jusjus7 Posted January 29, 2012 Share Posted January 29, 2012 I have this code which logs in a user to my site but it only directs them to the login success page. i need to direct users to 3 different pages depending on their access level eg levels 1,2,4 but i dont know how to do this, can any one help or point me in the right direction?? thanks //Form <form name="form1" method="post" action="checklogin.php"> <strong>Member Login </strong> Username: <input name="UsersID" type="text" id="UsersID" /> Password: <input name="U_Password" type="password" id="U_Password" /> <input type="submit" name="Submit" value="Login" /></form> <?php $host="localhost"; // Host name $username=""; // username $password=""; // password $db_name="test"; // Database name $tbl_name="members"; // Table name // Replace database connect functions depending on database you are using. mysql_connect("$host", "$username", "$password"); mysql_select_db("$db_name"); //submitting query // username and password sent from form //NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection! $mUsersIDe=mysql_real_escape_string($_POST['UsersID']); $U_Password=mysql_real_escape_string($_POST['U_Password']); $sql="SELECT * FROM $Users WHERE UsersID='$UsersID' and U_Password='$U_Password'"; $result=mysql_query($sql); //checking results // Replace counting function based on database you are using. $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row //Direct Userbased on result if($count==1){ // Register $UsersID, $U_Password and redirect to file "login_success.php" session_register("UsersID"); session_register("U_Password"); header("location:login_success.php"); } else { echo "Wrong Username or Password"; } 17443_.txt Quote Link to comment Share on other sites More sharing options...
jusjus7 Posted January 29, 2012 Author Share Posted January 29, 2012 I have been able to get a user to login to one login page but i need the site to direct users to different login pages depending on their access level. I think i just need to add an If statement to my code but i do not know how to do that! Can anyone help? <?php $host="localhost"; // Host name $username="phpuser"; // username $password="phpuser"; // password $db_name="phpsite"; // Database name $tbl_name="users"; // Table name // Replace database connect functions depending on database you are using. mysql_connect("$host", "$username", "$password"); mysql_select_db("$db_name"); //submitting query // username and password sent from form //NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection! $UsersID=mysql_real_escape_string($_POST['UsersID']); $U_Password=mysql_real_escape_string($_POST['U_Password']); $sql="SELECT * FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'"; $result=mysql_query($sql); //checking results // Replace counting function based on database you are using. $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row //Direct Userbased on result if($count==1){ // Register $UsersID, $U_Password and redirect to file "login_success.php" session_register("UsersID"); session_register("U_Password"); header("location:login_success.php"); } else { echo "Wrong Username or Password"; } ?> Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted January 29, 2012 Share Posted January 29, 2012 I've merged your duplicate topics. In the future, just post your corrections in the same thread instead of creating a new one. Quote Link to comment Share on other sites More sharing options...
jusjus7 Posted January 29, 2012 Author Share Posted January 29, 2012 oh ok thanks for that! Quote Link to comment Share on other sites More sharing options...
Drummin Posted January 29, 2012 Share Posted January 29, 2012 I wouldn't save a password to session. As far as your question, where you have the header going to login_success.php, just check the user level and based on this, send the user to appropriate page with the header. A few simple IF statements should do the job. Quote Link to comment Share on other sites More sharing options...
jusjus7 Posted January 29, 2012 Author Share Posted January 29, 2012 ok thanks i will try that out Quote Link to comment Share on other sites More sharing options...
jusjus7 Posted January 29, 2012 Author Share Posted January 29, 2012 i have entered this and it doesnt seem to work any idea where i have gone wrong? //Direct Userbased on result if($count==1){ // Register $UsersID, $U_Password and redirect to file "login_success.php" session_register("UsersID"); if("U_YearID" = "1") header("location:login_success.php"); if("U_YearID"="2") header("location:login_success2.php"); if("U_YearID"="4") header("location:login_success4.php"); } else { echo "Wrong Username or Password"; } Quote Link to comment Share on other sites More sharing options...
