Jump to content

Recommended Posts

I have this code which logs in a user to my site but it only directs them to the login success page.  i need to direct users to 3 different pages depending on their access level eg levels 1,2,4 but i dont know how to do this, can any one help or point me in the right direction??

 

thanks  :confused:

 

//Form

<form name="form1" method="post" action="checklogin.php">

<strong>Member Login </strong>

Username: <input name="UsersID" type="text" id="UsersID" />

Password: <input name="U_Password" type="password" id="U_Password" />

<input type="submit" name="Submit" value="Login" /></form>

 

<?php

$host="localhost"; // Host name

$username=""; // username

$password=""; // password

$db_name="test"; // Database name

$tbl_name="members"; // Table name

 

// Replace database connect functions depending on database you are using.

mysql_connect("$host", "$username", "$password");

mysql_select_db("$db_name");

 

 

//submitting query

// username and password sent from form

//NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection!

$mUsersIDe=mysql_real_escape_string($_POST['UsersID']);

$U_Password=mysql_real_escape_string($_POST['U_Password']);

 

$sql="SELECT * FROM $Users WHERE UsersID='$UsersID' and U_Password='$U_Password'";

$result=mysql_query($sql);

 

//checking results

// Replace counting function based on database you are using.

$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row

 

 

//Direct Userbased on result

if($count==1){

  // Register $UsersID, $U_Password and redirect to file "login_success.php"

  session_register("UsersID");

  session_register("U_Password");

  header("location:login_success.php");

} else {

  echo "Wrong Username or Password";

}

17443_.txt

  • Replies 58
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

I have been able to get a user to login to one login page but i need the site to direct users to different login pages depending on their access level. I think i just need to add an If statement to my code but i do not know how to do that!

 

Can anyone help?

 

 

<?php
$host="localhost"; // Host name
$username="phpuser"; // username
$password="phpuser"; // password
$db_name="phpsite"; // Database name
$tbl_name="users"; // Table name

// Replace database connect functions depending on database you are using.
mysql_connect("$host", "$username", "$password");
mysql_select_db("$db_name");


//submitting query
// username and password sent from form
//NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection!
$UsersID=mysql_real_escape_string($_POST['UsersID']);
$U_Password=mysql_real_escape_string($_POST['U_Password']);

$sql="SELECT * FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'";
$result=mysql_query($sql);

//checking results
// Replace counting function based on database you are using.
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row


//Direct Userbased on result
if($count==1){
  // Register $UsersID, $U_Password and redirect to file "login_success.php"
  session_register("UsersID");
  session_register("U_Password");
  header("location:login_success.php");
} else {

  echo "Wrong Username or Password";
}
?>

I wouldn't save a password to session.  As far as your question, where you have the header going to login_success.php, just check the user level and based on this, send the user to appropriate page with the header.  A few simple IF statements should do the job.

i have entered this and it doesnt seem to work any idea where i have gone wrong?

 

//Direct Userbased on result
if($count==1){
  // Register $UsersID, $U_Password and redirect to file "login_success.php"
  session_register("UsersID");
  if("U_YearID" = "1")  
  header("location:login_success.php");
  if("U_YearID"="2")
  header("location:login_success2.php");
  if("U_YearID"="4")
  header("location:login_success4.php");
} else {

  echo "Wrong Username or Password";
}

U_YearID is plain text and not defined as string and when comparing two values use two == signs.  The code posted is not tested and assumes U_YearID is a table field in your users table.

<?php
session_start();
$host="localhost"; // Host name
$username="phpuser"; // username
$password="phpuser"; // password
$db_name="phpsite"; // Database name
$tbl_name="users"; // Table name

// Replace database connect functions depending on database you are using.
mysql_connect("$host", "$username", "$password");
mysql_select_db("$db_name");


//submitting query
// username and password sent from form
//NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection!
$UsersID=mysql_real_escape_string($_POST['UsersID']);
$U_Password=mysql_real_escape_string($_POST['U_Password']);

$sql="SELECT UsersID,U_YearID FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'";
$result=mysql_query($sql);

//checking results
// Replace counting function based on database you are using.
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row


