Edmhar Posted October 25, 2013 Share Posted October 25, 2013 Hi, Guys Im new here im creating our system for Thesis , so our system is MIS ( Management Information System) it have subsystem of Employee Management System , Assests Management System, Customer Relation Management. So when im creating log in i encounter this problems. Im thinking that problem is came from core.php but i dont know how to fix it.Here is my indes.php <?php require 'core.php'; require 'connect.php'; if (loggedin()) { if($_SESSION['type'] == 'EMPLOYEE'){ header('Location:../MIS1/home2.php'); }else{ header('Location:../MIS1/home.php'); } } else{ header('Location:../MIS1/loginform.php'); } ?> This is my core.php <?php ob_start(); session_start(); $current_file = $_SERVER['SCRIPT_NAME']; function loggedin() { if (isset($_SESSION['user_id'])&&!empty($_SESSION['user_id'])) { return true; } else { return false; } } function adminloggedin() { if (isset($_SESSION['user_id'])&&!empty($_SESSION['user_id'])) { return true; } else { return false; } } ?> this is my loginform. <?php if (isset($_POST['eusername'])&&isset($_POST['epassword'])) { $username = mysql_real_escape_string($_POST['eusername']); $password = mysql_real_escape_string(md5($_POST['epassword'])); if (!empty($username)&&!empty($password)) { $query = "SELECT * FROM tbl_account WHERE LogUsername='".$username."' AND LogPassword = '".$password."' AND type = 'ADMINISTRATION' "; if ($query_run = mysql_query($query)) { $query_num_rows = mysql_num_rows($query_run); if ($query_num_rows==0) { echo 'Invalid username/Password combination.'; } else if ($query_num_rows == 1) { $user_id = mysql_result($query_run, 0, 'LogUsername'); $_SESSION['user_id']=$user_id; $_SESSION['type'] = "EMPLOYEE"; header('Location:../MIS1/indes.php'); } } } else { echo 'You must supply username/password.'; } } ?> <div id="employee"> <form action="<?php echo $current_file ?>" method="POST"> Employee ID: <input type="text" name="eusername"> </br> Password: <input type="password" name="epassword"> <input type="submit" id="employeesubmit" value="Log in"> </form> </div> <div id="admin"> <form action="<?php echo $current_file ?>" method="POST"> Admin ID: <input type="text" name="username"> </br> Password: <input type="password" name="password"> <input type="submit" id="adminsubmit" value="Log in"> </form> </div> this is my adminloginform.php <?php if (isset($_POST['username'])&&isset($_POST['password'])) { $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string(md5($_POST['password'])); if (!empty($username)&&!empty($password)) { $query = "SELECT * FROM tbl_account WHERE LogUsername='".$username."' AND LogPassword = '".$password."' AND type = 'ADMINISTRATION' "; if ($query_run = mysql_query($query)) { $query_num_rows = mysql_num_rows($query_run); if ($query_num_rows==0) { echo 'Invalid username/Password combination.'; } else if ($query_num_rows == 1) { $user_id = mysql_result($query_run, 0, 'LogUsername'); $_SESSION['user_id']=$user_id; $_SESSION['type'] = "ADMININSTRATION"; } } } else { echo 'You must supply username/password.'; } } ?> This is my connect.php <?php $conn_err ='Cant Connect'; $mysql_host = 'localhost'; $mysql_user = 'root'; $mysql_pass = ''; $mysql_db = 'mis'; if (!@mysql_connect($mysql_host, $mysql_user, $mysql_pass)||!@mysql_select_db($mysql_db)) { die($conn_err); } ?> Please help me i need to it to continue my thesis i also attach the php files for who wants to try Quote Link to comment https://forums.phpfreaks.com/topic/283282-php-2-types-of-users-log-in-problem-access-forbidden/ Share on other sites More sharing options...
mac_gyver Posted October 25, 2013 Share Posted October 25, 2013 you didn't actually state what exact problem you are having with the code. however, DRY (Don't Repeat Yourself). you are repeating the login form and form processing code. that isn't accomplishing anything, except to make more work for you. the purpose of logging in is to authenticate who the visitor is. your database table contains a type column that tells your code what the visitor may access. you would simply retrieve that type value and use it in the comparisons that determine what the visitor may see or do on any page. Quote Link to comment https://forums.phpfreaks.com/topic/283282-php-2-types-of-users-log-in-problem-access-forbidden/#findComment-1455433 Share on other sites More sharing options...
