jusjus7 Posted January 29, 2012 Share Posted January 29, 2012 I have this code which logs in a user to my site but it only directs them to the login success page. i need to direct users to 3 different pages depending on their access level eg levels 1,2,4 but i dont know how to do this, can any one help or point me in the right direction?? thanks //Form <form name="form1" method="post" action="checklogin.php"> <strong>Member Login </strong> Username: <input name="UsersID" type="text" id="UsersID" /> Password: <input name="U_Password" type="password" id="U_Password" /> <input type="submit" name="Submit" value="Login" /></form> <?php $host="localhost"; // Host name $username=""; // username $password=""; // password $db_name="test"; // Database name $tbl_name="members"; // Table name // Replace database connect functions depending on database you are using. mysql_connect("$host", "$username", "$password"); mysql_select_db("$db_name"); //submitting query // username and password sent from form //NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection! $mUsersIDe=mysql_real_escape_string($_POST['UsersID']); $U_Password=mysql_real_escape_string($_POST['U_Password']); $sql="SELECT * FROM $Users WHERE UsersID='$UsersID' and U_Password='$U_Password'"; $result=mysql_query($sql); //checking results // Replace counting function based on database you are using. $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row //Direct Userbased on result if($count==1){ // Register $UsersID, $U_Password and redirect to file "login_success.php" session_register("UsersID"); session_register("U_Password"); header("location:login_success.php"); } else { echo "Wrong Username or Password"; } 17443_.txt Link to comment https://forums.phpfreaks.com/topic/255984-redirect-logging-in-users-to-different-pages/ Share on other sites More sharing options...
jusjus7 Posted January 29, 2012 Author Share Posted January 29, 2012 I have been able to get a user to login to one login page but i need the site to direct users to different login pages depending on their access level. I think i just need to add an If statement to my code but i do not know how to do that! Can anyone help? <?php $host="localhost"; // Host name $username="phpuser"; // username $password="phpuser"; // password $db_name="phpsite"; // Database name $tbl_name="users"; // Table name // Replace database connect functions depending on database you are using. mysql_connect("$host", "$username", "$password"); mysql_select_db("$db_name"); //submitting query // username and password sent from form //NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection! $UsersID=mysql_real_escape_string($_POST['UsersID']); $U_Password=mysql_real_escape_string($_POST['U_Password']); $sql="SELECT * FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'"; $result=mysql_query($sql); //checking results // Replace counting function based on database you are using. $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row //Direct Userbased on result if($count==1){ // Register $UsersID, $U_Password and redirect to file "login_success.php" session_register("UsersID"); session_register("U_Password"); header("location:login_success.php"); } else { echo "Wrong Username or Password"; } ?> Link to comment https://forums.phpfreaks.com/topic/255984-redirect-logging-in-users-to-different-pages/#findComment-1312251 Share on other sites More sharing options...
Pikachu2000 Posted January 29, 2012 Share Posted January 29, 2012 I've merged your duplicate topics. In the future, just post your corrections in the same thread instead of creating a new one. Link to comment https://forums.phpfreaks.com/topic/255984-redirect-logging-in-users-to-different-pages/#findComment-1312253 Share on other sites More sharing options...
jusjus7 Posted January 29, 2012 Author Share Posted January 29, 2012 oh ok thanks for that! Link to comment https://forums.phpfreaks.com/topic/255984-redirect-logging-in-users-to-different-pages/#findComment-1312254 Share on other sites More sharing options...
Drummin Posted January 29, 2012 Share Posted January 29, 2012 I wouldn't save a password to session. As far as your question, where you have the header going to login_success.php, just check the user level and based on this, send the user to appropriate page with the header. A few simple IF statements should do the job. Link to comment https://forums.phpfreaks.com/topic/255984-redirect-logging-in-users-to-different-pages/#findComment-1312263 Share on other sites More sharing options...
jusjus7 Posted January 29, 2012 Author Share Posted January 29, 2012 ok thanks i will try that out Link to comment https://forums.phpfreaks.com/topic/255984-redirect-logging-in-users-to-different-pages/#findComment-1312274 Share on other sites More sharing options...
jusjus7 Posted January 29, 2012 Author Share Posted January 29, 2012 i have entered this and it doesnt seem to work any idea where i have gone wrong? //Direct Userbased on result if($count==1){ // Register $UsersID, $U_Password and redirect to file "login_success.php" session_register("UsersID"); if("U_YearID" = "1") header("location:login_success.php"); if("U_YearID"="2") header("location:login_success2.php"); if("U_YearID"="4") header("location:login_success4.php"); } else { echo "Wrong Username or Password"; } Link to comment https://forums.phpfreaks.com/topic/255984-redirect-logging-in-users-to-different-pages/#findComment-1312278 Share on other sites More sharing options...
