Jump to content

help me with this code pls


naverus

Recommended Posts

Hello I hope that someone can help me i am trying to do the following: i am trying to do the following i have a login name and password and the redirects me depending on the level the works correctly.

 

 

 

Table Users

 

id_user

 

user

 

pass

 

city

 

Type

 

////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

 

 

 

Table City

 

id_city

 

id_student

 

city

 

 

 

////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

 

 

 

Table Student

 

id_student

 

id_city

 

name

 

last name

 

grade

 

number card

 

city

 

 

 

-------------- login.php---------------------------------------------------------------------------------------------

 

 

 

<form id="form1" name="form1" method="post" action="cargar_login.php">

 

<table width="800" border="0" align="center" cellpadding="5" cellspacing="5">

<tr>

<td colspan="2">blablabla</td>

</tr>

<tr>

<td width="370">User</td>

<td width="389"><input type="text" name="user" id="user" /></td>

</tr>

<tr>

<td>Password</td>

<td><input type="text" name="pass" id="pass" /></td>

</tr>

<tr>

<td><input type="submit" name="boton" id="boton" value="Send" /></td>

</tr>

</table>

</form>

 

--------------finish login.php (form)-------------------------------------------------------------------------------

 

////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

 

example name of the teacher 

 

name: Peter

 

Pass .12345 or wteu12, wherever...

 

City: Chicago

 

Type :Teacher

 

 

 

 

 

--------------Star cargar_login.php-------------------------------------------------------------------------------

 

<?php 

include"conexion/conexion.php";

$consulta = "SELECT * FROM Users WHERE user = '{$_POST['user']}' AND pass = '{$_POST['pass']}'"; 

$datos = mysql_query($consulta, $id); 

$numDatos = @mysql_num_rows($datos); 

if ($numDatos <= 0) {

 

echo"</p>

<p> </p>

<p> </p>";

echo"<link href='../stylesheets/tabla.css' rel='stylesheet' type='text/css' />";

echo "<center><table width='800' border='0' cellpadding='5' cellspacing='5'>";

echo"<tr>";

echo"<td class='textoerror'>";

echo "<img src='error.png' width='46' height='46'/>\n Error: User or Pass are Incorrect.\n<a href='login.php'>Tray Again</a>";

echo""; 

echo"</td>";

echo"</tr>";

echo"</table></center>";

} if(isset($_POST["boton"]))

{

$user = $_POST['user'];

$pass = $_POST['pass'];

$user = stripslashes($user);

$pass = stripslashes($pass);

$user = mysql_real_escape_string($user);

$pass = mysql_real_escape_string($pass);

$sql = "SELECT * FROM Users WHERE (user= '$user') AND pass='$pass'";

$resultados = mysql_query($sql);

$count = mysql_num_rows($resultados);//counting table rows

$derechos=mysql_fetch_array($resultados); //fetch contents from db

@session_start();

$_SESSION['usuario'] = $user;

 

if($derechos['type'] == "Supadmin"){

header("Location: supadmin/index.php"); // if userlevel admin

}

//if($derechos['type'] == "Admin"){

//print "<meta http-equiv=Refresh content=\"2 ; url=admin/index.php\">";

// if userlevel admin//}

elseif($derechos['type'] == "Admin"){

header("Location: admin/index.php"); // if userlevel admin

}

elseif($derechos['type'] == "Teacher"){

header("Location: teacher/index.php"); // if userlevel teacher


 

elseif($derechos['type'] == "Students"){

header("Location: students/index.php"); // if userlevel students


elseif($derechos['type'] == "Parents"){

 

header("Location: parents/index.php"); // if userlevel parents


}

else

{ echo "The user or Password is not Correct!"; }

?>

 

--------------finish cargar_login.php------------------------------------------------------------------------------------

 

//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

 

Example he logs seccions teacher : Peter and called a teacher/index.php and already registered to be able to see all the students of teacher Peter, who lives in Chicago and he want to see all the students of Chicago in the main section of teacher (teacher/index.php).

 

I think that to bring the data of teacher Peter what i have to do with the union of two tables i suppose that this is the Users and City and the union is for :id_city

 

--------------this are secciob of teacher/index.php------------------------------------------------------------------------------------

 

//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

 

<?php session_start();

if(!isset($_SESSION['user'])) 

{

header('Location: ../login.php'); 

exit();


$usuario = $_POST['user'];

$clave = $_POST['pass'];

 

/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

 

And here is where you should get a list of all the students of the teacher Peter who is from Chicago

 

In the code sample below(teacher/index.php) already concerned in many ways but i can't ... Help as i do so is what I do not understand please help 

 

I know that the code is bad, but this is my idea try to do this code...or call

 

///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

 

--------------Satr teacher/index.php------------------------------------------------------------------------------------

 

$id = mysql_connect("localhost", "root", "");

mysql_select_db("nueva", $id); 

$consulta_mysql="select User.*, city.* FROM user, city WHERE (user= '$user') AND pass='$pass";

$res=mysql_query($consulta_mysql,$id); 

 

if (!$res) { 

die('Error in the table: ' . mysql_error()); 


 

 

while($registro=mysql_fetch_array($res)) 


echo"<td>";

echo $registro["user"] ; 

echo"</td>";

echo"<td>";

echo $registro["city"] ; 

echo"</td>";

 


 

?>

 

 

 

Link to comment
Share on other sites

Assuming that I'm followed the code correctly, it looks like you are wondering why the username and password aren't being passed to "teacher/index.php". Is that correct?

 

To get the username and password to "teacher/index.php", you'll need to create SESSION variables in the script which processes the form (cargar_login.php). It looks like you already created a SESSION variable for username here:

$_SESSION['usuario'] = $user;

Then in your "teacher/index.php" script, you'll need to use the SESSION variables instead of POST. So this:

$usuario = $_POST['user'];

Would be this:

$usuario = $_SESSION['usuario'];
Link to comment
Share on other sites

Side note: the cargar_login.php script currently runs the same query twice.

...
$consulta = "SELECT * FROM Users WHERE user = '{$_POST['user']}' AND pass = '{$_POST['pass']}'";
...
$sql = "SELECT * FROM Users WHERE (user= '$user') AND pass='$pass'";
...
 
Your code could be modified so that it only needs one query. You'll also want to make sure you run the username and password through mysql_real_escape_string() before every query. As your code stands, the first query in cargar_login.php and the query in teacher/index.php, are both susceptible to SQL injection attacks.
 
 
And in case you're not aware, the mysql_* functions have been deprecated. At some point, you'll need to look into using MySQLi or PDO. More information can be found here:
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.