Letterbomb05

Yes thanks, could you give some advice on how to start different sessions for different ranks?

Nevermind, got that bit working, but still need some suggestions for how to create multiple sessions depending on the rank, all suggestions are appreciated!

Edited the post to specify the problem

cause I'm not giving my db info to everyone

Hey there, After fixing up my Login Script, I *HAD* got it working ok, although I have an error somewhere, and I'm not sure where, I hope someone here can help me fix it. I've had too many errors this week >_>. here are my 2 files, the problem is in 1 of them: MENU.PHP (included into the main page): <div class="indentmenu"> <ul> <li><a href="index.php">Home</a></li> <li><a href="info.php">Info</a></li> <li><a href="mypage.php">My Page</a></li> <li><a href="www.team-recoil.com/forums">Forums</a></li> <li><a href="registerpage.php">Register</a></li> </ul> <br style="clear: left" /> <?php if(isset($_SESSION['registered']) || isset($_SESSION['member']) || isset($_SESSION['moderator']) || isset($_SESSION['admin'])){ ?> <ul> <li>You are logged in</li> </ul> <?php }else{ ?> <!--login form appearing at top of page if user isn't logged in--> <form method="post" name="login" action="login.php"> <ul> <li id="loginform">Username: <input id="username" type="text" name="username" /> Password: <input id="password" type="password" name="password" /></li> <li> <input type="image" value="Submit" src="login.gif" height="18px" style="padding-top:2px;" /> </li> </ul> </form> <?php } ?> </div> Login.php: <?php //database info $dbhost = "localhost"; $dbname = ""; $dbuser = ""; $dbpass = ""; //connect to db mysql_connect($dbhost, $dbuser, $dbpass)or die("Could not connect:".mysql_error()); mysql_select_db($dbname)or die(mysql_error()); //make sure data was entered in the fields if($_POST['username']!='' && $_POST['password']!='') { //set field data vars $username = htmlentities(mysql_real_escape_string($_POST['username'])); $password = md5($_POST['password']); //query db $query = "SELECT userid, username, rank FROM users WHERE username='".$username."' AND password='".$password."'"; $result = mysql_query($query) or die(mysql_error()); //check to see if there is a db match, if so do the following if(mysql_num_rows($result) === 1) { //set different sessions for different ranks $row = mysql_fetch_assoc($result); if($row['rank'] == 1) { //set the session and redirect user $_SESSION['registered'] = TRUE; include('info.php'); }else{ //tell the user the account isn't activated if their rank is 0 echo "Your account is not activated"; } }else{ //tell the user that they have entered an invalid username or password if this be the case echo "Invalid username or password"; } }else{ //if they havn't entered anything in the login form, tell them echo "No username/password entered"; } //end script ?> I also need login.php to set a different session for each rank; 1 = $_SESSION['registered'] 2 = $_SESSION['member'] 3 = $_SESSION['moderator'] 4 = $_SESSION['admin'] Anyway, my main problem right now is that when I login, the menu just shows me the Login form, as if no session has been set, it was working earlier, I'm not sure what's gone wrong :S

ended up messing around with webhost a bit and rewriting the login file, still need to edit it for multiple ranks but for the moment, it works. Thanks to all who helped! Final Code: <?php //database info $dbhost = "localhost"; $dbname = ""; $dbuser = ""; $dbpass = ""; //connect to db mysql_connect($dbhost, $dbuser, $dbpass)or die("Could not connect:".mysql_error()); mysql_select_db($dbname)or die(mysql_error()); //make sure data was entered in the fields if($_POST['username']!='' && $_POST['password']!='') { //set field data vars $username = htmlentities(mysql_real_escape_string($_POST['username'])); $password = md5($_POST['password']); //query db $query = "SELECT userid, username, rank FROM users WHERE username='".$username."' AND password='".$password."'"; $result = mysql_query($query) or die(mysql_error()); //check to see if there is a db match, if so do the following if(mysql_num_rows($result) === 1) { //check the rank of the user is 1, if so set $_SESSION['registered'] $row = mysql_fetch_assoc($result); if($row['rank'] == 1) { //set the session and redirect user $_SESSION['registered'] = TRUE; include('info.php'); }else{ //tell the user the account isn't activated if their rank is 0 echo "Your account is not activated"; } }else{ //tell the user that they have entered an invalid username or password if this be the case echo "Invalid username or password"; } }else{ //if they havn't entered anything in the login form, tell them echo "No username/password entered"; } //end script ?>

Nope, doesn't work, and I also need sleep. Answer PM and I might talk to you soon, I'll see if maybe somebody can help me work something out tomorow. Thanks for your help.

