For the most part, my website logins perfectly! i can happily verify the users email when they login to their account, but I was just testing my login page, and realised different users are being directed to the exactly the same page, no matter their email address or password and are able to gain access to other users information. What can i do to resolve this?
Is there any way of checking both the email address and AccountId when they login to the accounts page?
PHP LOGIN PAGE
if (isset($_POST['login']))
//database varianbles
$c_email = $_POST['email'];
$c_password = $_POST['pass1'];
// select login details
$sel_c = "SELECT * FROM Cus_Register WHERE Cus_Email='$c_email' AND Cus_Password='$c_password'";
$run_c = mysqli_query($dbc, $sel_c);
//check if customer is on databse
$check_customer = mysqli_num_rows($run_c);
if ($check_customer == 0) {
echo "password or email is incorrect please try again";
exit();
} else {
session_start();
$_SESSION['Cus_Email'] = $c_email;
// echo "<script> alert ('Logged in successfully')</script>";
echo "<script>window.open('./customer/Cus_Account.php','_self') </script>";
exit();
}
?>
CUSTOMERS ACCOUNTS PAGE
session_start();
//if user is not logged re-direct them to login page
if (isset($_SESSION['Cus_Email'])) {
} else {
// header("Location: ./login.php");
echo "<script>window.open('../login.php','_self')</script>";
}
?>
Cus_Reg Table
CREATE TABLE `Cus_Register` (
`Cus_Email` varchar(100) NOT NULL,
`Cus_Password` varchar(50) NOT NULL,
`Cus_confirm_Password` varchar(50) NOT NULL,
`AccountID` tinyint(11) NOT NULL AUTO_INCREMENT,
PRIMARY KEY (`AccountID`),
UNIQUE KEY `Cus_Email` (`Cus_Email`)
) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=outfit
SELECT INFO
<?php
$details = $dbc->query("SELECT * FROM Cus_acc_details");
$cus_dets = $details->fetch_array(MYSQLI_BOTH);
//session_start does not work here
$_SESSION['fname'] = $cus_dets['CUS_Fname'];
$_SESSION['lname'] = $cus_dets['Cus_Lname'];
$_SESSION['phone'] = $cus_dets['CUS_Phone'];
$_SESSION['CustomerID'] = $cus_dets['CustomerID'];
?>
