Having touble redirecting users after login

[samsfriend]

After setting up member access pages, I have came to the conclusion this is not what I was wanting. I have exhusted google looking for a simple soultion.

All I want to do is when a person logs in, they are redirected to there persnal pages based off the login info. I need it to pull from the userlevel in the database and direct them to there allowed pages. I just can't figure it out.

If I login in as sample I want to go to sample pages. If I login as sample 2 go to sample 2 pages. There has to be a simple way to modifie this to work.

 

Database:

member_id int(11) UNSIGNED No auto_increment

firstname varchar(100) Yes NULL

lastname varchar(100) Yes NULL

email varchar(100) Yes NULL

login varchar(100) No

passwd varchar(32) No

 

login-exec:

?php 
    //Start session 
    session_start(); 
     
    //Connect to mysql server 
    $link=mysql_connect("database","databaseusername","databasepassword"); 
    if(!$link) { 
        die('Failed to connect to server: ' . mysql_error()); 
    } 
    //Select database 
    $db=mysql_select_db("database"); 
    if(!$db) { 
        die("Unable to select databaseusername"); 
    } 

    //Sanitize the value received from login field 
    //to prevent SQL Injection 
    if(!get_magic_quotes_gpc()) { 
        $login=mysql_real_escape_string($_POST['login']); 
    }else { 
        $login=$_POST['login']; 
    } 

    //Create query 
    $qry="SELECT member_id FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'"; 
    $result=mysql_query($qry); 
    //Check whether the query was successful or not 
    if($result) { 
        if(mysql_num_rows($result)>0) { 
            //Login Successful 
            session_regenerate_id(); 
            $member=mysql_fetch_assoc($result); 
            $_SESSION['SESS_MEMBER_ID']=$member['member_id']; 
            session_write_close(); 
            header("location: /web/index.php"); 
            exit(); 
        }else { 
            //Login failed 
            header("location: log_in_failed.html"); 
            exit(); 
        } 
    }else { 
        die("Query failed"); 
    } 
?>  

 

Tell me there is a simple way to do this that just redirects a person based of of the info in the database.

[MatthewJ]

well... You are connecting to the db to check their credentials, just pull out the access level field and compare it to what was submitted. Then use header() to redirect them based on that check. Something like

 

<?php

if($row['accesslevel'] == "level 1") {

  header("Location: whateverpage.php");

?>

 

Or am I missing something?

[samsfriend]

like this?

//Create query 
    $qry="SELECT member_id FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'"; 
    $result=mysql_query($qry); 
    //Check whether the query was successful or not 
    if($result) { 
        if(mysql_num_rows($result)>0) { 
            //Login Successful 
            session_regenerate_id(); 
            $member=mysql_fetch_assoc($result); 
            $_SESSION['SESS_MEMBER_ID']=$member['member_id']; 
            session_write_close(); 
            if($row['accesslevel'] == "level 1") {
            header("Location: whateverpage.php");
         if($row['accesslevel'] == "level 2") {
            header("Location: whateverpage3.php");
            exit(); 
        }else { 
            //Login failed 
            header("location: log_in_failed.html"); 
            exit(); 
        } 
    }else { 
        die("Query failed"); 
    } 
?>  

 

And then this to the database:

Database:

member_id int(11) UNSIGNED No auto_increment

firstname varchar(100) Yes NULL

lastname varchar(100) Yes NULL

email varchar(100) Yes NULL

login varchar(100) No

passwd varchar(32) No

accesslevel int(11) UNSIGNED No

 

 

Or am I way off?

[MatthewJ]

Yup, looks good to me. Obviously with your own page names etc.

[samsfriend]

I get this now:

Parse error: syntax error, unexpected $end in /homepages/27/d230656710/htdocs/vip/html/login-exec.php on line 49

What does that mean?

[BlueSkyIS]

it usually means you are missing a closing right curly bracket from an IF or FOR loop

[kratsg]

Try this, you missed some near the middle of the code...

