tebrown Posted March 22, 2012 Share Posted March 22, 2012 Hey Guys, Im trying to work on my login script after successfully doing my register script. The problem im having trouble is that when i login with false details, it still prompts me with 'You have logged in". Also if the user is not activated it should say "Account has not been activated." Could someone help me out. Thanks. <?php include"database.php";?> <html> <head> <title>Login</title> </head> <body> <h1>Manager Login</h1> <form action="login.php" method="post"> <TABLE BORDER="0"> <TR> <TD>Email:</TD> <TD> <input type="text" name="email" size="20"> </TD> </TR> <TR> <TD>Password:</TD> <TD><INPUT TYPE="password" NAME="password" SIZE="20"></TD> </TR> </table> <P> <input type="submit" name="login" value="Login" /> </form> <?php session_start(); if (isset($_POST['login'])) { if (empty($_POST['email']) || empty($_POST['password'])) { $errors[] = "Please fill out all fields."; } $email = $_POST['email']; $password = $_POST['password']; $level = 'level'; $check = mysql_query("SELECT * FROM users WHERE email='".$email."' AND password='".$password."'"); if (mysql_num_rows($check)>=1) { $errors[] = "Wrong Details. Try Again."; } $check = mysql_query("SELECT * FROM users WHERE level='".$level."'"); if (mysql_num_rows($check)>=1) { if ($level == '0') { $errors[] = "Account has not been activated."; }} if (empty($errors)) { echo "You have logged in!"; } else { foreach($errors as $nErrors){ echo $nErrors . "<br>"; } } } ?> Quote Link to comment Share on other sites More sharing options...
dragon_sa Posted March 22, 2012 Share Posted March 22, 2012 session_start(); and form processing should be at the top of the page. $check = mysql_query("SELECT * FROM users WHERE level='".$level."'"); This code only checks if any user in the database has a level=level, it should be restricted by the email as well. Quote Link to comment Share on other sites More sharing options...
merylvingien Posted March 23, 2012 Share Posted March 23, 2012 <?php session_start(); if (isset($_POST['login'])) { if (empty($_POST['email']) || empty($_POST['password'])) { $errors[] = "Please fill out all fields."; } $email = $_POST['email']; $password = $_POST['password']; $level = 'level'; $check = mysql_query("SELECT * FROM users WHERE email='".$email."' AND password='".$password."'"); if (mysql_num_rows($check)>=1) { $errors[] = "Wrong Details. Try Again."; } $check = mysql_query("SELECT * FROM users WHERE level='".$level."'"); if (mysql_num_rows($check)>=1) { if ($level == '0') { $errors[] = "Account has not been activated."; }} if (empty($errors)) { echo "You have logged in!"; } else { foreach($errors as $nErrors){ echo $nErrors . "<br>"; } } } ?> That bit, put above the rest for starters. Whats $level? and how do you check if someone loggin in has a "level" of ? At the moment, your code sets $level to "level" $level = 'level'; Quote Link to comment Share on other sites More sharing options...
tebrown Posted March 23, 2012 Author Share Posted March 23, 2012 Ok i've given it another go. Although this code below still doesn't work properly. When i log in and enter a correct email and password, it still shows "You have successfully logged in", it should be saying the error message: "You have not been activated yet!". I must be nearly there.... <?php session_start(); include"database.php"; ?> <html> <head> <title>Login</title> </head> <body> <h1>Manager Login</h1> <form action="login.php" method="post"> <TABLE BORDER="0"> <TR> <TD>Email:</TD> <TD> <input type="text" name="email" size="20"> </TD> </TR> <TR> <TD>Password:</TD> <TD><INPUT TYPE="password" NAME="password" SIZE="20"></TD> </TR> </table> <P> <input type="submit" name="login" value="Login" /> </form> <?php if (isset($_POST['login'])) { if (empty($_POST['email']) || empty($_POST['password'])) { echo "Please fill out all fields."; } else { $email=mysql_real_escape_string($_POST['email']); $password=mysql_real_escape_string($_POST['password']); $sql="SELECT * FROM users WHERE email='$email' and password='".md5($password)."'"; $result=mysql_query($sql); $count=mysql_num_rows($result); if ($count['level'] == '0'){ echo "You have not been activated yet!"; } if($count==1){ //session_register("email"); //session_register("password"); echo "You have successfully logged in!"; } else { echo "Wrong Email or Password"; } } } ?> Quote Link to comment Share on other sites More sharing options...
