Jump to content

Problem with login page (accessing 2 tables)

OriginalSunny

By OriginalSunny
in PHP Coding Help

 Share

Recommended Posts

OriginalSunny Regular Member

OriginalSunny

Posted
Posted
Hi,
I am creating a login page for an employee however the administrator should also be able to access the page. I have got it working for the employee to be able to access the page with a username and password using:

$sql = "SELECT Username FROM Employee
WHERE Username='$_POST[username]'";
$result = mysql_query($sql)
or die("Couldn't execute query.");
$num = mysql_num_rows($result);
if ($num == 1) // login name was found
{
$sql = "SELECT password FROM Employee
WHERE Username='$_POST[username]'
AND password='$_POST[password]'";
$result2 = mysql_query($sql)
or die("Couldn't execute query 2.");
$num2 = mysql_num_rows($result2);
if ($num2 > 0) // password is correct
(
.........................

Now how do i alter it so that an administrator from the admin table can also access the page??
I am thinking of using this but i know it wont work so there must be another way??

$sql = "SELECT Username FROM Employee [b]OR Admin[/b]
WHERE Username='$_POST[username]'";
$result = mysql_query($sql)
or die("Couldn't execute query.");
..............................

The bit in bold is the bit i am supposed to be changing.
Thanks.
wisewood Newbie

wisewood

Posted
Posted
I wouldn't use seperate tables for users and admin. Have one table for users, and an authorisation level field within that table.

ie.

userID, username, password, authLevel

authLevel can then be set as 1 for users, 2 for admin and 3 for super-admin... or whatever you like.

Then, if you want a page to be visible ONLY to the user to whom it is relevant, have the $_SESSION[username] variable set when they log on... and you can have a query like "SELECT * FROM users WHERE username = $_SESSION[username]"

admin could access the same page by using a form or a list to select the name of the user for whom they'd like to view the details... ie

"SELECT * FROM users WHERE username = $_GET[username]"


Hope this helps.
OriginalSunny Regular Member

OriginalSunny

Posted
  • Author
Posted
I have tried to do it so that if the value in admin is 1 it will let the user go through to the next page but it just doesnt work. The code i have used is:

$sql1 = "SELECT admin FROM Employee
WHERE empUsername='$_POST[empUsername]'";
$result1 = mysql_query($sql1)
or die("Couldn't execute query.");
if ($result1 == 1)
{

....(go through to the next page)
}
else
{
(print error message)
}

No matter what i do it just seems to output the error message. I have stored the value 1 for one of the employees and 0 for the other but it still doesnt work. Is it an error in my code?? (I have also tried to put "" around the 1 highlighted in bold). Please help!
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.