Drummin Posted January 29, 2012 Share Posted January 29, 2012 U_YearID is plain text and not defined as string and when comparing two values use two == signs. The code posted is not tested and assumes U_YearID is a table field in your users table. <?php session_start(); $host="localhost"; // Host name $username="phpuser"; // username $password="phpuser"; // password $db_name="phpsite"; // Database name $tbl_name="users"; // Table name // Replace database connect functions depending on database you are using. mysql_connect("$host", "$username", "$password"); mysql_select_db("$db_name"); //submitting query // username and password sent from form //NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection! $UsersID=mysql_real_escape_string($_POST['UsersID']); $U_Password=mysql_real_escape_string($_POST['U_Password']); $sql="SELECT UsersID,U_YearID FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'"; $result=mysql_query($sql); //checking results // Replace counting function based on database you are using. $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row //Direct Userbased on result if($count==1){ // Register $UsersID, $U_Password and redirect to file "login_success.php" $_SESSION['UsersID']=$result[0]; $_SESSION['U_YearID']=$result[1]; if($_SESSION['U_YearID']==1) header("location:login_success.php"); if($_SESSION['U_YearID']==2) header("location:login_success2.php"); if($_SESSION['U_YearID']==4) header("location:login_success4.php"); } else { echo "Wrong Username or Password"; } ?> Link to comment https://forums.phpfreaks.com/topic/255984-redirect-logging-in-users-to-different-pages/#findComment-1312283 Share on other sites More sharing options...
jusjus7 Posted January 29, 2012 Author Share Posted January 29, 2012 I changed the code with this code just now //Direct Userbased on result if($count==1){ // Register $UsersID, $U_Password and redirect to file "login_success.php" session_register("UsersID"); session_register("U_Password"); if('U_YearID'=="1") header("location:login_success.php"); if('U_YearID'=="2") header("location:login_success2.php"); if('U_YearID'=="4") header("location:login_success4.php"); } else { echo "Wrong Username or Password"; } ?> i keep getting this errors Deprecated: Function session_register() is deprecated in C:\xampp\htdocs\Site1\test\checklogin.php on line 39 Deprecated: Function session_register() is deprecated in C:\xampp\htdocs\Site1\test\checklogin.php on line 40 ie something is wrong with the session_register any ideas anyone? (srry really new at this) lol Link to comment https://forums.phpfreaks.com/topic/255984-redirect-logging-in-users-to-different-pages/#findComment-1312285 Share on other sites More sharing options...
jusjus7 Posted January 29, 2012 Author Share Posted January 29, 2012 with your code i get this error Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively in Unknown on line 0 :s U_YearID is plain text and not defined as string and when comparing two values use two == signs. The code posted is not tested and assumes U_YearID is a table field in your users table. <?php session_start(); $host="localhost"; // Host name $username="phpuser"; // username $password="phpuser"; // password $db_name="phpsite"; // Database name $tbl_name="users"; // Table name // Replace database connect functions depending on database you are using. mysql_connect("$host", "$username", "$password"); mysql_select_db("$db_name"); //submitting query // username and password sent from form //NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection! $UsersID=mysql_real_escape_string($_POST['UsersID']); $U_Password=mysql_real_escape_string($_POST['U_Password']); $sql="SELECT UsersID,U_YearID FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'"; $result=mysql_query($sql); //checking results // Replace counting function based on database you are using. $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row //Direct Userbased on result if($count==1){ // Register $UsersID, $U_Password and redirect to file "login_success.php" $_SESSION['UsersID']=$result[0]; $_SESSION['U_YearID']=$result[1]; if($_SESSION['U_YearID']==1) header("location:login_success.php"); if($_SESSION['U_YearID']==2) header("location:login_success2.php"); if($_SESSION['U_YearID']==4) header("location:login_success4.php"); } else { echo "Wrong Username or Password"; } ?> Link to comment https://forums.phpfreaks.com/topic/255984-redirect-logging-in-users-to-different-pages/#findComment-1312286 Share on other sites More sharing options...
Drummin Posted January 29, 2012 Share Posted January 29, 2012 I don't know about this error but it seems like it might be a htaccess issue or related to the version of php you are using. Link to comment https://forums.phpfreaks.com/topic/255984-redirect-logging-in-users-to-different-pages/#findComment-1312289 Share on other sites More sharing options...
jusjus7 Posted January 29, 2012 Author Share Posted January 29, 2012 i am using these versions Apache/2.2.21 (Win32) mod_ssl/2.2.21 OpenSSL/1.0.0e PHP/5.3.8 Link to comment https://forums.phpfreaks.com/topic/255984-redirect-logging-in-users-to-different-pages/#findComment-1312291 Share on other sites More sharing options...
