0
<?php
include("include/dbc.php");
include("include/connect.php");
session_start();
$error="style='display:none;'";
$submitcheck=$_POST['submit'];
if($submitcheck==1)
{
    if($_POST){
    $user_name=addslashes($_POST['user_name']);
    $password=addslashes($_POST['password']);

   $query1=mysql_query("SELECT * FROM tbl_login WHERE user_name = '$user_name' and password='$password' and user_level='1'");
    $query2=mysql_query("SELECT * FROM tbl_login WHERE user_name = '$user_name' and password='$password' and user_level='2'");
      $query3=mysql_query("SELECT * FROM tbl_login WHERE user_name = '$user_name' and password='$password' and user_level='3'");
       $query4=mysql_query("SELECT * FROM tbl_login WHERE user_name = '$user_name' and password='$password' and user_level='4'");
           $query5=mysql_query("SELECT * FROM tbl_login WHERE user_name = '$user_name' and password='$password' and user_level='5'");

    if(empty($query1)){
        echo "Invalid User ID or Password";
    }
        else{
        header("Location:Admin/home.php");
        }
    if(empty($query2)){
        echo "Invalid User ID or Password";
    }
        else{
        header("Location:Zone/home.php");
        }
    if(empty($query3)){
        echo "Invalid User ID or Password";
    }
        else{
        header("Location:Circle/home.php");
        }
    if(empty($query4)){
        echo "Invalid User ID or Password";
    }
        else{
        header("Location:Division/home.php");}
    if(empty($query5)){
        echo "Invalid User ID or Password";
    }
        else{
        header("Location:Sub-div/home.php");}

    }
}
?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<head>

<title>Assam Power Distribution Company Limited</title>
<style type="text/css">
body
{
    background-image:url(images/background2.jpg);
    margin:0px;
                font-family:arial,helvetica,tahoma,georgia;
}
                 .container
            {
                width:950px;
                height:auto;
                position:relative;
                margin-left:auto;
                margin-right:auto;
            }
    #header
            {
                width:950px;
                height:102px;
                margin-right:0px;
                margin-left:0px;
        margin-top: 20px;
        border-radius: 11px 10px 10px 11px;
                position:relative;
                background:url(images/header.jpg) no-repeat;

            }


/* Styling the slideshow */

#loginContainer{
    width:500px;
    height:500px;
    position:absolute;
    margin:30px auto 30px;

    margin-left:215px;
    opacity: 50;



}

#login_user{
    border-radius: 40px 0px 40px 0px;
    position:absolute;
    height:300px;
    width:490px;
    background-image:url("images/Grunge_Backgrounds___Paper_by_zerocustom1989.png") ;
    margin:10px 0 0 10px;
    z-index:100;

    -moz-box-shadow:0 0 10px #111;
    -webkit-box-shadow:0 0 10px #111;
    box-shadow:0 0 10px #111;
}

.roundedCornerMinimalDark
            {

                border-radius: 7px 7px 7px 7px;
                margin-left: 40px;
                float: left;
                margin-bottom: 20px;
                padding: 20px;
                width: 380px;
            }


form
            {
                float: left;
                margin: 0;
                padding: 0;
            }
            .span-10
            {
                width: 390px;
            }
            .roundedCornerMinimalDark p
            {
                margin-top: 10px;
            }
            label
            {
                color: #F1E8E3;
                font-size: 12px;
                font-weight: bold;
                text-transform: uppercase;
                margin-bottom: 5px;
            }
            input.span-10[type="text"]
            {
                border-radius: 7px 7px 7px 7px;
                width: 368px;
            }
            input.span-10[type="password"]
            {
                border-radius: 7px 7px 7px 7px;
                width: 368px;

            }
            input[type="text"], input[type="password"], textarea, input.text
            {
                 background: url("images/nav-bg.jpg") no-repeat scroll 0 0 transparent;
                border: 1px solid #221D1A;
                color: #3C352F;
                font-family: "Helvetica Neue",Helvetica,Arial,sans-serif;
                font-size: 14px;
                height: 20px;
                margin-bottom: 15px;
                padding: 5px;
            }
            #submit
            {
                clear: left;
                float: left;
                margin-top: 5px;
        margin-bottom: 5px;
            }
            .sharedLinks a
            {
                display: block;
            }
            .clear
            {
                clear: both;
            }
            #contentBottomMinimal
            {
                background: url("images/nav-bg.jpg") no-repeat scroll 0 0 transparent;
                height: 8px;
                margin: 0 auto;
                padding-bottom: 72px;
                width: 476px;
            }