Drummin Posted January 29, 2012 Share Posted January 29, 2012 U_YearID is plain text and not defined as string and when comparing two values use two == signs. The code posted is not tested and assumes U_YearID is a table field in your users table. <?php session_start(); $host="localhost"; // Host name $username="phpuser"; // username $password="phpuser"; // password $db_name="phpsite"; // Database name $tbl_name="users"; // Table name // Replace database connect functions depending on database you are using. mysql_connect("$host", "$username", "$password"); mysql_select_db("$db_name"); //submitting query // username and password sent from form //NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection! $UsersID=mysql_real_escape_string($_POST['UsersID']); $U_Password=mysql_real_escape_string($_POST['U_Password']); $sql="SELECT UsersID,U_YearID FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'"; $result=mysql_query($sql); //checking results // Replace counting function based on database you are using. $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row //Direct Userbased on result if($count==1){ // Register $UsersID, $U_Password and redirect to file "login_success.php" $_SESSION['UsersID']=$result[0]; $_SESSION['U_YearID']=$result[1]; if($_SESSION['U_YearID']==1) header("location:login_success.php"); if($_SESSION['U_YearID']==2) header("location:login_success2.php"); if($_SESSION['U_YearID']==4) header("location:login_success4.php"); } else { echo "Wrong Username or Password"; } ?> Quote Link to comment Share on other sites More sharing options...
jusjus7 Posted January 29, 2012 Author Share Posted January 29, 2012 I changed the code with this code just now //Direct Userbased on result if($count==1){ // Register $UsersID, $U_Password and redirect to file "login_success.php" session_register("UsersID"); session_register("U_Password"); if('U_YearID'=="1") header("location:login_success.php"); if('U_YearID'=="2") header("location:login_success2.php"); if('U_YearID'=="4") header("location:login_success4.php"); } else { echo "Wrong Username or Password"; } ?> i keep getting this errors Deprecated: Function session_register() is deprecated in C:\xampp\htdocs\Site1\test\checklogin.php on line 39 Deprecated: Function session_register() is deprecated in C:\xampp\htdocs\Site1\test\checklogin.php on line 40 ie something is wrong with the session_register any ideas anyone? (srry really new at this) lol Quote Link to comment Share on other sites More sharing options...
jusjus7 Posted January 29, 2012 Author Share Posted January 29, 2012 with your code i get this error Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively in Unknown on line 0 :s U_YearID is plain text and not defined as string and when comparing two values use two == signs. The code posted is not tested and assumes U_YearID is a table field in your users table. <?php session_start(); $host="localhost"; // Host name $username="phpuser"; // username $password="phpuser"; // password $db_name="phpsite"; // Database name $tbl_name="users"; // Table name // Replace database connect functions depending on database you are using. mysql_connect("$host", "$username", "$password"); mysql_select_db("$db_name"); //submitting query // username and password sent from form //NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection! $UsersID=mysql_real_escape_string($_POST['UsersID']); $U_Password=mysql_real_escape_string($_POST['U_Password']); $sql="SELECT UsersID,U_YearID FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'"; $result=mysql_query($sql); //checking results // Replace counting function based on database you are using. $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row //Direct Userbased on result if($count==1){ // Register $UsersID, $U_Password and redirect to file "login_success.php" $_SESSION['UsersID']=$result[0]; $_SESSION['U_YearID']=$result[1]; if($_SESSION['U_YearID']==1) header("location:login_success.php"); if($_SESSION['U_YearID']==2) header("location:login_success2.php"); if($_SESSION['U_YearID']==4) header("location:login_success4.php"); } else { echo "Wrong Username or Password"; } ?> Quote Link to comment Share on other sites More sharing options...