jusjus7 Posted January 29, 2012 Author Share Posted January 29, 2012 I don't know about this error but it seems like it might be a htaccess issue or related to the version of php you are using. I was able to disable that error but i get this error now, and i have checked and the username and password and level i am using is inside the database Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\Site1\test\checklogin1.php on line 30 Wrong Username or Password Link to comment https://forums.phpfreaks.com/topic/255984-redirect-logging-in-users-to-different-pages/#findComment-1312300 Share on other sites More sharing options...
spiderwell Posted January 29, 2012 Share Posted January 29, 2012 echo out your sql statement it will help you solve that Link to comment https://forums.phpfreaks.com/topic/255984-redirect-logging-in-users-to-different-pages/#findComment-1312302 Share on other sites More sharing options...
jusjus7 Posted January 29, 2012 Author Share Posted January 29, 2012 echo out your sql statement it will help you solve that sorry i know i am sounding really dumb but how do i do that? where to i type echo by the select by the from or at the where end? Link to comment https://forums.phpfreaks.com/topic/255984-redirect-logging-in-users-to-different-pages/#findComment-1312303 Share on other sites More sharing options...
spiderwell Posted January 29, 2012 Share Posted January 29, 2012 $sql="SELECT UsersID,U_YearID FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'"; echo $sql; $result=mysql_query($sql); Link to comment https://forums.phpfreaks.com/topic/255984-redirect-logging-in-users-to-different-pages/#findComment-1312308 Share on other sites More sharing options...
jusjus7 Posted January 29, 2012 Author Share Posted January 29, 2012 $sql="SELECT UsersID,U_YearID FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'"; echo $sql; $result=mysql_query($sql); Nope :/ i get this error now SELECT UsersID, U_YearID FROM users WHERE UsersID='aa101' and U_Password='000123456' Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\Site1\test\checklogin1.php on line 31 Wrong Username or Password Link to comment https://forums.phpfreaks.com/topic/255984-redirect-logging-in-users-to-different-pages/#findComment-1312310 Share on other sites More sharing options...
jusjus7 Posted January 29, 2012 Author Share Posted January 29, 2012 This is all the code i am using right now <?php ini_set('session.bug_compat_42',0); ini_set('session.bug_compat_warn',0); $host="localhost"; // Host name $username="phpuser"; // username $password="phpuser"; // password $db_name="phpsite"; // Database name $tbl_name="users"; // Table name //submitting query // username and password sent from form //NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection! $UsersID=mysql_real_escape_string($_POST['UsersID']); $U_Password=mysql_real_escape_string($_POST['U_Password']); $sql="SELECT * FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'"; echo $sql; $result=mysql_query($sql); //checking results // Replace counting function based on database you are using. $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row //Direct Userbased on result if($count==1){ // Register $UsersID, $U_Password and redirect to file "login_success.php" $_SESSION['UsersID']=$result[0]; $_SESSION['U_YearID']=$result[1]; if($_SESSION['U_YearID']==1) header("location:login_success.php"); if($_SESSION['U_YearID']==2) header("location:login_success2.php"); if($_SESSION['U_YearID']==4) header("location:login_success4.php"); } else { echo "Wrong Username or Password"; } ?> Link to comment https://forums.phpfreaks.com/topic/255984-redirect-logging-in-users-to-different-pages/#findComment-1312311 Share on other sites More sharing options...
spiderwell Posted January 29, 2012 Share Posted January 29, 2012 you have removed the code for connecting to the database before you execute your query Link to comment https://forums.phpfreaks.com/topic/255984-redirect-logging-in-users-to-different-pages/#findComment-1312314 Share on other sites More sharing options...
jusjus7 Posted January 29, 2012 Author Share Posted January 29, 2012 i have put it bk in <?php ini_set('session.bug_compat_42',0); ini_set('session.bug_compat_warn',0); $host="localhost"; // Host name $username="phpuser"; // username $password="phpuser"; // password $db_name="phpsite"; // Database name $tbl_name="users"; // Table name // Replace database connect functions depending on database you are using. mysql_connect("$host", "$username", "$password"); mysql_select_db("$db_name"); //submitting query // username and password sent from form //NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection! $UsersID=mysql_real_escape_string($_POST['UsersID']); $U_Password=mysql_real_escape_string($_POST['U_Password']); $sql="SELECT * FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'"; echo $sql; $result=mysql_query($sql); //checking results // Replace counting function based on database you are using. $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row //Direct Userbased on result if($count==1){ // Register $UsersID, $U_Password and redirect to file "login_success.php" $_SESSION['UsersID']=$result[0]; $_SESSION['U_YearID']=$result[1]; if($_SESSION['U_YearID']==1) header("location:login_success.php"); if($_SESSION['U_YearID']==2) header("location:login_success2.php"); if($_SESSION['U_YearID']==4) header("location:login_success4.php"); } else { echo "Wrong Username or Password"; } ?> and i get this error Link to comment https://forums.phpfreaks.com/topic/255984-redirect-logging-in-users-to-different-pages/#findComment-1312316 Share on other sites More sharing options...
