954,587 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
10 Months Ago
0

PHP login will not check level row

I am trying to figure out why the PHP will not check the database level and echo the proper message. Hopefully someone can help me figure this out.

<?php
  $connect = mysql_connect("localhost","goforgol_master","!rach22*") or die("Couldn't connect!");
  mysql_select_db("goforgol_phplogin") or die("Couldn't find database");

  session_start();

  $email = $_POST['email'];
  $password = $_POST['password'];
    
  if ($email&&$password)
    {
         
      $query = mysql_query("SELECT * FROM users WHERE email='$email'");
      $numrow = mysql_num_rows($query);
      
      if ($numrow!=0)
      {
        // code to login
        while ($row = mysql_fetch_assoc($query))
        {
        
          $dbemail = $row['email'];
          $dbpassword = $row['password'];
          $dbname = $row['name'];
          $dblevel = $row['level'];
        
        }
        if ($email==$dbemail&&md5($password)==$dbpassword)
        {
          if ($dblevel==0)
          {
          echo "You are logged in! <a href='http://www.wordpresswealth.com/index.php'>Click</a> here purchase a membership package";
          $_SESSION['email']=$email;
          session_destroy();
          }
          elseif ($dblevel==1)
          {
          echo "You are logged in! <a href='http://www.wordpresswealth.com/Member_Library_Trial.php'>Click</a> here to enter Member's Library";
          $_SESSION['email']=$email;
          }
          elseif ($dblevel==2)
          {
          echo "You are logged in! <a href='Member_Library.php'>Click</a> here to enter members page.";
          $_SESSION['email']=$email;
		  }
		  elseif ($dblevel==3)
		  {
		  echo "You are logged in! <a href='Member_Library_Gold.php'>Click</a> here to enter members page.";
          $_SESSION['email']=$email;
          }
        }
        else
          echo "Username or Password is incorrect";
      }
      else
        die('Username or Password is incorrect');
    }
  else
    die("Please enter a username and a password");

?>


Thanks in advance for any help.

tstory28
Light Poster
33 posts since Apr 2011
Reputation Points: 10
Solved Threads: 0
 
10 Months Ago
Show Comments
1

Hi tstory28,

After a quick look through your code, I would like to suggest a few things:

- Put a new if statement around line 6 to 61, in which you check whether the email and password form variable are set (if (isset($_POST['email) && .....) and delete the if statement in line 10

- Line 7, 8 - Clean the form value first: $variable = htmlentities(addslashes($_POST['form_variable']));


- Line 26 - Add an echo in which you show all the variables from the database:

echo "dbemail=".$dbemail.", dbpassword=".$dbpassword.", dbname=".$dbname.", dblevel=".$dblevel;


If you did all those steps (especially the last one), you will find out why your code is not working (probably because dblevel is empty, but you'll see)

~G

Graphix
Posting Pro in Training
432 posts since Aug 2009
Reputation Points: 82
Solved Threads: 74
 
10 Months Ago
0

Now what is your output?

Karthik_pranas
Posting Pro
564 posts since Feb 2011
Reputation Points: 96
Solved Threads: 97
 
10 Months Ago
0

Alright. I just tested it. I got dblevel=nothing. When I look in the database, there are values in the level row. How would I fix that issue?

tstory28
Light Poster
33 posts since Apr 2011
Reputation Points: 10
Solved Threads: 0
 
10 Months Ago
Show Comments
1

Umm, try this checklist:

A. Is "users" the correct table?
B. Is the name of the column that holds the level really "level", as you described on line 25?
C. You should have fixed it by now, if not, post a reply :)

~G

Graphix
Posting Pro in Training
432 posts since Aug 2009
Reputation Points: 82
Solved Threads: 74
 
10 Months Ago
0

I did not realize that I named that row "Level" instead of "level". Once I changed that, it actually worked right.

tstory28
Light Poster
33 posts since Apr 2011
Reputation Points: 10
Solved Threads: 0
 
2 Months Ago
0

Here is a script to log into MySQL database (screenshot attached) using email ID and password. Am using main_login.php to call the checklogin3.php. Cannot seem to make the checklogin3 code work:

<?php
ob_start();
$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password="March2010"; // Mysql password 
$db_name="login11"; // Database name 
$tbl_name="members"; // Table name

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword 
if(isset($_POST['email'])){

$email=$_POST['email']; 
$mypassword=$_POST['mypassword'];

}  

// To protect MySQL injection (more detail about MySQL injection)
$email = stripslashes($email);
$mypassword = stripslashes($mypassword);
$email = mysql_real_escape_string($email);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE email='$email' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $email and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}

ob_end_flush();
?>


I am a beginner in php. This is a sample code file. I know line in 36, I must use $_Session instead of $session_register, but I cannot seem to make that work either.

Attachments Capture_005.jpg 43.61KB
joydeepd
Newbie Poster
1 post since Mar 2012
Reputation Points: 10
Solved Threads: 0
 

This question has already been solved

Post: Markdown Syntax: Formatting Help
You
View similar articles that have also been tagged:
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed