0

Hello Everyone,

I am new to PHP and am trying to create a login menu with different user levels. I have used a MYSQL Database and PHP.

The database has

Username, Password, Role. Role could be an admin, lecturer or student. I need each user to login to their respective page.

I am unable to create the access to different levels. The system only allows me to log on to one page alone. Can u help me out?

Here is the coding:

<?php
$host="localhost"; // Host name 
$Username="root"; // Mysql username 
$Password="root"; // Mysql password 
$db_name="test"; // Database name 
$tbl_name="Users"; // Table name

// Connect to server and select databse.
mysql_connect("connection", "username", "password")or die("cannot connect"); 
mysql_select_db("test")or die("cannot select database");

// username and password sent from form 
$Username=$_POST['Username']; 
$Password=$_POST['Password'];

// To protect MySQL injection (more detail about MySQL injection)
$Username = stripslashes($Username);
$Password = stripslashes($Password);
$Username = mysql_real_escape_string($Username);
$Password = mysql_real_escape_string($Password);
$sql="SELECT * FROM Users WHERE Username='$Username' and Password='$Password'";
$result = mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $username and $password, table row must be 1 row
if($count==1){
    while($row = mysql_fetch_array($result)){
        $Role = $row['Role'];
    }
    session_start();
    // Register $username, $password and redirect to members area

    if ($_SESSION["Username"] == $Username && $Role == "admin")
    header("location:admin/administrator.php");

    elseif($_SESSION["Username"] == $Username && $Role == "lecturer")
    header("location:lecturers/lecturer.php");

    }
    else {
        echo "You have entered an incorrect username or password";
    }
?>

Edited by mike_2000_17: Fixed formatting

2
Contributors
1
Reply
3
Views
7 Years
Discussion Span
Last Post by zortec
0

Here is the coding:

<?php
$host="localhost"; // Host name
$Username="root"; // Mysql username
$Password="root"; // Mysql password
$db_name="test"; // Database name
$tbl_name="Users"; // Table name

// Connect to server and select databse.
mysql_connect("connection", "username", "password")or die("cannot connect");
mysql_select_db("test")or die("cannot select database");

// username and password sent from form
$Username=$_POST['Username'];
$Password=$_POST['Password'];

// To protect MySQL injection (more detail about MySQL injection)
$Username = stripslashes($Username);
$Password = stripslashes($Password);
$Username = mysql_real_escape_string($Username);
$Password = mysql_real_escape_string($Password);
$sql="SELECT * FROM Users WHERE Username='$Username' and Password='$Password'";
$result = mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $username and $password, table row must be 1 row
if($count==1){
while($row = mysql_fetch_array($result)){
$Role = $row['Role'];
}
session_start();
// Register $username, $password and redirect to members area

if ($_SESSION["Username"] == $Username && $Role == "admin")
header("location:admin/administrator.php");

elseif($_SESSION["Username"] == $Username && $Role == "lecturer")
header("location:lecturers/lecturer.php");

}
else {
echo "You have entered an incorrect username or password";
}
?>

end quote.

Well, to start with you want to wrap the code in code-tags. We need to know more about the directory structure. Do you have a directory for each access level?

Another point to note, when you are using a SELECT statement, it generally is not a good idea to select all of the fields in the table using the * which means all. I would just select the fields that are needed.

Have you put data in the tables? I can only go off what you have given. You can use echo statements to test that the right values are coming back.

Edited by mike_2000_17: Fixed formatting

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.