jusjus7 Posted January 29, 2012 Author Share Posted January 29, 2012 i have put it bk in <?php ini_set('session.bug_compat_42',0); ini_set('session.bug_compat_warn',0); $host="localhost"; // Host name $username="phpuser"; // username $password="phpuser"; // password $db_name="phpsite"; // Database name $tbl_name="users"; // Table name // Replace database connect functions depending on database you are using. mysql_connect("$host", "$username", "$password"); mysql_select_db("$db_name"); //submitting query // username and password sent from form //NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection! $UsersID=mysql_real_escape_string($_POST['UsersID']); $U_Password=mysql_real_escape_string($_POST['U_Password']); $sql="SELECT * FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'"; echo $sql; $result=mysql_query($sql); //checking results // Replace counting function based on database you are using. $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row //Direct Userbased on result if($count==1){ // Register $UsersID, $U_Password and redirect to file "login_success.php" $_SESSION['UsersID']=$result[0]; $_SESSION['U_YearID']=$result[1]; if($_SESSION['U_YearID']==1) header("location:login_success.php"); if($_SESSION['U_YearID']==2) header("location:login_success2.php"); if($_SESSION['U_YearID']==4) header("location:login_success4.php"); } else { echo "Wrong Username or Password"; } ?> and i get this error SELECT UsersID,U_YearID FROM users WHERE UsersID='aa101' and U_Password='000123456' Link to comment https://forums.phpfreaks.com/topic/255984-redirect-logging-in-users-to-different-pages/#findComment-1312321 Share on other sites More sharing options...
Pikachu2000 Posted January 29, 2012 Share Posted January 29, 2012 That isn't an error. It's the output from echo $sql;. You need to include session_start() at the beginning of the script. The header() redirects will never work if there is has already output sent to the browser, such as echo $sql; Link to comment https://forums.phpfreaks.com/topic/255984-redirect-logging-in-users-to-different-pages/#findComment-1312324 Share on other sites More sharing options...
jusjus7 Posted January 29, 2012 Author Share Posted January 29, 2012 That isn't an error. It's the output from echo $sql;. You need to include session_start() at the beginning of the script. The header() redirects will never work if there is has already output sent to the browser, such as echo $sql; Still nothing i have added session_start() at the top of the php code and still getting that :/ session_start(); ini_set('session.bug_compat_42',0); ini_set('session.bug_compat_warn',0); $host="localhost"; // Host name $username="phpuser"; // username $password="phpuser"; // password $db_name="phpsite"; // Database name $tbl_name="users"; // Table name // Replace database connect functions depending on database you are using. mysql_connect("$host", "$username", "$password"); mysql_select_db("$db_name"); //submitting query // username and password sent from form //NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection! $UsersID=mysql_real_escape_string($_POST['UsersID']); $U_Password=mysql_real_escape_string($_POST['U_Password']); $sql="SELECT UsersID,U_YearID FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'"; echo $sql; $result=mysql_query($sql); //checking results // Replace counting function based on database you are using. $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row //Direct Userbased on result if($count==1){ // Register $UsersID, $U_Password and redirect to file "login_success.php" $_SESSION['UsersID']=$result[0]; $_SESSION['U_YearID']=$result[1]; if($_SESSION['U_YearID']==1) header("location:login_success.php"); if($_SESSION['U_YearID']==2) header("location:login_success2.php"); if($_SESSION['U_YearID']==4) header("location:login_success4.php"); } else { echo "Wrong Username or Password"; } ?> Link to comment https://forums.phpfreaks.com/topic/255984-redirect-logging-in-users-to-different-pages/#findComment-1312326 Share on other sites More sharing options...
Drummin Posted January 29, 2012 Share Posted January 29, 2012 As Pikachu2000 pointed out, you can't send anything to the browser before setting any sessions. This includes echoing out the $sql. Comment out that line or remove it. Link to comment https://forums.phpfreaks.com/topic/255984-redirect-logging-in-users-to-different-pages/#findComment-1312333 Share on other sites More sharing options...
jusjus7 Posted January 29, 2012 Author Share Posted January 29, 2012 As Pikachu2000 pointed out, you can't send anything to the browser before setting any sessions. This includes echoing out the $sql. Comment out that line or remove it. I commented it out and i dont get that sql "error" any more but all i get is a blank page...any ideas would it could be and why its not taking me to any page? Link to comment https://forums.phpfreaks.com/topic/255984-redirect-logging-in-users-to-different-pages/#findComment-1312334 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.