//Direct Userbased on result
if($count==1){
  // Register $UsersID, $U_Password and redirect to file "login_success.php"
  $_SESSION['UsersID']=$result[0];
  $_SESSION['U_YearID']=$result[1];
  if($_SESSION['U_YearID']==1)  
  header("location:login_success.php");
  if($_SESSION['U_YearID']==2)
  header("location:login_success2.php");
  if($_SESSION['U_YearID']==4)
  header("location:login_success4.php");
} else {

  echo "Wrong Username or Password";
}
?>

I changed the code with this code just now

//Direct Userbased on result
if($count==1){
  // Register $UsersID, $U_Password and redirect to file "login_success.php"
  session_register("UsersID");
  session_register("U_Password");
  if('U_YearID'=="1")  
  header("location:login_success.php");
  if('U_YearID'=="2")
  header("location:login_success2.php");
  if('U_YearID'=="4")
  header("location:login_success4.php");
} else {

  echo "Wrong Username or Password";
}
?>

 

i keep getting this errors

Deprecated: Function session_register() is deprecated in C:\xampp\htdocs\Site1\test\checklogin.php on line 39

 

Deprecated: Function session_register() is deprecated in C:\xampp\htdocs\Site1\test\checklogin.php on line 40

 

ie something is wrong with the session_register

 

any ideas anyone? (srry really new at this) lol

with your code i get this error

Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively in Unknown on line 0

 

:s

 

U_YearID is plain text and not defined as string and when comparing two values use two == signs.  The code posted is not tested and assumes U_YearID is a table field in your users table.

<?php
session_start();
$host="localhost"; // Host name
$username="phpuser"; // username
$password="phpuser"; // password
$db_name="phpsite"; // Database name
$tbl_name="users"; // Table name

// Replace database connect functions depending on database you are using.
mysql_connect("$host", "$username", "$password");
mysql_select_db("$db_name");


//submitting query
// username and password sent from form
//NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection!
$UsersID=mysql_real_escape_string($_POST['UsersID']);
$U_Password=mysql_real_escape_string($_POST['U_Password']);

$sql="SELECT UsersID,U_YearID FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'";
$result=mysql_query($sql);

//checking results
// Replace counting function based on database you are using.
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row


//Direct Userbased on result
if($count==1){
  // Register $UsersID, $U_Password and redirect to file "login_success.php"
  $_SESSION['UsersID']=$result[0];
  $_SESSION['U_YearID']=$result[1];
  if($_SESSION['U_YearID']==1)  
  header("location:login_success.php");
  if($_SESSION['U_YearID']==2)
  header("location:login_success2.php");
  if($_SESSION['U_YearID']==4)
  header("location:login_success4.php");
} else {

  echo "Wrong Username or Password";
}
?>

I don't know about this error but it seems like it might be a htaccess issue or related to the version of php you are using.

 

I was able to disable that error but i get this error now, and i have checked and the username and password and level i am using is inside the database

 

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\Site1\test\checklogin1.php on line 30

Wrong Username or Password

$sql="SELECT UsersID,U_YearID FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'";
echo $sql;
$result=mysql_query($sql);

 

Nope :/ i get this error now

 

SELECT UsersID, U_YearID FROM users WHERE UsersID='aa101' and U_Password='000123456'

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\Site1\test\checklogin1.php on line 31

Wrong Username or Password

This is all the code i am using right now

 

<?php
ini_set('session.bug_compat_42',0);
ini_set('session.bug_compat_warn',0);

$host="localhost"; // Host name
$username="phpuser"; // username
$password="phpuser"; // password
$db_name="phpsite"; // Database name
$tbl_name="users"; // Table name

//submitting query
// username and password sent from form
//NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection!
$UsersID=mysql_real_escape_string($_POST['UsersID']);
$U_Password=mysql_real_escape_string($_POST['U_Password']);

$sql="SELECT * FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'";
echo $sql;
$result=mysql_query($sql);

//checking results
// Replace counting function based on database you are using.
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row


//Direct Userbased on result
if($count==1){
  // Register $UsersID, $U_Password and redirect to file "login_success.php"
  $_SESSION['UsersID']=$result[0];
  $_SESSION['U_YearID']=$result[1];
  if($_SESSION['U_YearID']==1)  
  header("location:login_success.php");
  if($_SESSION['U_YearID']==2)
  header("location:login_success2.php");
  if($_SESSION['U_YearID']==4)
  header("location:login_success4.php");
} else {

  echo "Wrong Username or Password";
}
?>

i have put it bk in

 

<?php
ini_set('session.bug_compat_42',0);
ini_set('session.bug_compat_warn',0);

$host="localhost"; // Host name
$username="phpuser"; // username
$password="phpuser"; // password
$db_name="phpsite"; // Database name
$tbl_name="users"; // Table name

