0

Hey iam new in php code and i tried to created login which has two type of user(Normaluser and Amdminuser)
but i tried to create query where i want when normal user has loged in, to be able to fetch specified data from database
just normal user so please need your help

Here is my code

<?php 

            $action=isset($_POST['login']);
            if($action == 'login')
            {


                $Uname = mysql_prep($_POST['Uname']);
                $Password = mysql_prep($_POST['Pass']);

                $query = mysql_query("SELECT u.userId,u.Uname,u.Passoword,
                r.roleId,r.rolename FROM users u, role r,
                previlage p WHERE u.Uname='$Uname' AND u.Password='$Password' 
                AND p.roleId = r.roleId AND u.userId=p.userId")
                 or die("System fails to look for user data!");

                list($userId,$Uname,$Password,$roleId,$rolename)=mysql_fetch_array($query);

                    if(mysql_num_rows($query) == 0){
                echo"<table border='0' width='500' height='50px'align='center'  ><tr>
                <td align='center' style='background:; color:#F00; fontsize:20px'>
            <b> Sorry Password or Username is incorrent or not exist in this system 
                Please contact our Administration for any <br>Informantion about the system 
                </br>Email:rashidabeid@yahoo.com</br>Phone +255777415640
                </br> Thanks!!

                </td></tr></table>";

        }       
        else{

            if($rolename == "Administrator")
            {
            $_SESSION['roleId'] = $roleId;
            $_SESSION['rolename'] = $rolename;
            $_SESSION['userId'] = $userId;
            $_SESSION['Uname'] = $Uname;
            $_SESSION['Password'] = $Password;
            header('Location:userlogin.php');
            exit;

            }


            if($rolename == "Normaluser"){
            $_SESSION['roleId'] = $roleId;
            $_SESSION['rolename'] = $rolename;
            $_SESSION['userId'] = $userId;
            $_SESSION['Uname'] = $Uname;
            $_SESSION['Password'] = $Password;

             $sql = mysql_query("
             select* FROM vaccine 
             WHERE ='$PassportNo'
              and CodeNo='$CodeNo'
               ");
               $result=mysql_query( $sql);
                    while ($row = mysql_fetch_array($result)) {
                        echo 'SerialNo: '.$row['SerialNo'];
                    echo '<br/> Country: '.$row['Country'];
                    echo '<br/> Station: '.$row['Station'];
                    echo '<br/> CodeNo: '.$row['CodeNo'];
                    echo '<br/> Phone: '.$row['PhoneNo'];
                    echo '<br/><br/>';
                    }

            exit;
            }

            }
            }




?>
2
Contributors
1
Reply
19
Views
4 Years
Discussion Span
Last Post by minitauros
0

$action = isset($_POST['login']);
What you are doing here is checking if $_POST['login'] has been set. If it has, the value of $action will be true; if it hasn't, it will be false. Therefore, the if() statement a couple of lines ahead will not work as you probably want it to work.

if($action == 'login')
$action will be either true or false, so the statement above will never be triggered in your current script.

I would therefore suggest changing your $action = isset($_POST['login']); line to $action = isset($_POST['login']) ? $_POST['login'] : false;. What this does is an inline if/else check. It says: if(isset($_POST['login']) { return $_POST['login']; } else { return false; }. That means that now $action will either be the value of $_POST['login']; or false.

Secondly, your query can be optimized by using JOINs.

For example, the folling query

$query = "SELECT u.userId,
            u.Uname,
            u.Passoword,
            r.roleId,
            r.rolename
        FROM users u,
            role r,
            previlage p
        WHERE u.Uname='$Uname' 
            AND u.Password= '$Password'
            AND p.roleId = r.roleId 
            AND u.userId= p.userId";

could probably be optimized by adding JOINs, like this:

$query = 'SELECT u.userId,
            u.Uname,
            u.Passoword,
            r.roleId,
            r.rolename
        FROM users u
        JOIN roles r ON u.userId = r.userId
        WHERE u.Uname = "' . $Uname . '"
            AND u.Password = "' . $Password . '"';

I've removed the table previlage from your query, as you were not selecting anything from it, and I've added a JOIN. This means that the table roles will also be queried. There MUST be a match in the roles table in order for the query to return any results. If you don't care if there is a match or not, you should use LEFT JOIN or RIGHT JOIN instead of just JOIN (more about this in the tutorial I linked to).

Now, I don't know where you enable the user to fetch custom data from your database after he logs in, because I don't see any HTML input fields or anything that a user can use to do this. Am I missing something?

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.