you could help correct the code to prevent injections
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.