Member Avatar for mdemetri2

Hi

I have some script that I have used for sometime so understand it is out of date code, but it works. I want to amend it so that it also checks a field user_type and on successful login directs each to a differnt page. The code at the moment takes username and password from a login page, checks it (code below) and either takes user to a main page if correct or tells them username or password is wrong.

<?php require_once('Connections/Connection1.php'); ?>

<?php
$tbl_name="users"; // Table name 



// Connect to server and select databse.
//mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
//mysql_select_db("$db_name")or die("cannot select DB");
mysql_select_db($database_Connection1, $Connection1);

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=md5($_POST['mypassword']); 




// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE userid='$myusername' and 

password='$mypassword'";
$result=mysql_query($sql);


// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:main.php?myusername=".$myusername);
}
else {
header("location:login_failed.php");
//echo "Wrong Username or Password";
}
?>

Any help would be very much appreciated!

Recommended Answers

All 11 Replies

On line 38 you'll need something like this, assuming user_type is an integer column in your table:

$row = mysql_fetch_assoc($result);
switch ($row['user_type'])
{
    case 1: header(); break;
    case 2: header(); break;
    // etcetera
}

session_register deprecated as of php5.3.0 and removed as of php 5.4.0.
use:
$_SESSION

also if you pass the userename by $_SESSION wha also pass it in the url?

If I got your question right; then you will have to do this;

if($count==1 && $row['user_type'] ==1)
{
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:main.php?myusername=".$myusername);
}
else {
header("location:login_failed.php");
//echo "Wrong Username or Password";
}
Member Avatar for mdemetri2

Thanks for the reply pritaeas, I will try that.

pzuurveen - I pass username in url becuase I use it in the successfull login page i.e. to say 'welcome name', I had tried to use $_SESSION variable but it didnt seem to work, not sure why, I probably had the syntax wrong.

Member Avatar for mdemetri2

Ok, so gave that a go, here is my code:

<?php require_once('Connections/Connection1.php'); ?>

<?php
$tbl_name="users"; // Table name 

// Connect to server and select databse.
//mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
//mysql_select_db("$db_name")or die("cannot select DB");
mysql_select_db($database_Connection1, $Connection1);

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=md5($_POST['mypassword']); 



// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE userid='$myusername' and 

password='$mypassword'";
$result=mysql_query($sql);


// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){

$row = mysql_fetch_assoc($result);

switch ($row['usertype'])
{
        case abc: header("location:adc.php"); break;
        case cde: header("location:cde.php"); break;
 }

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:main.php?myusername=".$myusername);
}
else {
header("location:login_failed.php");
//echo "Wrong Username or Password";
}
?>

but it isnt making any difference, still ending up at main.php on successful login.

In order for $_SESSION to work, you will have to do something like;

$_SESSION['myusername'] = $row['username'];
$_SESSION['user_type'] = $row['user_type'];

That should do the trick.

Member Avatar for mdemetri2

Ok, webville312, your code does work, as I am now logging in and as I am not in the usertype I specified it is just taking me to the login_failed page. How do I amend your code to include for more than one instance of user type?

if($count==1 && $row['usertpe'] ==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:main.php?username=".$myusername);
}
else {
header("location:login_failed.php");
//echo "Wrong Username or Password";
}
?>
Member Avatar for mdemetri2

in fact it's not working at all.....hmmm, I assumed it was the first time round as I got the failed login, but its just not verifying me......any ideas?

Member Avatar for diafol
if($count==1 && $row['usertpe'] ==1){

typo on 'usertpe' ?

Member Avatar for mdemetri2

Hi, I tried updating the silly typo but it still doesnt work, it logs me in regardless. Anyone have any more ideas with what might be wrong? Also, ideally it needs more else conditions to cater for more than one user type. Confused lol.

And what error are you getting this tym?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.