IF help needed please

googlit · June 24, 2011

hi Folks,

I have a simple login script that uses PHP/Mysql and i want to expand it slightly.

the execution script is below for the login, i was looking to add somthing along the lines of

If 'login' equals 'Admin' then redirect to 'custompages/admin/home.php'

is this possiable or do i need a completely new script.

<?php
//Start session
session_start();

//Include database connection details
require_once('config.php');

//Array to store validation errors
$errmsg_arr = array();

//Validation error flag
$errflag = false;

//Connect to mysql server
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
	die('Failed to connect to server: ' . mysql_error());
}

//Select database
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
	die("Unable to select database");
}

//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
	$str = @trim($str);
	if(get_magic_quotes_gpc()) {
		$str = stripslashes($str);
	}
	return mysql_real_escape_string($str);
}

//Sanitize the POST values
$login = clean($_POST['login']);
$password = clean($_POST['password']);

//Input Validations
if($login == '') {
	$errmsg_arr[] = 'Login ID missing';
	$errflag = true;
}
if($password == '') {
	$errmsg_arr[] = 'Password missing';
	$errflag = true;
}

//If there are input validations, redirect back to the login form
if($errflag) {
	$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
	session_write_close();
	header("location: login-form.php");
	exit();
}

//Create query
$qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'";
$result=mysql_query($qry);

//Check whether the query was successful or not
if($result) {
	if(mysql_num_rows($result) == 1) {
		//Login Successful
		session_regenerate_id();
		$member = mysql_fetch_assoc($result);
		$_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
		$_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
		$_SESSION['SESS_LAST_NAME'] = $member['lastname'];
		session_write_close();
		header("location: member-index.php");//change as appropriate
		exit();
	}else {
		//Login failed
		header("location: login-failed.php");
		exit();
	}
}else {
	die("Query failed");
}
?>

gristoi · June 24, 2011

you mean something like this?

<?php
//Start session
session_start();

//Include database connection details
require_once('config.php');

//Array to store validation errors
$errmsg_arr = array();

//Validation error flag
$errflag = false;

//Connect to mysql server
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
	die('Failed to connect to server: ' . mysql_error());
}

//Select database
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
	die("Unable to select database");
}

//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
	$str = @trim($str);
	if(get_magic_quotes_gpc()) {
		$str = stripslashes($str);
	}
	return mysql_real_escape_string($str);
}

//Sanitize the POST values
$login = clean($_POST['login']);
$password = clean($_POST['password']);

//Input Validations
if($login == '') {
	$errmsg_arr[] = 'Login ID missing';
	$errflag = true;
}
if($password == '') {
	$errmsg_arr[] = 'Password missing';
	$errflag = true;
}

//If there are input validations, redirect back to the login form
if($errflag) {
	$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
	session_write_close();
	header("location: login-form.php");
	exit();
}

//Create query
$qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'";
$result=mysql_query($qry);

//Check whether the query was successful or not
if($result) {
	if(mysql_num_rows($result) == 1) {
		//Login Successful
		session_regenerate_id();
		$member = mysql_fetch_assoc($result);
		$_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
		$_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
		$_SESSION['SESS_LAST_NAME'] = $member['lastname'];
		session_write_close();
                        switch($login)
                       {
                         case 'user': $direction = 'member-index.php';
                         break;
                         case 'Admin': $direction = 'admin-index.php';
                         break;

                        }
		header("location: $direction");//change as appropriate
		exit();
	}else {
		//Login failed
		header("location: login-failed.php");
		exit();
	}
}else {
	die("Query failed");
}
?>

googlit · June 24, 2011

Yeah thats the trick, thanks.

quick question would i be able to use a simlar way to redirect based on a db entry? for example is member_id '2' logs in it would redirect to a preset page in the db??

thanks for all your help

gristoi · June 24, 2011

yeah, just store the location in the db then once you have confirmed that they have a valid login assign the location to a variable and use it to redirect. for example you had a variable in your table called homepage:

// query run here

if($result) {
	if(mysql_num_rows($result) == 1) {
		//Login Successful
		session_regenerate_id();
		$member = mysql_fetch_assoc($result);
		$_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
		$_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
		$_SESSION['SESS_LAST_NAME'] = $member['lastname'];
		session_write_close();
                        $page = $member['homepage'] ;
		header("location: $page");//change as appropriate
		exit();
	}else {
		//Login failed
		header("location: login-failed.php");
		exit();
	}
}

googlit · June 24, 2011

Thanks for that, youve been a real help

gristoi · June 24, 2011

dont forget to mark as solved

Sign In

IF help needed please

Recommended Posts

googlit

Link to comment

Share on other sites

gristoi

Link to comment

Share on other sites

googlit

Link to comment

Share on other sites

gristoi

Link to comment

Share on other sites

googlit

Link to comment

Share on other sites

gristoi

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information