Jump to content

[SOLVED] Adding an if statement to my check login script

andrew_biggart

By andrew_biggart
in PHP Coding Help

 Share

Recommended Posts

andrew_biggart Regular Member

andrew_biggart

Posted
Posted

Im using the following code to check the username and password when ever i user logs in.

 

	<?php
	include("config_members.php");

	// username and password sent from form 
	$myusername=$_POST['myusername']; 
	$mypassword=$_POST['mypassword']; 

	// To protect MySQL injection (more detail about MySQL injection)
	$myusername = stripslashes($myusername);
	$mypassword = stripslashes($mypassword);
	$myusername = mysql_real_escape_string($myusername);
	$mypassword = mysql_real_escape_string($mypassword);

	$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
	$result=mysql_query($sql);
	$row = mysql_fetch_assoc($result);
	$userav = $row['Profile_picture'];

	// Mysql_num_row is counting table row
	$count=mysql_num_rows($result);
	// If result matched $myusername and $mypassword, table row must be 1 row

	if($count==1){
	// Register $myusername, $mypassword and redirect to file 
	session_register("myusername");
	session_register("mypassword"); 
	$_SESSION['myusername'] = $myusername;
	$_SESSION['myavatar'] = $userav;
      header("location:my_profile.php?username=$myusername");
	exit();
      }
      else {
      echo "<h1 class=login_status>Wrong Username or Password</h1>";
      }
   	?>

 

What i want to do is add an if statement to check if myusername is = to admin and if so goto adminprofile.php and then for the else statemtent i want it to redirect to myprofile.php for ll other users, how do i go about doing this? ive tried a few different if statements but im not the best at them so can someone peae point me in the right direction please?

Link to comment
Share on other sites
andrew_biggart Regular Member

andrew_biggart

Posted
  • Author
Posted

hear is one of the soutions i have tried but it just sends al users to the adminprofile.php instead of just the admin grrrrr.

 

	<?php
	include("config_members.php");

	// username and password sent from form 
	$myusername=$_POST['myusername']; 
	$mypassword=$_POST['mypassword']; 

	// To protect MySQL injection (more detail about MySQL injection)
	$myusername = stripslashes($myusername);
	$mypassword = stripslashes($mypassword);
	$myusername = mysql_real_escape_string($myusername);
	$mypassword = mysql_real_escape_string($mypassword);

	$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
	$result=mysql_query($sql);
	$row = mysql_fetch_assoc($result);
	$userav = $row['Profile_picture'];

	// Mysql_num_row is counting table row
	$count=mysql_num_rows($result);
	// If result matched $myusername and $mypassword, table row must be 1 row

	if($count==1 + $myusername=AdMiN){
	// Register $myusername, $mypassword and redirect to file 
	session_register("myusername");
	session_register("mypassword"); 
	$_SESSION['myusername'] = $myusername;
	$_SESSION['myavatar'] = $userav;
      header("location:admin_profile.php?username=$myusername");
	exit();
      }
	else if($count==1){
	// Register $myusername, $mypassword and redirect to file 
	session_register("myusername");
	session_register("mypassword"); 
	$_SESSION['myusername'] = $myusername;
	$_SESSION['myavatar'] = $userav;
      header("location:my_profile.php?username=$myusername");
	exit();
      }

      else {
      echo "<h1 class=login_status>Wrong Username or Password</h1>";
      }
   	?>

Link to comment
Share on other sites
redarrow Advanced Member

redarrow

Posted
Posted

try as a test page.

<?php

//database connection.


if(isset($_POST['submit'])){


$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
$row = mysql_fetch_assoc($result);


if($row['myusername']=="admin"){

	header("location: adminprofile.php");

}else{


	header("location: myprofile.php");
}

}

    ?>

Link to comment
Share on other sites
premiso Regular Member

premiso

Posted
Posted 
      <?php
      include("config_members.php");
      
      // username and password sent from form 
      $myusername=$_POST['myusername']; 
      $mypassword=$_POST['mypassword']; 
      
      // To protect MySQL injection (more detail about MySQL injection)
      $myusername = stripslashes($myusername);
      $mypassword = stripslashes($mypassword);
      $myusername = mysql_real_escape_string($myusername);
      $mypassword = mysql_real_escape_string($mypassword);
      
      $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
      $result=mysql_query($sql);
      $row = mysql_fetch_assoc($result);
      $userav = $row['Profile_picture'];
      
      // Mysql_num_row is counting table row
      $count=mysql_num_rows($result);
      
      // If result matched $myusername and $mypassword, table row must be 1 row
      if($count==1){
          // Register $myusername, $mypassword and redirect to file 
          // session_register is depreciated and is not needed.
          //session_register("myusername");
          //session_register("mypassword"); 
          $_SESSION['myusername'] = $myusername;
          $_SESSION['myavatar'] = $userav;
          if (strcmp($myusername, "admin") == 0) {
              header("location:admin_profile.php?username=$myusername");
          }else {
             header("location:my_profile.php?username=$myusername");
          }
          exit();
      }

      else {
      echo "<h1 class=login_status>Wrong Username or Password</h1>";
      }
      ?>

Link to comment
Share on other sites
kickstart Member

kickstart

Posted
Posted

hear is one of the soutions i have tried but it just sends al users to the adminprofile.php instead of just the admin grrrrr.

 

You have an error there from using a single = sign in an if statement. if($count==1 + $myusername=AdMiN){ is probably going to try and assign a constant called AdMiN to $myusername, returning true (ie, 1) and then check if $count is equal to 1 + true (ie, 2).

 

Simple solution would be to change

 

header("location:my_profile.php?username=$myusername");

 

to

 

header((($myusername == "Whatever the admin user name is") ? "location:adminprofile.php?username=$myusername" : "location:my_profile.php?username=$myusername"));

 

All the best

 

Keith

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.