bordetaning Posted February 4, 2015 Share Posted February 4, 2015 Hi, I have a question is this situation possible below?sample database table InformationID, Username,Password,level1 user1 Pass1 12 user2 Pass2 2I want a php code i which when I login my username and password it will check 3 fields in the table, the username and password if it matches from the database and the it will check what level is the user. So if ever username and password is correct it will check if what level is the user, so if the users level is 1 it will go to level1.php page and if 2 it will go to level2.phpHope you can help me with this problem of mine. Quote Link to comment https://forums.phpfreaks.com/topic/294351-search-username-password-and-the-verify-status/ Share on other sites More sharing options...
scootstah Posted February 4, 2015 Share Posted February 4, 2015 Of course it's possible. Have you written any code? Are you stuck somewhere in particular? Quote Link to comment https://forums.phpfreaks.com/topic/294351-search-username-password-and-the-verify-status/#findComment-1504793 Share on other sites More sharing options...
bordetaning Posted February 4, 2015 Author Share Posted February 4, 2015 Hi Guru Sir, Here is my sample code below, what else do i need to add in order to check the "level" field and proceed? Many thanks. <?php session_start(); if(isset($_POST['log2'])){ if(!empty($_POST['use']) && !empty($_POST['pass'])){ include 'dbconfig.php'; $msg=""; $use=$_POST['use']; $pws=$_POST['pass']; $query="select * from admin where username='".$use."' and password=md5('".$pws."')"; $result=mysql_query($query) or die(); if(mysql_num_rows($result)==1) { $rs=mysql_fetch_array($result); $_SESSION['user']=$rs["Fname"]; $use=$_SESSION['user']; $dif=$rs["date_login"]; $query="update admin set date_login='".$time."',last_date='".$dif."' where Fname='".$use."'"; mysql_query($query) or die("ASDFSDF".mysql_error()); $host = $_SERVER['HTTP_HOST']; $uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\'); $extra = 'Levelpage.php'; ?> <script type="text/javascript" > window.location="<?php echo "http://$host$uri/$extra";?>"; </script> Quote Link to comment https://forums.phpfreaks.com/topic/294351-search-username-password-and-the-verify-status/#findComment-1504815 Share on other sites More sharing options...
scootstah Posted February 4, 2015 Share Posted February 4, 2015 (edited) Please wrap your code in code tags. You're querying your database table and returning other columns, so why are you unable to get the level column? Your code is full of bad things. I'm guessing you're looking at some 12 year old PHP tutorial or something? 1. You are vulnerable to SQL injection. Best course of action: stop using the mysql_* API and either use mysqli_* or PDO. Example: // create new PDO connection $pdo = new PDO('mysql:dbname=yourdbname;host=localhost', 'user', 'password'); // prepare a query $stmt = $pdo->prepare("select * from admin where username=:username and password=md5(:password)"); // bind parameter values $stmt->bindValue(':username', $use); $stmt->bindValue(':password', $pws); // execute query $stmt->execute(); // get results $result = $stmt->fetch(PDO::FETCH_ASSOC); // associative array of query resultsIf you insist on using deprecated libraries, then you must at least escape your data before you use it in a query to prevent SQL injection. $use = mysql_real_escape_strings($_POST['use']); $pws = mysql_real_escape_strings($_POST['pass']);2. Do not store passwords with MD5! MD5 has been broken for many many years. That, coupled with the fact that you're not salting the passwords, you might as well just store them plaintext and skip the function call. MD5 was never meant for storing passwords, and it is not good at it. You want a slow, adaptive hashing algorithm such as bcrypt. PHP >= 5.5 has a new password_hash() function that creates secure password hashes. I recommend that you use this. If you cannot use PHP 5.5, then use ircmaxell's backwards compatibility library. 3. You are making a very unsafe redirect link using $_SERVER['HTTP_HOST'] and $_SERVER['PHP_SELF']. The client can manipulate these values. You can just use relative paths instead. If you must use an absolute path, then you need to either set your base URL as a constant, or sanitize the input. 4. You're using an undefined variable $time in your query on line 30. This tells me that you probably have NOTICE level errors turned off (or you just ignored them). I would recommend always developing with max error reporting (use error_reporting -1) to avoid code smell. Edited February 4, 2015 by scootstah 1 Quote Link to comment https://forums.phpfreaks.com/topic/294351-search-username-password-and-the-verify-status/#findComment-1504834 Share on other sites More sharing options...
bordetaning Posted February 5, 2015 Author Share Posted February 5, 2015 Hi Sir Guru, Thanks for clarifying a lot of things i'm just new to this and you're right I've encountered a lot of errors I was forced to develop this project for our capstone subject. So for the column the column level, how do would you create a query to check for the level # and proceed with the corresponding level # page? because my lo-gin page has only the username and password field? Hope to hear from you. Thanks a lot. Quote Link to comment https://forums.phpfreaks.com/topic/294351-search-username-password-and-the-verify-status/#findComment-1504922 Share on other sites More sharing options...
scootstah Posted February 5, 2015 Share Posted February 5, 2015 (edited) You are selecting all of the columns from your database on this line: $rs=mysql_fetch_array($result);So, $rs is an array containing all of the columns for the selected row. So, you would access the level column just like you have accessed the Fname column here: $_SESSION['user']=$rs["Fname"];From there, you can use a conditional to decide which page to use here:$extra = 'Levelpage.php'; Edited February 5, 2015 by scootstah Quote Link to comment https://forums.phpfreaks.com/topic/294351-search-username-password-and-the-verify-status/#findComment-1504924 Share on other sites More sharing options...
bordetaning Posted February 5, 2015 Author Share Posted February 5, 2015 Hi Sir Guru, I do apologize I still don't get it. what do you mean conditional? so we are able to check the user level by "$rs=mysql_fetch_array($result);" , what would be the condition to use if the system has already check the the level, like if $rs["level"]=1; { $extra = 'Level1.php'; } else if $rs["level"]=2; { $extra = 'Level2.php'; } Please help in right flow for this to work. Sorry again for being slow about this. Many thanks Quote Link to comment https://forums.phpfreaks.com/topic/294351-search-username-password-and-the-verify-status/#findComment-1504927 Share on other sites More sharing options...
scootstah Posted February 5, 2015 Share Posted February 5, 2015 You're already using conditionals in your code above, it's no different here. Did you even write that code?? http://php.net/manual/en/control-structures.if.php Quote Link to comment https://forums.phpfreaks.com/topic/294351-search-username-password-and-the-verify-status/#findComment-1504957 Share on other sites More sharing options...
bordetaning Posted February 9, 2015 Author Share Posted February 9, 2015 Thanks a lot for the assistance. Appreciate it, Quote Link to comment https://forums.phpfreaks.com/topic/294351-search-username-password-and-the-verify-status/#findComment-1505225 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.