<form method="post" name="login" action="login.php"> <ul> <li id="loginform">Username: <input id="username" type="text" name="username" /> Password: <input id="password" type="password" name="password" /></li> <li> <input type="image" value="Submit" src="login.gif" height="18px" style="padding-top:2px;" /> </li> </ul> </form> I myself don't see any errors there. encase you hadn't guessed, I'm not very experienced.

Yes

Don't know whats going on now...Same thing that was happening earlier :S

Uploaded, I try to login and just get a whitescreen. It's an advance from earlier though, I'll try replacing the header with an include.

Thanks very much! I'll check it out now.

Thanks for that, Blade280891. This makes me think there might be something going on with the query, because the script can't be getting through very far. As far as I'm aware the form itself is fine.

Thanks

What happens is, I type in the details, hit login and it pretty much just refreshed index.php and i see everything how index.php is suppost to look. www.Team-Recoil.com/newtemplate <-- register and try to login if you wish <?php error_reporting( E_ALL ); set_ini('display_errors','On'); session_start(); // database information $dbhost = "localhost"; $dbname = ""; $dbuser = ""; $dbpass = ""; // connect to database mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error()); mysql_select_db($dbname) or die(mysql_error()); // retrieve form input $username = htmlentities(mysql_real_escape_string($_POST['username'])); $password = (md5($_POST['password'])); // query the database $query = "SELECT * from users WHERE username='$username' and password='$password'"; $result = mysql_query($query) or die(mysql_error()); echo "query: $query"; $qAssoc = mysql_fetch_assoc($result); $rank = $qAssoc['rank']; if(mysql_num_rows($result) === 0 || $qAssoc['rank'] == 0){ include('incorrect.php'); }else{ if ( $rank == 1 ) { $_SESSION['registered'] = true; } if ( $rank == 2 ) { $_SESSION['member'] = true; } if ( $rank == 3 ) { $_SESSION['moderator'] = true; } if ( $rank == 4 ) { $_SESSION['admin'] = true; } header("Location: http://www.team-recoil.com/newtemplate/info.php"); } // end of script ?>

Still...Nothing. PHPzone, I don't expect you to, but would you be able to rewrite this script but with better bits and bobs? If you could it would be much appreciated.

Christ whats wrong with me today, will do that.

Still have absolutely nothing.

ugh, sorry, tiredness lol, I'll try that, one second.

PHPzone, where abouts should I put the snippet you gave me?

Where should I put that snippet?

Nope everything is pretty much in the same state it was earlier latest code: <?php session_start(); // database information $dbhost = ""; $dbname = ""; $dbuser = ""; $dbpass = ""; // connect to database mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error()); mysql_select_db($dbname) or die(mysql_error()); // retrieve form input $username = htmlentities(mysql_real_escape_string($_POST['username'])); $password = (md5($_POST['password'])); // query the database $query = "SELECT * from users WHERE username='$username' and password='$password'"; $result = mysql_query($query) or die(mysql_error()); echo "query: $query"; $qAssoc = mysql_fetch_assoc($result); $rank = $qAssoc['rank']; if(mysql_num_rows($result) === 0 || $qAssoc['rank'] == 0){ include('incorrect.php'); }else{ if ( $rank == 1 ) { $SESSION['registered'] = true; } if ( $rank == 2 ) { $SESSION['member'] = true; } if ( $rank == 3 ) { $SESSION['moderator'] = true; } if ( $rank == 4 ) { $SESSION['admin'] = true; } header("Location:http://www.team-recoil.com/newtemplate/info.php"); } // end of script ?>

1 second just noticed something

BlueSkyIS, I did what you said but nothing happened.