 

//Create query 
    $qry="SELECT member_id FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'"; 
    $result=mysql_query($qry); 
    //Check whether the query was successful or not 
    if($result) { 
        if(mysql_num_rows($result)>0) { 
            //Login Successful 
            session_regenerate_id(); 
            $member=mysql_fetch_assoc($result); 
            $_SESSION['SESS_MEMBER_ID']=$member['member_id']; 
            session_write_close(); 
            if($row['accesslevel'] == "level 1") {
            header("Location: whateverpage.php");
            }elseif($row['accesslevel'] == "level 2") {
            header("Location: whateverpage3.php");
            exit(); 
        }else { 
            //Login failed 
            header("location: log_in_failed.html"); 
            exit(); 
        } 
    }else { 
        die("Query failed"); 
    } 
?>

 

Basically, I used an if/elseif/else in order to fix up that coding. It should work just fine.

[samsfriend]

HMMM not sure what I am still doing wrong?

I still get this:

Parse error: syntax error, unexpected $end in /homepages/27/d230656710/htdocs/vip/html/login-exec.php on line 49

I added the changes, I guess I will go back and relook at everything and make sure I didn't do something silly.

[kratsg]

Whoops, I forgot the bottom one. It was right, I just got messed up cause the indentation is bad (indent your code better like so):

 

<?php
//Create query 
$qry="SELECT member_id FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'"; 
$result=mysql_query($qry); 

//Check whether the query was successful or not 
if($result) { 
if(mysql_num_rows($result)>0) { 
	//Login Successful 
	session_regenerate_id(); 
	$member=mysql_fetch_assoc($result); 
	$_SESSION['SESS_MEMBER_ID']=$member['member_id']; 
	session_write_close(); 
	if($row['accesslevel'] == "level 1") {
		header("Location: whateverpage.php");
	}elseif($row['accesslevel'] == "level 2") {
		header("Location: whateverpage3.php");
		exit(); 
	}else { 
		//Login failed 
		header("location: log_in_failed.html"); 
		exit(); 
	} 
}else { 
	die("Query failed"); 
} 
}
?>

[samsfriend]

Now it's giveing me this:

Failed to connect to server: Access denied for user: 'db254897190@74.208.16.102' (Using password: YES)

 

Geez, I am feeling like I have no idea how to code. :'(

 

So here it is did I mess it up?

 

<?php
//Start session
session_start();

//Connect to mysql server
$link=mysql_connect("db.perfora.net","db","pwd");
if(!$link) {
	die('Failed to connect to server: ' . mysql_error());
}
//Select database
$db=mysql_select_db("db");
if(!$db) {
	die("Unable to select database");
}

//Sanitize the value received from login field
//to prevent SQL Injection
if(!get_magic_quotes_gpc()) {
	$login=mysql_real_escape_string($_POST['login']);
}else {
	$login=$_POST['login'];
}

//Create query 
$qry="SELECT member_id FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'"; 
$result=mysql_query($qry); 

//Check whether the query was successful or not 
if($result) { 
if(mysql_num_rows($result)>0) { 
	//Login Successful 
	session_regenerate_id(); 
	$member=mysql_fetch_assoc($result); 
	$_SESSION['SESS_MEMBER_ID']=$member['member_id']; 
	session_write_close(); 
	if($row['accesslevel'] == "level 1") {
		header("Location: samplepages/");
	}elseif($row['accesslevel'] == "level 2") {
		header("Location: sample.php");
		exit(); 
	}else { 
		//Login failed 
		header("location: log_in_failed.html"); 
		exit(); 
	} 
}else { 
	die("Query failed"); 
} 
}
?>

[dezkit]

Your password to the database is wrong.

[samsfriend]

But it's not. I doubled checked and it's all correct

[BlueSkyIS]

is the database configured to allow access from outside the server to that user? allowing access from ON the server vs. from OUTSIDE the server are 2 different things.