// Replace database connect functions depending on database you are using.
mysql_connect("$host", "$username", "$password");
mysql_select_db("$db_name"); 

//submitting query
// username and password sent from form
//NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection!
$UsersID=mysql_real_escape_string($_POST['UsersID']);
$U_Password=mysql_real_escape_string($_POST['U_Password']);

$sql="SELECT * FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'";
echo $sql;
$result=mysql_query($sql);

//checking results
// Replace counting function based on database you are using.
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row


//Direct Userbased on result
if($count==1){
  // Register $UsersID, $U_Password and redirect to file "login_success.php"
  $_SESSION['UsersID']=$result[0];
  $_SESSION['U_YearID']=$result[1];
  if($_SESSION['U_YearID']==1)  
  header("location:login_success.php");
  if($_SESSION['U_YearID']==2)
  header("location:login_success2.php");
  if($_SESSION['U_YearID']==4)
  header("location:login_success4.php");
} else {

  echo "Wrong Username or Password";
}
?>

 

and i get this error

i have put it bk in

 

<?php
ini_set('session.bug_compat_42',0);
ini_set('session.bug_compat_warn',0);

$host="localhost"; // Host name
$username="phpuser"; // username
$password="phpuser"; // password
$db_name="phpsite"; // Database name
$tbl_name="users"; // Table name

// Replace database connect functions depending on database you are using.
mysql_connect("$host", "$username", "$password");
mysql_select_db("$db_name"); 

//submitting query
// username and password sent from form
//NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection!
$UsersID=mysql_real_escape_string($_POST['UsersID']);
$U_Password=mysql_real_escape_string($_POST['U_Password']);

$sql="SELECT * FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'";
echo $sql;
$result=mysql_query($sql);

//checking results
// Replace counting function based on database you are using.
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row


//Direct Userbased on result
if($count==1){
  // Register $UsersID, $U_Password and redirect to file "login_success.php"
  $_SESSION['UsersID']=$result[0];
  $_SESSION['U_YearID']=$result[1];
  if($_SESSION['U_YearID']==1)  
  header("location:login_success.php");
  if($_SESSION['U_YearID']==2)
  header("location:login_success2.php");
  if($_SESSION['U_YearID']==4)
  header("location:login_success4.php");
} else {

  echo "Wrong Username or Password";
}
?>

 

and i get this error

 

SELECT UsersID,U_YearID FROM users WHERE UsersID='aa101' and U_Password='000123456'

That isn't an error. It's the output from echo $sql;.

 

You need to include session_start() at the beginning of the script.

 

The header() redirects will never work if there is has already output sent to the browser, such as echo $sql;

That isn't an error. It's the output from echo $sql;.

 

You need to include session_start() at the beginning of the script.

 

The header() redirects will never work if there is has already output sent to the browser, such as echo $sql;

 

Still nothing i have added session_start() at the top of the php code and still getting that :/

 

session_start();
ini_set('session.bug_compat_42',0);
ini_set('session.bug_compat_warn',0);
$host="localhost"; // Host name
$username="phpuser"; // username
$password="phpuser"; // password
$db_name="phpsite"; // Database name
$tbl_name="users"; // Table name

// Replace database connect functions depending on database you are using.
mysql_connect("$host", "$username", "$password");
mysql_select_db("$db_name");

//submitting query
// username and password sent from form
//NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection!
$UsersID=mysql_real_escape_string($_POST['UsersID']);
$U_Password=mysql_real_escape_string($_POST['U_Password']);

$sql="SELECT UsersID,U_YearID FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'";
echo $sql;
$result=mysql_query($sql);

//checking results
// Replace counting function based on database you are using.
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

//Direct Userbased on result
if($count==1){
  // Register $UsersID, $U_Password and redirect to file "login_success.php"
  $_SESSION['UsersID']=$result[0];
  $_SESSION['U_YearID']=$result[1];
  if($_SESSION['U_YearID']==1)  
  header("location:login_success.php");
  if($_SESSION['U_YearID']==2)
  header("location:login_success2.php");
  if($_SESSION['U_YearID']==4)
  header("location:login_success4.php");
} else {

  echo "Wrong Username or Password";
}
?>

As Pikachu2000 pointed out, you can't send anything to the browser before setting any sessions.  This includes echoing out the $sql.  Comment out that line or remove it.

 

I commented it out and i dont get that sql "error" any more but all i get is a blank page...any ideas would it could be and why its not taking me to any page?

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.