designerguy

Actually i got problem with the login now by adding that. I will check and post back.

I did add that but still dont work It's not supposed to... It was for debugging purposes, does the echo print out the number '1'? no it does not. However I solved the problem by adding this: if($_SESSION['user_type']=$row['user_type'] == 1) { header("Location: user-edit.php"); } else if ($_SESSION['user_type']=$row['user_type'] != 1){ header("Location: members.php"); } Thanks a lot for the help.

I did add that but still dont work

That means it's failing here: if($_SESSIONS['user_type'] == "1") { Have you echoed the session, specifically 'user_type', to ensure that it's 1, or even being set? No I have not. The code that I provided earlier is what I have. How would I do that please?

I did change that SESSIONS to SESSION. How come I did not notice it. That is why being newbie sucks . However it does not work. when I login as admin it redirects me to the member area rather than control panel. In regards to cookies I am not sure if that is the secure way to check for admin or not. and yes I do have session start in my db.inc.php

I have four different user_types : these are in the user_types table: with the type_name and type_id fields admin is 1 guest is 2 author is 3 user is 4 and I have another tables called users which contain all the fields such as user_type, first_name etc. here it is the php code on the top of my page: <?php error_reporting(6143); require_once("includes/db.inc.php"); //include the file that connects to the database if( isset($_POST['btnSubmit']) ){ //the user has clicked the submit button $un = trim($_POST['username']); //our username field in the html form $pw = trim($_POST['pwd']); //out pwd field in the html form $key = "1234"; $strSQL = "SELECT user_id, user_name, user_type FROM users WHERE user_name='$un' AND '$pw' = AES_DECRYPT(pwd_b, '$key') "; //OR to use the MD5 column $strSQLMD5 = "SELECT user_id, user_name, user_type FROM users WHERE user_name='$un' AND pwd = MD5('$pw') "; $rs = mysql_query($strSQL, $oConn); if( $rs && mysql_num_rows($rs) == 1 ){ //if the code gets to this point it means that the username and password matched //we could get all the information we need about the user from the database... $row = mysql_fetch_assoc($rs); if($_SESSIONS['user_type'] == "1") { header("Location: user-edit.php"); } else if ($_SESSIONS['user_type'] !== "1"){ $_SESSION['user_id'] = $row['user_id']; $_SESSION['user_name'] = $row['user_name']; $_SESSION['user_type'] = $row['user_type']; header("Location: members/members.php"); $feedback = "Successful login."; }else{ $errMsg = "Invalid Login"; } } } ?> that doesnot seem to work

Yeah I know, but it's impossible to tell when the OP doesn't provide any helpful information. sorry. yes there are different Admins. I am going to check your code to see if that works.

Hi there, I have a login page which I would like to add a control panel to this page so if the user is admin and logs in then I would like to show the control panel if not then I would like the user to be redirected to the members area. How would I check to see if the user is admin or not. Thanks

ok thanks a lot for your help. I will try that later. For now I am fine with what I have. I am going to ask a php question in php forum shortly though. Would greatly appreciate your comments. thanks again

no errors. validation does not work if I add the die('Duplicate email.<br /><a href="#" onclick="history.go(-1);">Back</a>'); and it takes me to a page with a text "Duplicate email" and a back link . clicking on the back link will take me to the reg page but no entry in there.

that does not work. Actually I was not using die I just set my flag to false before. Now what I have is this: $sql = mysql_query("SELECT * FROM users WHERE (first_name='$fname' AND last_name='$lname') OR email='$email' "); if(mysql_num_rows($sql) > 0) { $errMsg .=" User exists, please enter other information." ; $valid = false; die('Duplicate email.<br /><a href="#" onclick="history.go(-1);">Back</a>');

ok that worked thanks. I just have one more question and I hope it will be o.k to ask in here. How would I store the user information temporarily in the form? say if the user name exists however the email does not exists I would like to let the information be in the form so the user does not have to enter them again other than the one that he should.

Thanks for replying. I understand that you are checking for the number of rows. However shouldn't that be 1 instead of 0 in your code. And what is wrong with my code anyways? I am checking the first_name , last_name and email fileds and if there is a match then it should prevent the user from adding information to the database.

