jacko_162 Posted October 28, 2014 Share Posted October 28, 2014 (edited) I have a Login page which i want to check if the user details (username, password and activation) are valid then redirect user dependent on his/her "accessLevel" (admin, member and none) Admin will be directed to "index.php" Member will be directed to "tasks.php" and none will be redirected to "notActive.php" here is my current code which half works; <?php include ('connect.php'); if(isset($_POST['submit'])) { // Initialize a session: session_start(); // Define $username and $password $username=$_POST['username']; $password=$_POST['password']; // To protect MySQL injection $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $sql="SELECT * FROM ecmt_members WHERE username='$username' and password='$password' AND Activation IS NULL"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $username and $password, table row must be 1 row if($count==1){ // Register $username, $password and redirect to file "index.php" $role = mysql_fetch_array($result); $_SESSION['username']= $username; $_SESSION['password']= $password; //$_SESSION['role']= $role['accessLevel']; if($role['accessLevel'] == "admin"){ $_SESSION['adminuser']=$role['accessLevel']; header("location:index.php"); exit(); } elseif($role['accessLevel'] == "member"){ $_SESSION['user']=$role['accessLevel']; header("location:tasks.php"); exit(); } else { echo "Error: Username, Password or Access Level incorrect! Go Home, you're Drunk!!!"; } } } // End of the main Submit conditional. ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Login Form</title> <!-- jQUERY --> <script src="//code.jquery.com/jquery-latest.js"></script> <!-- Add Main CSS --> <link rel="stylesheet" type="text/css" href="../tool/css/main.css"> <!-- Font-Awesome --> <link href="//maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css" rel="stylesheet"> <style> body { background: url(../tool/images/bg1.jpg) no-repeat center center fixed; -webkit-background-size: cover; -moz-background-size: cover; -o-background-size: cover; background-size: cover; } .exactCenter { width:auto; height:auto; position: fixed; top: 50%; left: 50%; margin-top: -200px; ; } </style> </head> <body> <div class="exactCenter"> <div id="login-container"> <img src="../tool/images/bigLogo.png" /><br /> <form action="login.php" method="post" class="form"> <fieldset class="group"> <input class="input" type="text" id="username" name="username" size="25" placeholder="username"/> <img src="../tool/images/spacer.png" width="5" height="5" /> <input class="input" type="password" id="password" name="password" size="25" placeholder="password"/> <img src="../tool/images/spacer.png" width="5" height="5" /> </fieldset> <input type="hidden" name="formsubmitted" value="TRUE" /> <button type="submit" name="submit" class="btn btn-blue" ><i class="fa fa-unlock-alt"></i> Login</button> <img src="../tool/images/spacer.png" width="5" height="5" /> <a href="Register.php"><button type="button" class="btn btn-green" ><i class="fa fa-hand-o-up"></i> Register</button></a> </form> </div></div> </body> </html> When i test it with admin login credentials i get the page refresh again without error, when i login with member credentials it shows tasks.php and when i try to log in with unactivated account "acivation column is not NULL" i get a page refresh also with no error. Can someone help me make it work for each role and perhaps have some sort of error reporting depending on error. im pulling my hair out here and this is the first time i have worked with login conditions, and im VERY confused. Edited October 28, 2014 by jacko_162 Quote Link to comment https://forums.phpfreaks.com/topic/292123-trying-a-simple-login-form-with-complicated-results/ Share on other sites More sharing options...
jacko_162 Posted October 28, 2014 Author Share Posted October 28, 2014 attatched my database screenshot if it helps out. Quote Link to comment https://forums.phpfreaks.com/topic/292123-trying-a-simple-login-form-with-complicated-results/#findComment-1495057 Share on other sites More sharing options...
QuickOldCar Posted October 29, 2014 Share Posted October 29, 2014 You marked this as solved. For one.....never store any type of passwords in a session $_SESSION['password']= $password; I usually use a 1-9 number system for user roles, 9 being admin, 1 is a user, between can specify any other abilities. If not logged in is considered a guest. I think you are complicating things more than needed, creating the following 3 sessions should be fine $_SESSION['user_name'] $_SESSION['user_level'] $_SESSION['user_logged'] $_SESSION['user_name'] = $role['username']; if($role['accessLevel'] == "admin") { $_SESSION['user_level'] = "admin"; $_SESSION['user_logged'] = true; header('Location: index.php'); exit(); } elseif($role['accessLevel'] == "member") { $_SESSION['user_level'] = "member"; $_SESSION['user_logged'] = true; header('Location: tasks.php'); exit(); } else { $_SESSION['user_level'] = "none"; $_SESSION['user_logged'] = false; header('Location: notActive.php'); exit(); } I would also place session_start(); at the top You can check if a user already logged in or not and redirect them elsewhere session_start(); if(isset($_SESSION['user_logged']) && $_SESSION['user_logged'] == true){ header('Location: index.php'); exit(); } You can look here a post I did the other day for a registration form that includes showing some errors. http://forums.phpfreaks.com/topic/292078-why-wont-this-go-to-mysql-form/?do=findComment&comment=1494882 Quote Link to comment https://forums.phpfreaks.com/topic/292123-trying-a-simple-login-form-with-complicated-results/#findComment-1495062 Share on other sites More sharing options...
QuickOldCar Posted October 29, 2014 Share Posted October 29, 2014 (edited) if this is a login shouldn't you not include "AND Activation IS NULL" to the end of your query Instead in the session creation can make a check Change this according to your logic if($role['activation'] != NULL){ $_SESSION['user_logged'] = true; } Edited October 29, 2014 by QuickOldCar Quote Link to comment https://forums.phpfreaks.com/topic/292123-trying-a-simple-login-form-with-complicated-results/#findComment-1495063 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.