Drummin Posted January 29, 2012 Share Posted January 29, 2012 I don't know about this error but it seems like it might be a htaccess issue or related to the version of php you are using. Quote Link to comment Share on other sites More sharing options...
jusjus7 Posted January 29, 2012 Author Share Posted January 29, 2012 i am using these versions Apache/2.2.21 (Win32) mod_ssl/2.2.21 OpenSSL/1.0.0e PHP/5.3.8 Quote Link to comment Share on other sites More sharing options...
jusjus7 Posted January 29, 2012 Author Share Posted January 29, 2012 I don't know about this error but it seems like it might be a htaccess issue or related to the version of php you are using. I was able to disable that error but i get this error now, and i have checked and the username and password and level i am using is inside the database Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\Site1\test\checklogin1.php on line 30 Wrong Username or Password Quote Link to comment Share on other sites More sharing options...
spiderwell Posted January 29, 2012 Share Posted January 29, 2012 echo out your sql statement it will help you solve that Quote Link to comment Share on other sites More sharing options...
jusjus7 Posted January 29, 2012 Author Share Posted January 29, 2012 echo out your sql statement it will help you solve that sorry i know i am sounding really dumb but how do i do that? where to i type echo by the select by the from or at the where end? Quote Link to comment Share on other sites More sharing options...
spiderwell Posted January 29, 2012 Share Posted January 29, 2012 $sql="SELECT UsersID,U_YearID FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'"; echo $sql; $result=mysql_query($sql); Quote Link to comment Share on other sites More sharing options...
jusjus7 Posted January 29, 2012 Author Share Posted January 29, 2012 $sql="SELECT UsersID,U_YearID FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'"; echo $sql; $result=mysql_query($sql); Nope :/ i get this error now SELECT UsersID, U_YearID FROM users WHERE UsersID='aa101' and U_Password='000123456' Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\Site1\test\checklogin1.php on line 31 Wrong Username or Password Quote Link to comment Share on other sites More sharing options...
jusjus7 Posted January 29, 2012 Author Share Posted January 29, 2012 This is all the code i am using right now <?php ini_set('session.bug_compat_42',0); ini_set('session.bug_compat_warn',0); $host="localhost"; // Host name $username="phpuser"; // username $password="phpuser"; // password $db_name="phpsite"; // Database name $tbl_name="users"; // Table name //submitting query // username and password sent from form //NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection! $UsersID=mysql_real_escape_string($_POST['UsersID']); $U_Password=mysql_real_escape_string($_POST['U_Password']); $sql="SELECT * FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'"; echo $sql; $result=mysql_query($sql); //checking results // Replace counting function based on database you are using. $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row //Direct Userbased on result if($count==1){ // Register $UsersID, $U_Password and redirect to file "login_success.php" $_SESSION['UsersID']=$result[0]; $_SESSION['U_YearID']=$result[1]; if($_SESSION['U_YearID']==1) header("location:login_success.php"); if($_SESSION['U_YearID']==2) header("location:login_success2.php"); if($_SESSION['U_YearID']==4) header("location:login_success4.php"); } else { echo "Wrong Username or Password"; } ?> Quote Link to comment Share on other sites More sharing options...
spiderwell Posted January 29, 2012 Share Posted January 29, 2012 you have removed the code for connecting to the database before you execute your query Quote Link to comment Share on other sites More sharing options...
jusjus7 Posted January 29, 2012 Author Share Posted January 29, 2012 i have put it bk in <?php ini_set('session.bug_compat_42',0); ini_set('session.bug_compat_warn',0); $host="localhost"; // Host name $username="phpuser"; // username $password="phpuser"; // password $db_name="phpsite"; // Database name $tbl_name="users"; // Table name // Replace database connect functions depending on database you are using. mysql_connect("$host", "$username", "$password"); mysql_select_db("$db_name"); //submitting query // username and password sent from form //NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection! $UsersID=mysql_real_escape_string($_POST['UsersID']); $U_Password=mysql_real_escape_string($_POST['U_Password']); $sql="SELECT * FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'"; echo $sql; $result=mysql_query($sql); //checking results // Replace counting function based on database you are using. $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row //Direct Userbased on result if($count==1){ // Register $UsersID, $U_Password and redirect to file "login_success.php" $_SESSION['UsersID']=$result[0]; $_SESSION['U_YearID']=$result[1]; if($_SESSION['U_YearID']==1) header("location:login_success.php"); if($_SESSION['U_YearID']==2) header("location:login_success2.php"); if($_SESSION['U_YearID']==4) header("location:login_success4.php"); } else { echo "Wrong Username or Password"; } ?> and i get this error Quote Link to comment Share on other sites More sharing options...