Hi there, I am working on a community site as an assignment. here it is all the code that I have: <?php require_once("includes/db.inc.php"); //create a user account if(isset($_POST['btnRegister'])){ $fname = mysql_real_escape_string(trim($_POST['firstname'])); $lname = mysql_real_escape_string(trim($_POST['lastname'])); $email = mysql_real_escape_string(trim($_POST['email'])); $pass = mysql_real_escape_string(trim($_POST['pass'])); $pass2 = mysql_real_escape_string(trim($_POST['pass2'])); $hint = mysql_real_escape_string(trim($_POST['hint'])); $type = 2; $key = '1234'; //do some validation... $valid = true; $errMsg =""; //function valid(){ if (empty($fname)){ $errMsg .=" You must enter a valid name"; $valid = false; } if(ereg('[^A-Za-z]', $fname)){ //Only lower or upper case letters allowed. $errMsg .="( Please use only alphabets a to z as first name )<br />"; $valid = false; //setting the flag to false. } if (empty($lname)){ $errMsg .=" You must enter a valid last name"; $valid = false; } if(ereg('[^A-Za-z]', $lname)){ //Only lower or upper case letters allowed. $errMsg .="( Please use only alphabets a to z as last name )<br />"; $valid = false; //setting the flag to false. } if (empty($pass)){ $errMsg .=" You must enter a password"; $valid = false; } if (empty($pass2)){ $errMsg .=" You must enter a password"; $valid = false; } if ($pass <> $pass2){ $errMsg .=" Passwords do not match"; $valid = false; } if (empty($email)){ $errMsg .=" You must enter an email"; $valid = false; } if (!eregi("^([0-9a-zA-Z]+[-._+&])*[0-9a-zA-Z]+@([0-9a-zA-Z]+[.])+[a-zA-Z]{2,6}$", $email)){ $errMsg .="Invalid email"; $valid = false; } //else { // some code will go here to check the database for existing name, last name and email // if there is a match then user will be notified that there is a first and last name or email already in the database and he needs to use another. If there is no match then we will get the data and enter in to the users table. if($valid){ $strSQL ="SELECT first_name, last_name, email FROM users"; $userRS = mysql_query($strSQL, $oConn); $row = mysql_fetch_assoc($userRS); if((strtolower($row['first_name'])==strtolower($fname) && strtolower($row['last_name'])==strtolower($lname)) || strtolower($row['email'])==strtolower($email)) { $errMsg .=" User exists, please enter other information." ; $valid = false; } else { $strSQL = "INSERT INTO users(first_name, last_name, email, user_type, pwd_b, pwd_hint) VALUES('$fname', '$lname', '$email', $type, AES_ENCRYPT('$pass', '$key'), '$hint')"; $ret = mysql_query($strSQL, $oConn); if($ret){ //actually send a confirmation email... $feedback = "Your confirmation e-mail has been sent. Please use the e-mail to activate your account."; }else{ $errMsg = " " . mysql_error(); } } } }// for if(isset($_POST['btnRegister'])) ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>PHP Forum Registration</title> <?php include("includes/styles.inc.php"); include("includes/scripts.inc.php"); ?> </head> <body> <div id="wrapper"> <div id="masthead"> <?php include("includes/masthead.inc.php"); ?> </div> <div id="main" class="clearfix"> <div id="content"> <h2>Create an Account</h2> <?php if(isset($feedback) && !empty($feedback)){ echo '<p class="info">' . $feedback . '</p>'; } if(isset($errMsg) && !empty($errMsg)){ echo '<p class="error">' . $errMsg . '</p>'; } ?> <form name="registerForm" id="registerForm" action="<?=$_SERVER['PHP_SELF']?>" method="post"> <fieldset> <legend>Forum Registration</legend> <div class="formBox"> <label for="firstname">First Name</label> <input type="text" name="firstname" id="firstname" value="" class="wide" maxlength="40" /> </div> <div class="formBox"> <label for="lastname">Last Name</label> <input type="text" name="lastname" id="lastname" value="" class="wide" maxlength="40" /> </div> <div class="formBox"> <label for="email">E-mail</label> <input type="text" name="email" id="email" value="" class="xtrawide" maxlength="80" /> </div> <div class="formBox"> <label for="pass">Password</label> <input type="password" name="pass" id="pass" value="" class="mid" maxlength="20" /> </div> <div class="formBox"> <label for="pass2">Re-Type Password</label> <input type="password" name="pass2" id="pass2" value="" class="mid" maxlength="20" /> </div> <div class="formBox"> <label for="hint">Password Hint</label> <input type="text" name="hint" id="hint" value="" class="wide" maxlength="120" /> </div> <div class="formBox buttons"> <input type="submit" name="btnRegister" id="btnRegister" value="Sign Up" class="btn" /> </div> </fieldset> </form> </div> </div> <div id="footer"> <?php include("includes/footer.inc.php"); ?> </div> </div> </body> </html> The problem is that it will add the user even if the users exists in the database. I am a newbie so please provide some more details. Thanks in advance.

Thanks a lot for your replies. My teacher is asking us to provide the features so I would like to have it as simple as I can. Is there any online tutorial in regards to writing a forum or bulletin board with php,mysql and XML?