#footer
{
    height: 152px;
    width: auto;
    background:url(images/footerbck.png) repeat-x scroll 0 0 transparent;
    margin-top:400px;
    margin-left: -30px;
    margin-right: 0px;



}
#copy
{
    width: auto;
    height: auto;
    padding: 0px 0px 0px px;
    overflow: hidden; /* important */
    font-family:LucidaGrande, Lucida Sans, Arial;
    font-size:10px;
    text-align: justify;
    color: ##000000;
    margin: 135px 0px 0px 1130px;
    position: absolute;



}

</style>

</head>

<body>

<div class="container">
<div id="header">
</div>
<div id="loginContainer">
<div id="login_user">
<div class="roundedCornerMinimalDark">
<form id="user_new" class="user_new" method="post"  accept-charset="UTF-8">
                    <div class="span-10">
                        <p class="span-10">
                        <label>User Name:</label>
                            <br/><br/>
                            <input id="user_name" class="span-10" type="text" value="" size="30" name="user_name" autocomplete="off">
                            <br>


                            <label>Password:</label>                       
                            <br />
                            <br/>
                            <input id="password" class="span-10" type="password" size="30" name="password" autocomplete="off">
                            <br/><br/>

                            <input id="submit" type="image" src="images/button-sign-in-submit.png" alt="Sign In">
                            <input type="hidden" name="submit" value="1">

                        </p>
                    </div>
        </form>

      </div>

</div>
</div>

</div>
<div id="footer">
<div id="copy">
&copy; Copyright APDCL  &reg; 2012. All rights reserved.
</div>
</div>
</div>



</body>
</html>

Edited by Dani: Formatting

4
Contributors
7
Replies
8
Views
5 Years
Discussion Span
Last Post by diafol
0

No one can help you because you didn't format your post correctly. I fixed your code for you this time. From now on, please use the Code button when formatting code so that it is readable.

Edited by Dani

0

Posting a lump of code isn't going to help much either. What's the problem?

BTW - you don't need all those queries - one will do.
Also, next time don't bother posting all the CSS - pointless.

0

To start:

<?php
session_start();
$query = mysql_query("SELECT * FROM tbl_login WHERE user_name='$user_name' and password='$password'");
$rows = mysql_num_rows($query);

  while ($login_info = mysql_fetch_array($query)) {
   $user_level = $login_info['user_level'];
  }

  if ($rows < 1) {
   echo "Incorrect login credentials";
  }else{
   $_SESSION['user_name'] = $user_name;
   $_SESSION['password'] = $password;
   $_SESSION['user_level'] = $user_level;

   WHATEVER YOU WANT DONE AFTER SUCCESSFUL LOGIN.
  }



?>

You need only one query. Granted you can write more if/ifelse/else conditional statements to make it more clear to the user whether it was a wrong username (if username is not found), incorrect password for that user name or both. But I'm not going that far with this.

I wouldn't like to use if->empty statements. I go with mysql_num_rows to count the number of rows returned and if it returns more than one (and should probably be ONLY one) matching row.

You may not want to store the password in the SESSION but I am doing so here anyway. But then any other page that you want to see if they are logged in for access is writing a function that checks to see if that person has a session user_name variable which would mean that they have successfully logged in and should be able to view that page also. Just call that function at the top of any page where you want logged-in state to be checked.

One security problem is that you shouldn't store unhashed/unencrypted passwords in the database for correct comparison. You should use an ecryption hash to use at least md5 (using a SALT is up to you).

Then your original query should only search for rows with that specific username and then pull in the encrypted password in the WHILE where we are also collecting that member's user level. Then do another if/else statement... you encrypt the password using the same hash that was used on the password in the database and then you check that the newly encrypted submitted password matches what is in the password field for the matching row.

0

sorry for bothering you all but i m new in php and m still a student so please mercy all my faults... n thanks alot all of you..let me try this now...

0

@utpal - you need to be more specific with your feedback. Just saying that something doesn't work isn't enough. Which bit of the code is falling down? Place some echo lines here and there to watch the variable values - that should help you resolve matters.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.