Jump to content

Recommended Posts

if ($_POST['Submit'] == 'Login') {
$md5pass = md5(sanitize($_POST['password']));
$sql = mysql_query(sprintf("SELECT * FROM $tbl_name WHERE email='%s' and password='%s' and confirm='%d'", sanitize($_POST['email']), $md5pass, (int)1));

// we have a match
if (mysql_num_rows($sql) > 0)
{
// A matching row found (thus the name/pass found) - authenticated
list($email) = mysql_fetch_row($sql);
list($level) = mysql_fetch_row($sql);
// set user session
$_SESSION['user'] = $email;

// set session level - this is for security
$_SESSION['level'] = $level;

// redirect
if ($_SESSION['level'] == 1) {
// the user is logged in as non-admin
header("Location: calendar.php?msg=Logged In");
exit();
}

if ($_SESSION['level'] == 2) {
// the user is logged in as an admin
header("Location: admin/index.php");
exit();
}

 

It's a login script and that part of it handles whether or not a user is logged in as an admin or just a regular user. It works fine if I remove the checking that determines whether or not they're a user or admin, but once adding that in it doesn't do anything. Thanks in advance!

Link to comment
https://forums.phpfreaks.com/topic/156125-solved-any-reason-for-this-not-to-work/
Share on other sites

<?php
list($email) = mysql_fetch_row($sql); // first row
list($level) = mysql_fetch_row($sql); // second row !== first row
?>

 

use:

 

<?php
list($field1, $field2, ..) = mysql_fetch_assoc($sql);
// or a simple
$data = mysql_fetch_assoc($sql);
$email = $data['email'];
$user = $data['user'];
..
?>

 

@revraz they have php.net for questions like: "What does list function do?"

$sql = mysql_query(sprintf("SELECT email, level FROM $tbl_name WHERE email='%s' and password='%s' and confirm='%d'", sanitize($_POST['email']), $md5pass, (int)1));

//.........

// A matching row found (thus the name/pass found) - authenticated
list($email, $level) = mysql_fetch_row($sql);

 

Notice that you were fetching the row twice. Chances are the second row never existed thus level was never being properly set. The above is how it should be done. Also notice I defined the two columns that you were using and in the order that I listed them to prevent other issues from occurring. This way you know what data to expect.

btw, to help clean up those IF statements, try this :

if (is_numeric($_SESSION['level']))
{
switch ($_SESSION['level'])
{
	case 1:
		header("Location: calendar.php?msg=Logged In");
		exit;
	break;
	case 2:
		header("Location: admin/index.php");
		exit;
	break;
}
}

 

if you want of course.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.