0

Hi

I have some script that I have used for sometime so understand it is out of date code, but it works. I want to amend it so that it also checks a field user_type and on successful login directs each to a differnt page. The code at the moment takes username and password from a login page, checks it (code below) and either takes user to a main page if correct or tells them username or password is wrong.

<?php require_once('Connections/Connection1.php'); ?>

<?php
$tbl_name="users"; // Table name 



// Connect to server and select databse.
//mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
//mysql_select_db("$db_name")or die("cannot select DB");
mysql_select_db($database_Connection1, $Connection1);

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=md5($_POST['mypassword']); 




// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE userid='$myusername' and 

password='$mypassword'";
$result=mysql_query($sql);


// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:main.php?myusername=".$myusername);
}
else {
header("location:login_failed.php");
//echo "Wrong Username or Password";
}
?>

Any help would be very much appreciated!

5
Contributors
11
Replies
55
Views
4 Years
Discussion Span
Last Post by Webville312
Featured Replies
  • 1

    On line 38 you'll need something like this, assuming `user_type` is an integer column in your table: $row = mysql_fetch_assoc($result); switch ($row['user_type']) { case 1: header(); break; case 2: header(); break; // etcetera } Read More

1

On line 38 you'll need something like this, assuming user_type is an integer column in your table:

$row = mysql_fetch_assoc($result);
switch ($row['user_type'])
{
    case 1: header(); break;
    case 2: header(); break;
    // etcetera
}
0

session_register deprecated as of php5.3.0 and removed as of php 5.4.0.
use:
$_SESSION

also if you pass the userename by $_SESSION wha also pass it in the url?

0

If I got your question right; then you will have to do this;

if($count==1 && $row['user_type'] ==1)
{
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:main.php?myusername=".$myusername);
}
else {
header("location:login_failed.php");
//echo "Wrong Username or Password";
}
0

Thanks for the reply pritaeas, I will try that.

pzuurveen - I pass username in url becuase I use it in the successfull login page i.e. to say 'welcome name', I had tried to use $_SESSION variable but it didnt seem to work, not sure why, I probably had the syntax wrong.

0

Ok, so gave that a go, here is my code:

<?php require_once('Connections/Connection1.php'); ?>

<?php
$tbl_name="users"; // Table name 

// Connect to server and select databse.
//mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
//mysql_select_db("$db_name")or die("cannot select DB");
mysql_select_db($database_Connection1, $Connection1);

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=md5($_POST['mypassword']); 



// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE userid='$myusername' and 

password='$mypassword'";
$result=mysql_query($sql);


// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){

$row = mysql_fetch_assoc($result);

switch ($row['usertype'])
{
        case abc: header("location:adc.php"); break;
        case cde: header("location:cde.php"); break;
 }

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:main.php?myusername=".$myusername);
}
else {
header("location:login_failed.php");
//echo "Wrong Username or Password";
}
?>

but it isnt making any difference, still ending up at main.php on successful login.

0

In order for $_SESSION to work, you will have to do something like;

$_SESSION['myusername'] = $row['username'];
$_SESSION['user_type'] = $row['user_type'];

That should do the trick.

Edited by Webville312

0

Ok, webville312, your code does work, as I am now logging in and as I am not in the usertype I specified it is just taking me to the login_failed page. How do I amend your code to include for more than one instance of user type?

if($count==1 && $row['usertpe'] ==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:main.php?username=".$myusername);
}
else {
header("location:login_failed.php");
//echo "Wrong Username or Password";
}
?>
0

in fact it's not working at all.....hmmm, I assumed it was the first time round as I got the failed login, but its just not verifying me......any ideas?

0

Hi, I tried updating the silly typo but it still doesnt work, it logs me in regardless. Anyone have any more ideas with what might be wrong? Also, ideally it needs more else conditions to cater for more than one user type. Confused lol.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.