Drummin Posted March 23, 2012 Share Posted March 23, 2012 Something more like this. Not tested, but should be closer. <?php session_start(); include"database.php"; if (isset($_POST['login'])) { if (empty($_POST['email']) || empty($_POST['password'])) { $message="Please fill out all fields."; }else{ $email=mysql_real_escape_string($_POST['email']); $password=mysql_real_escape_string($_POST['password']); $sql="SELECT id FROM users WHERE email='$email' and password='".md5($password)."'"; $result=mysql_query($sql); if (mysql_num_rows($result)){ $row = mysql_fetch_row($result); $_SESSION['user_id']=$row[0]; $message="You have successfully logged in!"; }else{ $message="Wrong Email or Password!"; } } } ?> <html> <head> <title>Login</title> </head> <body> <h1>Manager Login</h1> <?php if (isset($message)){echo "$message";}?> <form action="login.php" method="post"> <table border="0"> <tr> <td>Email:</td> <td><input type="text" name="email" size="20" /></td> </tr> <tr> <td>Password:</td> <td><input type="password" name="password" size="20"></td> </tr> <tr> <td colspan="2"><input type="submit" name="login" value="Login" /></td> </tr> </table> </form> </body> </html> Quote Link to comment Share on other sites More sharing options...
tebrown Posted March 23, 2012 Author Share Posted March 23, 2012 What about the user level activation that i mentioned above ^ Cheers. Quote Link to comment Share on other sites More sharing options...
Drummin Posted March 23, 2012 Share Posted March 23, 2012 Just modify query as needed. $sql="SELECT id,level,firstname FROM users WHERE email='$email' and password='".md5($password)."'"; $result=mysql_query($sql); if (mysql_num_rows($result)){ $row = mysql_fetch_row($result); $_SESSION['user_id']=$row[0]; $_SESSION['user_level']=$row[1]; $_SESSION['user_first']=$row[2]; $message="You have successfully logged in!"; }else{ $message="Wrong Email or Password!"; } } } ?> Quote Link to comment Share on other sites More sharing options...
tebrown Posted March 23, 2012 Author Share Posted March 23, 2012 Hmm ok... Where would the error message code "You are not activated yet" go? Quote Link to comment Share on other sites More sharing options...
Drummin Posted March 23, 2012 Share Posted March 23, 2012 You didn't indicate in your code what defines that. I would assume it is the level. Then adding an IF statement to check level within the result loop. <?php session_start(); include"database.php"; if (isset($_POST['login'])) { if (empty($_POST['email']) || empty($_POST['password'])) { $message="Please fill out all fields."; }else{ $email=mysql_real_escape_string($_POST['email']); $password=mysql_real_escape_string($_POST['password']); $sql="SELECT id,level,firstname FROM users WHERE email='$email' and password='".md5($password)."'"; $result=mysql_query($sql); if (mysql_num_rows($result)){ $row = mysql_fetch_row($result); if ($row[1]=="good Level"){ $_SESSION['user_id']=$row[0]; $_SESSION['user_level']=$row[1]; $_SESSION['user_first']=$row[2]; $message="You have successfully logged in!"; }else{ $message="You are not activated yet"; } }else{ $message="Wrong Email or Password!"; } } } ?> Not sure I have that all bracketed up right as I'm just adding things without testing anything. Quote Link to comment Share on other sites More sharing options...
tebrown Posted March 23, 2012 Author Share Posted March 23, 2012 Sweet, yup i ended up getting it to work. Just had to play around with a few things. Cheers Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.