Edmhar Posted October 25, 2013 Author Share Posted October 25, 2013 Sorry, This is my problem, when i go logged in Sorry, T This is will come out Quote Link to comment https://forums.phpfreaks.com/topic/283282-php-2-types-of-users-log-in-problem-access-forbidden/#findComment-1455434 Share on other sites More sharing options...
Edmhar Posted October 25, 2013 Author Share Posted October 25, 2013 And sorry i new in php , i only learned from analyzing systems. i never learned from my professor.can you help me doing the comparing that you saying sir? so i can analyze that Thanks You Again sir Quote Link to comment https://forums.phpfreaks.com/topic/283282-php-2-types-of-users-log-in-problem-access-forbidden/#findComment-1455435 Share on other sites More sharing options...
Edmhar Posted October 25, 2013 Author Share Posted October 25, 2013 you didn't actually state what exact problem you are having with the code. however, DRY (Don't Repeat Yourself). you are repeating the login form and form processing code. that isn't accomplishing anything, except to make more work for you. the purpose of logging in is to authenticate who the visitor is. your database table contains a type column that tells your code what the visitor may access. you would simply retrieve that type value and use it in the comparisons that determine what the visitor may see or do on any page. Sir check my updated sorry im new in php Quote Link to comment https://forums.phpfreaks.com/topic/283282-php-2-types-of-users-log-in-problem-access-forbidden/#findComment-1455436 Share on other sites More sharing options...
Ch0cu3r Posted October 25, 2013 Share Posted October 25, 2013 You are getting the error in the second screenshot because the variable $current_file doesn't exist. <form action="<?php echo $current_file ?>" method="POST"> If your submitting the form to itself then use an empty action attribute Quote Link to comment https://forums.phpfreaks.com/topic/283282-php-2-types-of-users-log-in-problem-access-forbidden/#findComment-1455447 Share on other sites More sharing options...
Edmhar Posted October 26, 2013 Author Share Posted October 26, 2013 You are getting the error in the second screenshot because the variable $current_file doesn't exist. <form action="<?php echo $current_file ?>" method="POST"> If your submitting the form to itself then use an empty action attribute I try to empty the form attribute but nothing happens when i click log in Quote Link to comment https://forums.phpfreaks.com/topic/283282-php-2-types-of-users-log-in-problem-access-forbidden/#findComment-1455501 Share on other sites More sharing options...
Edmhar Posted October 26, 2013 Author Share Posted October 26, 2013 You are getting the error in the second screenshot because the variable $current_file doesn't exist. <form action="<?php echo $current_file ?>" method="POST"> If your submitting the form to itself then use an empty action attribute What i need to do to make my program run ? Please help im 2-3 days stuck here Quote Link to comment https://forums.phpfreaks.com/topic/283282-php-2-types-of-users-log-in-problem-access-forbidden/#findComment-1455502 Share on other sites More sharing options...
Solution Ch0cu3r Posted October 26, 2013 Solution Share Posted October 26, 2013 (edited) Is that the full code for loginform.php and adminloginform.php? In both files you need to include core.php and connect.php in order for 1) the sessions to work and 2) for the login code to be able to query the database. The only times you include these files is in indes.php. I try to empty the form attribute but nothing happens when i click log in I didn't realise loginform.php had two forms. The action attribute for admin login should be set to adminloginform.php but the employee login form needs be set to either loginform.php or just leave it empty. Edited October 26, 2013 by Ch0cu3r Quote Link to comment https://forums.phpfreaks.com/topic/283282-php-2-types-of-users-log-in-problem-access-forbidden/#findComment-1455520 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.