jusjus7 Posted January 29, 2012 Author Share Posted January 29, 2012 i have put it bk in <?php ini_set('session.bug_compat_42',0); ini_set('session.bug_compat_warn',0); $host="localhost"; // Host name $username="phpuser"; // username $password="phpuser"; // password $db_name="phpsite"; // Database name $tbl_name="users"; // Table name // Replace database connect functions depending on database you are using. mysql_connect("$host", "$username", "$password"); mysql_select_db("$db_name"); //submitting query // username and password sent from form //NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection! $UsersID=mysql_real_escape_string($_POST['UsersID']); $U_Password=mysql_real_escape_string($_POST['U_Password']); $sql="SELECT * FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'"; echo $sql; $result=mysql_query($sql); //checking results // Replace counting function based on database you are using. $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row //Direct Userbased on result if($count==1){ // Register $UsersID, $U_Password and redirect to file "login_success.php" $_SESSION['UsersID']=$result[0]; $_SESSION['U_YearID']=$result[1]; if($_SESSION['U_YearID']==1) header("location:login_success.php"); if($_SESSION['U_YearID']==2) header("location:login_success2.php"); if($_SESSION['U_YearID']==4) header("location:login_success4.php"); } else { echo "Wrong Username or Password"; } ?> and i get this error SELECT UsersID,U_YearID FROM users WHERE UsersID='aa101' and U_Password='000123456' Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted January 29, 2012 Share Posted January 29, 2012 That isn't an error. It's the output from echo $sql;. You need to include session_start() at the beginning of the script. The header() redirects will never work if there is has already output sent to the browser, such as echo $sql; Quote Link to comment Share on other sites More sharing options...
jusjus7 Posted January 29, 2012 Author Share Posted January 29, 2012 That isn't an error. It's the output from echo $sql;. You need to include session_start() at the beginning of the script. The header() redirects will never work if there is has already output sent to the browser, such as echo $sql; Still nothing i have added session_start() at the top of the php code and still getting that :/ session_start(); ini_set('session.bug_compat_42',0); ini_set('session.bug_compat_warn',0); $host="localhost"; // Host name $username="phpuser"; // username $password="phpuser"; // password $db_name="phpsite"; // Database name $tbl_name="users"; // Table name // Replace database connect functions depending on database you are using. mysql_connect("$host", "$username", "$password"); mysql_select_db("$db_name"); //submitting query // username and password sent from form //NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection! $UsersID=mysql_real_escape_string($_POST['UsersID']); $U_Password=mysql_real_escape_string($_POST['U_Password']); $sql="SELECT UsersID,U_YearID FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'"; echo $sql; $result=mysql_query($sql); //checking results // Replace counting function based on database you are using. $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row //Direct Userbased on result if($count==1){ // Register $UsersID, $U_Password and redirect to file "login_success.php" $_SESSION['UsersID']=$result[0]; $_SESSION['U_YearID']=$result[1]; if($_SESSION['U_YearID']==1) header("location:login_success.php"); if($_SESSION['U_YearID']==2) header("location:login_success2.php"); if($_SESSION['U_YearID']==4) header("location:login_success4.php"); } else { echo "Wrong Username or Password"; } ?> Quote Link to comment Share on other sites More sharing options...
Drummin Posted January 29, 2012 Share Posted January 29, 2012 As Pikachu2000 pointed out, you can't send anything to the browser before setting any sessions. This includes echoing out the $sql. Comment out that line or remove it. Quote Link to comment Share on other sites More sharing options...
jusjus7 Posted January 29, 2012 Author Share Posted January 29, 2012 As Pikachu2000 pointed out, you can't send anything to the browser before setting any sessions. This includes echoing out the $sql. Comment out that line or remove it. I commented it out and i dont get that sql "error" any more but all i get is a blank page...any ideas would it could be and why its not taking me to any page? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.