first off, please do not downvote me as I need to learn! we all have to start from somewhere.
I am not asking anyone to write me a code, but I just want to learn it in simple terms.
and the The best way for me to learn is to edit my code so I can compare them.
here is my code:
<?php
if (isset ($_POST['email'])) {
//Connect to the database through our include
include_once "config/connect.php";
$email = stripslashes($_POST['email']);
$email = strip_tags($email);
$email = mysqli_real_escape_string($db_conx, $email);
$password = preg_replace("[^A-Za-z0-9]", "", $_POST['password']); // filter everything but numbers and letters
$password = md5($password);
// Make query and then register all database data that -
// cannot be changed by member into SESSION variables.
// Data that you want member to be able to change -
// should never be set into a SESSION variable.
$sql = "SELECT * FROM members WHERE email='$email' AND password='$password'";
$query = mysqli_query($db_conx, $sql);
$login_check = mysqli_num_rows($query);
if($login_check > 0){
while($row = mysqli_fetch_array($query, MYSQLI_ASSOC)){
// Get member ID into a session variable
$id = $row["id"];
session_register('id');
$_SESSION['id'] = $id;
// Get member username into a session variable
$username = $row["username"];
$email = $row["email"];
$password = $row["password"];
$firstname = $row["firstname"];
$lastname = $row["lastname"];
session_register('username');
session_register('firstname');
session_register('lastname');
// Update last_log_date field for this member now
$sql = "UPDATE members SET lastlogin=now() WHERE id='$id'";
$query = mysqli_query($db_conx, $sql);
// Print success message here if all went well then exit the script
header("location: members/index.php?id=$id");
exit();
} // close while
} else {
// Print login failure message to the user and link them back to your login page
header("location: login.php");
exit();
}
}
?>
Thanks in advance
