Jump to content

Recommended Posts

Im using the following code to check the username and password when ever i user logs in.

 

	<?php
	include("config_members.php");

	// username and password sent from form 
	$myusername=$_POST['myusername']; 
	$mypassword=$_POST['mypassword']; 

	// To protect MySQL injection (more detail about MySQL injection)
	$myusername = stripslashes($myusername);
	$mypassword = stripslashes($mypassword);
	$myusername = mysql_real_escape_string($myusername);
	$mypassword = mysql_real_escape_string($mypassword);

	$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
	$result=mysql_query($sql);
	$row = mysql_fetch_assoc($result);
	$userav = $row['Profile_picture'];

	// Mysql_num_row is counting table row
	$count=mysql_num_rows($result);
	// If result matched $myusername and $mypassword, table row must be 1 row

	if($count==1){
	// Register $myusername, $mypassword and redirect to file 
	session_register("myusername");
	session_register("mypassword"); 
	$_SESSION['myusername'] = $myusername;
	$_SESSION['myavatar'] = $userav;
      header("location:my_profile.php?username=$myusername");
	exit();
      }
      else {
      echo "<h1 class=login_status>Wrong Username or Password</h1>";
      }
   	?>

 

What i want to do is add an if statement to check if myusername is = to admin and if so goto adminprofile.php and then for the else statemtent i want it to redirect to myprofile.php for ll other users, how do i go about doing this? ive tried a few different if statements but im not the best at them so can someone peae point me in the right direction please?

hear is one of the soutions i have tried but it just sends al users to the adminprofile.php instead of just the admin grrrrr.

 

	<?php
	include("config_members.php");

	// username and password sent from form 
	$myusername=$_POST['myusername']; 
	$mypassword=$_POST['mypassword']; 

	// To protect MySQL injection (more detail about MySQL injection)
	$myusername = stripslashes($myusername);
	$mypassword = stripslashes($mypassword);
	$myusername = mysql_real_escape_string($myusername);
	$mypassword = mysql_real_escape_string($mypassword);

	$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
	$result=mysql_query($sql);
	$row = mysql_fetch_assoc($result);
	$userav = $row['Profile_picture'];

	// Mysql_num_row is counting table row
	$count=mysql_num_rows($result);
	// If result matched $myusername and $mypassword, table row must be 1 row

	if($count==1 + $myusername=AdMiN){
	// Register $myusername, $mypassword and redirect to file 
	session_register("myusername");
	session_register("mypassword"); 
	$_SESSION['myusername'] = $myusername;
	$_SESSION['myavatar'] = $userav;
      header("location:admin_profile.php?username=$myusername");
	exit();
      }
	else if($count==1){
	// Register $myusername, $mypassword and redirect to file 
	session_register("myusername");
	session_register("mypassword"); 
	$_SESSION['myusername'] = $myusername;
	$_SESSION['myavatar'] = $userav;
      header("location:my_profile.php?username=$myusername");
	exit();
      }

      else {
      echo "<h1 class=login_status>Wrong Username or Password</h1>";
      }
   	?>

try as a test page.

<?php

//database connection.


if(isset($_POST['submit'])){


$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
$row = mysql_fetch_assoc($result);


if($row['myusername']=="admin"){

	header("location: adminprofile.php");

}else{


	header("location: myprofile.php");
}

}

    ?>

      <?php
      include("config_members.php");
      
      // username and password sent from form 
      $myusername=$_POST['myusername']; 
      $mypassword=$_POST['mypassword']; 
      
      // To protect MySQL injection (more detail about MySQL injection)
      $myusername = stripslashes($myusername);
      $mypassword = stripslashes($mypassword);
      $myusername = mysql_real_escape_string($myusername);
      $mypassword = mysql_real_escape_string($mypassword);
      
      $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
      $result=mysql_query($sql);
      $row = mysql_fetch_assoc($result);
      $userav = $row['Profile_picture'];
      
      // Mysql_num_row is counting table row
      $count=mysql_num_rows($result);
      
      // If result matched $myusername and $mypassword, table row must be 1 row
      if($count==1){
          // Register $myusername, $mypassword and redirect to file 
          // session_register is depreciated and is not needed.
          //session_register("myusername");
          //session_register("mypassword"); 
          $_SESSION['myusername'] = $myusername;
          $_SESSION['myavatar'] = $userav;
          if (strcmp($myusername, "admin") == 0) {
              header("location:admin_profile.php?username=$myusername");
          }else {
             header("location:my_profile.php?username=$myusername");
          }
          exit();
      }

      else {
      echo "<h1 class=login_status>Wrong Username or Password</h1>";
      }
      ?>

hear is one of the soutions i have tried but it just sends al users to the adminprofile.php instead of just the admin grrrrr.

 

You have an error there from using a single = sign in an if statement. if($count==1 + $myusername=AdMiN){ is probably going to try and assign a constant called AdMiN to $myusername, returning true (ie, 1) and then check if $count is equal to 1 + true (ie, 2).

 

Simple solution would be to change

 

header("location:my_profile.php?username=$myusername");

 

to

 

header((($myusername == "Whatever the admin user name is") ? "location:adminprofile.php?username=$myusername" : "location:my_profile.php?username=$myusername"));

 

All the best

 

Keith

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.