naverus Posted August 19, 2014 Share Posted August 19, 2014 Hello I hope that someone can help me i am trying to do the following: i am trying to do the following i have a login name and password and the redirects me depending on the level the works correctly. Table Users id_user user pass city Type //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// Table City id_city id_student city //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// Table Student id_student id_city name last name grade number card city -------------- login.php--------------------------------------------------------------------------------------------- <form id="form1" name="form1" method="post" action="cargar_login.php"> <table width="800" border="0" align="center" cellpadding="5" cellspacing="5"> <tr> <td colspan="2">blablabla</td> </tr> <tr> <td width="370">User</td> <td width="389"><input type="text" name="user" id="user" /></td> </tr> <tr> <td>Password</td> <td><input type="text" name="pass" id="pass" /></td> </tr> <tr> <td><input type="submit" name="boton" id="boton" value="Send" /></td> </tr> </table> </form> --------------finish login.php (form)------------------------------------------------------------------------------- //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// example name of the teacher name: Peter Pass .12345 or wteu12, wherever... City: Chicago Type :Teacher --------------Star cargar_login.php------------------------------------------------------------------------------- <?php include"conexion/conexion.php"; $consulta = "SELECT * FROM Users WHERE user = '{$_POST['user']}' AND pass = '{$_POST['pass']}'"; $datos = mysql_query($consulta, $id); $numDatos = @mysql_num_rows($datos); if ($numDatos <= 0) { echo"</p> <p> </p> <p> </p>"; echo"<link href='../stylesheets/tabla.css' rel='stylesheet' type='text/css' />"; echo "<center><table width='800' border='0' cellpadding='5' cellspacing='5'>"; echo"<tr>"; echo"<td class='textoerror'>"; echo "<img src='error.png' width='46' height='46'/>\n Error: User or Pass are Incorrect.\n<a href='login.php'>Tray Again</a>"; echo""; echo"</td>"; echo"</tr>"; echo"</table></center>"; } if(isset($_POST["boton"])) { $user = $_POST['user']; $pass = $_POST['pass']; $user = stripslashes($user); $pass = stripslashes($pass); $user = mysql_real_escape_string($user); $pass = mysql_real_escape_string($pass); $sql = "SELECT * FROM Users WHERE (user= '$user') AND pass='$pass'"; $resultados = mysql_query($sql); $count = mysql_num_rows($resultados);//counting table rows $derechos=mysql_fetch_array($resultados); //fetch contents from db @session_start(); $_SESSION['usuario'] = $user; if($derechos['type'] == "Supadmin"){ header("Location: supadmin/index.php"); // if userlevel admin } //if($derechos['type'] == "Admin"){ //print "<meta http-equiv=Refresh content=\"2 ; url=admin/index.php\">"; // if userlevel admin//} elseif($derechos['type'] == "Admin"){ header("Location: admin/index.php"); // if userlevel admin } elseif($derechos['type'] == "Teacher"){ header("Location: teacher/index.php"); // if userlevel teacher } elseif($derechos['type'] == "Students"){ header("Location: students/index.php"); // if userlevel students } elseif($derechos['type'] == "Parents"){ header("Location: parents/index.php"); // if userlevel parents } } else { echo "The user or Password is not Correct!"; } ?> --------------finish cargar_login.php------------------------------------------------------------------------------------ ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// Example he logs seccions teacher : Peter and called a teacher/index.php and already registered to be able to see all the students of teacher Peter, who lives in Chicago and he want to see all the students of Chicago in the main section of teacher (teacher/index.php). I think that to bring the data of teacher Peter what i have to do with the union of two tables i suppose that this is the Users and City and the union is for :id_city --------------this are secciob of teacher/index.php------------------------------------------------------------------------------------ ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// <?php session_start(); if(!isset($_SESSION['user'])) { header('Location: ../login.php'); exit(); } $usuario = $_POST['user']; $clave = $_POST['pass']; ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// And here is where you should get a list of all the students of the teacher Peter who is from Chicago In the code sample below(teacher/index.php) already concerned in many ways but i can't ... Help as i do so is what I do not understand please help I know that the code is bad, but this is my idea try to do this code...or call /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --------------Satr teacher/index.php------------------------------------------------------------------------------------ $id = mysql_connect("localhost", "root", ""); mysql_select_db("nueva", $id); $consulta_mysql="select User.*, city.* FROM user, city WHERE (user= '$user') AND pass='$pass"; $res=mysql_query($consulta_mysql,$id); if (!$res) { die('Error in the table: ' . mysql_error()); } while($registro=mysql_fetch_array($res)) { echo"<td>"; echo $registro["user"] ; echo"</td>"; echo"<td>"; echo $registro["city"] ; echo"</td>"; } ?> Quote Link to comment https://forums.phpfreaks.com/topic/290545-help-me-with-this-code-pls/ Share on other sites More sharing options...
CroNiX Posted August 19, 2014 Share Posted August 19, 2014 Please use the editor and wrap the code in the code tags. You can do that in the editor by highlighting the code and clicking on the <> symbol/button. Quote Link to comment https://forums.phpfreaks.com/topic/290545-help-me-with-this-code-pls/#findComment-1488368 Share on other sites More sharing options...
cyberRobot Posted August 20, 2014 Share Posted August 20, 2014 Assuming that I'm followed the code correctly, it looks like you are wondering why the username and password aren't being passed to "teacher/index.php". Is that correct? To get the username and password to "teacher/index.php", you'll need to create SESSION variables in the script which processes the form (cargar_login.php). It looks like you already created a SESSION variable for username here: $_SESSION['usuario'] = $user; Then in your "teacher/index.php" script, you'll need to use the SESSION variables instead of POST. So this: $usuario = $_POST['user']; Would be this: $usuario = $_SESSION['usuario']; Quote Link to comment https://forums.phpfreaks.com/topic/290545-help-me-with-this-code-pls/#findComment-1488392 Share on other sites More sharing options...
cyberRobot Posted August 20, 2014 Share Posted August 20, 2014 Side note: the cargar_login.php script currently runs the same query twice. ... $consulta = "SELECT * FROM Users WHERE user = '{$_POST['user']}' AND pass = '{$_POST['pass']}'"; ... $sql = "SELECT * FROM Users WHERE (user= '$user') AND pass='$pass'"; ... Your code could be modified so that it only needs one query. You'll also want to make sure you run the username and password through mysql_real_escape_string() before every query. As your code stands, the first query in cargar_login.php and the query in teacher/index.php, are both susceptible to SQL injection attacks. And in case you're not aware, the mysql_* functions have been deprecated. At some point, you'll need to look into using MySQLi or PDO. More information can be found here: http://php.net/manual/en/mysqlinfo.api.choosing.php Quote Link to comment https://forums.phpfreaks.com/topic/290545-help-me-with-this-code-pls/#findComment-1488393 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.