Hi there. I am actulally working on a login verification process in php. this like my first try i.e i am new on the php code. Ithink i did everything good, but each time i try to run my code by entering real data on the table of my data base, I got a undifined Privilege variable. I sent the code in here so you can give me some help please. the comments on the code are in french, sorry, too much lazy to change them. but I hope you get the logic of the code without the comments.
<?php Session_start();
// Start a session on verify page after the verification process
?>
<?php
// define variables and set empty values
$nameErr= $emailErr = $passwordErr = "" ;
$name = $email = $password ="";
$privilege = "";
$safename="";
#definition de la function
function test_input($data)
{
$data = trim($data);
$data = stripcslashes($data);
$data = strip_tags($data);
return $data;
}
#PROCESSUS DE VERIFICATION
if ($_SERVER["REQUEST_METHOD"]=="POST")# this means if the form has been submited.
{ $safename= strip_tags($_POST["Username"]);// On rend inoffensives les balises HTML que le visiteur a pu rentrer
if (filter_var($safename, FILTER_VALIDATE_EMAIL)) {$safename = $email ;}
else {$safename = $name ; }# on ferme apres pour eviter confusion
if (empty($_POST["Username"])) { $nameErr="Name is required";} else
{ $name = test_input($_POST["Username"]); // on évite les carateres non alfanumériques et les espaces blancs
if (!preg_match("/^[a-zA-Z0-9]*$/", $name)) { $nameErr="only letters and white space allowed"; }}
if (empty($_POST["Password"])) { $passwordErr="Password is required";} else
{ $password = test_input($_POST["Password"]);}
if ($name != null and preg_match("/^[a-zA-Z0-9]*$/", $name) and $password != null or
$email !=null and filter_var($email,FILTER_VALIDATE_EMAIL) and $password != null )
{ #ici on va crypter le mot de passe
# $password= Encrypter::encrypt($password);
$username="root";
$password_bdd="";
// On se connecte à MySQL
try
{
$bdd = new PDO('mysql:host=localhost;dbname=espacio_estudiantil;charset=utf8',
$username, $password_bdd, array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
}
catch (Exception $e)
// En cas d'erreur, on affiche un message et on arrête tout
{
die('Erreur : ' . $e->getMessage());
}
$req = $bdd->prepare('SELECT * FROM users_list WHERE Email = :Email and
Username = :Username and Password = :Password');
$req->execute(array(
'Email' => $email,
'Password' => $password,
'Username' => $name));
/* On affiche chaque entrée provenant de la variable $req une a une
dans la nouvelle variable $données sous forme d'array pour la rendre plus lisible*/
while ($donnees = $req ->fetch())
{/*there we create a $Privilege variable with the array $donnees["Privilege"] from the table.[color=#878a85]*/[/size][/color]
$Privilege= $donnees["Privilege"];
$Username= $donnees["Username"];
}
$req->closeCursor(); // Termine le traitement de la requête
//we verify if the person is admin
if ($Privilege=="ADMIN")
{
// we create a session for the administrator
$_SESSION["Usertype"] = "ADMIN";
$_SESSION["Username"] = $Username;
// on rediriger le visiteur vers la page administrateur
header('Location:adminpage.php');
}
elseif($Privilege=="USER") // if the person is a user
{
// we create a session for the User
$_SESSION["Usertype"] = "USER";
$_SESSION["Username"] = $Username ;
// on rediriger le visiteur vers la page homepage
header('Location:homepage.php');
}
}
}
?>
<!DOCTYPE html>
<html >
<head>
<meta charset="UTF-8">
<title>Esquina Estudiantil Form</title>
<link rel="stylesheet" href="css-files/login-Style.css">
</head>
<body>
<!--<div class="esquina-estudiantil">
<div class="box_text">
<h1><span class="text"> Esquina Estudiantil</span></h1>
</div>
</div>-->
<div class="login-page">
<div class="form">
<form class="login-form" method="POST" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<label for="Username"></label>
<input type="text" id="Username" name="Username" placeholder="Usuario" class="login-input" autocomplete="on"/>
<span class="error"><?php echo $nameErr;?></span>
<label for="Password"></label>
<input type="password" placeholder="Contraseña" id="Password" name="Password" class="login-input" autofocus="ON" />
<span class="error"><?php echo $passwordErr;?></span>
<button type="submit" name="Privilege" value="USER" class="login-btn">ENTRAR</button>
<p class="message">Que Esperas! <a href="register.php"><em>Hazte miembro</em></a></p>
</form>
</div>
</div>
<!--<script src='[url=http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js]http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js[/url]'></script>-->
<script src="js/index.js"></script>
</body>
</html>