Jump to content

Archived

This topic is now archived and is closed to further replies.

Vatik

User level

Recommended Posts

I am designing a login type site that when you log in depending on your user level you will be taken to a page. I found a simple login script, the only problem is now i keep running into issues about the user level.

this is the code im using..
[code]<?php
ob_start();
$host="**"; // Host name
$username="**"; // Mysql username
$password="**"; // Mysql password
$db_name="**"; // Database name
$tbl_name="**"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=md5($_POST['mypassword'];

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");

header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}

ob_end_flush();
?>
[/code]

on my mysql table i have a column called User_level but i just cant figure out how to do it. I tried to do session_register('user_level') = 1
header (suchandsuch)

but that didnt turn out good.

Thanks for taking the time to read this.

Share this post


Link to post
Share on other sites
you'd want to fetch the user level from database and compare it

if($user_level == 1) header("location:normal_user.php");
if($user_level == 2) header("location:admin.php");
...

or something of that sort.
I'll leave the query of the user level as a homework...


BTW.

session_register('user_level') = 1

makes on sense. session_register() is a function which returns TRUE if the registering is succesfull...

and you'll be better off using plain $_SESSION array values (like $_SESSION["user_level"] )

Share this post


Link to post
Share on other sites
Wow! that was a quick reply thanks wasnt expecting one so fast.

I tried out the If statements but the page just is all white and doesnt go to those phps.

My coding ended up looking like this

[code]<?php
ob_start();
$host="***"; // Host name
$username="***"; // Mysql username
$password="***"; // Mysql password
$db_name="Login_integinc_ca"; // Database name
$tbl_name="Clients"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=md5($_POST['mypassword'];

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION ["myusername"];
$_SESSION ["mypassword"];

$sql="SELECT * FROM $tbl_name WHERE user_level='$user_level'";
if($user_level = 1) header("login_success.php");
if($user_level = 2) header("location:admin.php");
}

else {
echo "Wrong Username or Password";
}

ob_end_flush();
?>
[/code]

i thought i was on the right path am i far off or something?

Share this post


Link to post
Share on other sites
[code]
<?php
ob_start();

$host="***"; // Host name
$username="***"; // Mysql username
$password="***"; // Mysql password
$db_name="Login_integinc_ca"; // Database name
$tbl_name="Clients"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=md5($_POST['mypassword'];

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION ["myusername"];
$_SESSION ["mypassword"];

$sql="SELECT * FROM $tbl_name WHERE user_level='$user_level'";

if($user_level == 1){

header("login_success.php"){

}elseif($user_level == 2) {

header("location:admin.php");

}else{

echo "Wrong Username or Password";

}

ob_end_flush();
?>
[/code]

Share this post


Link to post
Share on other sites
Neither of you managed to define $user_level. Try something like....

[code=php:0]
<?php
  ob_start();
  $host="***"; // Host name
  $username="***"; // Mysql username
  $password="***"; // Mysql password
  $db_name="Login_integinc_ca"; // Database name
  $tbl_name="Clients"; // Table name

// Connect to server and select databse.
  mysql_connect($host, $username, $password) or die("cannot connect");
  mysql_select_db($db_name)or die("cannot select DB");

  if (isset($_POST['myusername']) && isset($_POST['mypassword'])) {
    // Define $myusername and $mypassword
    $myusername = $_POST['myusername'];
    $mypassword = md5($_POST['mypassword'];

    $sql="SELECT * FROM $tbl_name WHERE username='$myusername' AND password='$mypassword'";
    $result = mysql_query($sql) or die(mysql_error());

// Mysql_num_row is counting table row
    $count = mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

    if ($count == 1) {
      $row = mysql_fetch_assoc($result);
// Register $myusername, $mypassword and redirect to file "login_success.php"
      $_SESSION ["myusername"] = $row['myusername'];
      $_SESSION ["mypassword"] = $row['mypassword'];
      if ($row['user_level'] == 1) header("login_success.php");
      if ($row['user_level'] == 2) header("location:admin.php");
    } else {
      echo "Wrong Username or Password";
  }
  ob_end_flush();
?>
[/code]

PS: Ive also removed your db password from your post, dont want anyone hacking it.

Share this post


Link to post
Share on other sites
I just tried it out both of your ways. When i log in it just makes me stay at the checklogin.php page which is just white. It doesnt transfer me over.

Share this post


Link to post
Share on other sites
[quote author=Vatik link=topic=111941.msg453965#msg453965 date=1161201431]
on my mysql table i have a column called User_level
[/quote]

Don't forget case-sensitivity for table names, so thorpe's code needs to have this:

[code=php:0]if ($row['User_level'] == 2)
[/code]
not
[code=php:0]if ($row['user_level'] == 2)
[/code]

Regards
Huggie

Share this post


Link to post
Share on other sites
I matched up everyone the exact spelling and capitals yet the page seems to just stay white and doesnt transfer me off checklogin. This doesnt make sense to me why its not working. :'(

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.