[resolved] need help on username validation

[pixeltrace]

guys,

i need help, i have and admin page wherein it has 2 different kinds of user, namely admin and staff.
they login to the index page of the admin site
and after validation
for the admin it will lead him to homepage.php
for the staff if will lead him to homepage2.php

my problem is with the validation page.
i am getting error on line 36

below is my script. hope you can help me with this. thanks in advance!

[pixeltrace]

hi is there an alternative site were i can place my script?
i am getting a page cannot be found error whenever i put my script here

[realjumper]

I get the 'page not found' error sometimes too....not sure what the problem is....I guess you are using the 'code' tags?

[pixeltrace]

its the same, whether i use the code tags or not.
is there anything we can do to fix this one?

also is there an alternate site were i can post my codes for you to check the problem on my codes?

thanks!

[pixeltrace]

my codes can be checked here

http://sinagtala.net/checkUser.phps

please check

thanks!

[realjumper]

Line 36 (I think) says....
[code]
else($login_check > 1){
[/code]

I might be wrong but shouldn't it say....
[code]
elseif($login_check > 1){
[/code]

[pixeltrace]

i already did that and its still getting this error

Parse error: syntax error, unexpected T_ELSEIF in /home/sinag/public_html/admean/checkUser.php on line 36

[trq]

Post your actual code then. Also note that session_register() is not really needed.

[JustinK101]

A few questions:

With the query: SELECT * FROM users WHERE username='$username' AND password='$password'

Why do you check if multiple results returned? Should'nt there only be one result returned? Username should be a primary unique key right? So simply do:

if($login_check == 0) { //NOT LOGGED IN }
else { //LOGGED IN }

Second, in the following:

[code]
session_register('userid');
       $_SESSION['userid'] = $userid;
       session_register('username');
       $_SESSION['username'] = $username;
       session_register('special_user');
       $_SESSION['user_level'] = $user_level;
[/code]

Should'nt they be:

$_SESSION['userid'] = $row['userid'];
$_SESSION['username'] = $row['username'];
$_SESSION['user_level'] = $row['user_level'];

[trq]

[quote]
Should'nt they be:

$_SESSION = $row['userid'];
$_SESSION = $row['username'];
$_SESSION = $row['user_level'];[/quote]

No. You dont need to use session_register() though... you can leave tyhose lines out.

[JustinK101]

Thorpe:

Really, session_register() is not needed? I do the following in all my code.

session_register("session_id");
session_register("session_username");
$session_id = $row['id'];
$session_username = $_POST['employee_username'];

[trq]

[quote]Really, session_register() is not needed? I do the following in all my code.[/quote]

Then what exactly where you trying to point out in your previous post?

[JustinK101]

Because he does:

session_register('userid');
        $_SESSION['userid'] = $userid;
        session_register('username');
        $_SESSION['username'] = $username;
        session_register('special_user');
        $_SESSION['user_level'] = $user_level;

Where is $userid, $username, and $user_level defined? I beleive they are elements in the $row array, right? And, session_register is required to create a session.

[trq]

He had allready extracted those variables from the $row array using...

[code=php:0]
foreach( $row AS $key => $val ){
    $$key = stripslashes( $val );
}
[/code]

And no. session_register() has long been depricated.

Anyway, pixeltrace... have you got your current code we can see? The error should be fixed with realjumpers suggestion.

[JustinK101]

Ohh, shintnaz, thorpe your right.

register_session() only works with register_globals on. What is the proper way to do it then? Is it simply like:

$_SESSION['session_id'] = $row['id'];
$_SESSION['username'] = $_POST['employee_username'];

Also read in php6 they removing register globals, I think that is bad decision. It should still be an option. Many applications are written assuming register globals.

[trq]

Yes it is as simple as your example. And no... removing register globals is a briilient idea, the bad idea was ever having them in the first place.

[pixeltrace]

hi guys,

so what are the lines should i remove and replaced?

i got lost on that conversation.

hehehehe.

i apologize for that

[pixeltrace]

this is what i did.... is this correct?

http://www.sinagtala.net/checkUser.phps

[trq]

Yeah sorry, that was a little off topic. You can safely remove all the session_register() lines.

However, do you still have your error? Can you post your current code?

[trq]

[quote]this is what i did.... is this correct?[/quote]

Not really. What is this code meant to actually do? I meen, you have this line...

[code=php:0]
$login_check = mysql_num_rows($sql);
[/code]

but there is no query before it so its kinda pointless.

Also, as has been stated you are using while() loops that I believe should'nt be required. User names should be unique.

[pixeltrace]

hi,

it still wont work

im getting this error

Parse error: syntax error, unexpected T_ELSEIF in /home/sinag/public_html/admean/checkUser.php on line 30

[trq]

3rd time lucky. I ask again, post your current code!!!

[pixeltrace]

http://www.sinagtala.net/checkUser.phps

i was able to fix it somehow

but when i login using admin or staff userid...
its directing me to homepage.php

if i login using admin userid it should direct me to homepage.php

if i login using staff userid it should direct me to homepage2.php

what else is wrong in my codes?

[trq]

Where is $login_check defined. Sorry... but I don't see how this logs you in at all.

[pixeltrace]

this was in my code before

$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
$login_check = mysql_num_rows($sql);

this line is before

if($login_check == 0) { //NOT LOGGED IN }

what else needs to be fixed here?