Jump to content


Photo

Problem with login page (accessing 2 tables)


  • Please log in to reply
2 replies to this topic

#1 OriginalSunny

OriginalSunny
  • Members
  • PipPipPip
  • Advanced Member
  • 95 posts

Posted 18 April 2006 - 03:23 PM

Hi,
I am creating a login page for an employee however the administrator should also be able to access the page. I have got it working for the employee to be able to access the page with a username and password using:

$sql = "SELECT Username FROM Employee
WHERE Username='$_POST[username]'";
$result = mysql_query($sql)
or die("Couldn't execute query.");
$num = mysql_num_rows($result);
if ($num == 1) // login name was found
{
$sql = "SELECT password FROM Employee
WHERE Username='$_POST[username]'
AND password='$_POST[password]'";
$result2 = mysql_query($sql)
or die("Couldn't execute query 2.");
$num2 = mysql_num_rows($result2);
if ($num2 > 0) // password is correct
(
.........................

Now how do i alter it so that an administrator from the admin table can also access the page??
I am thinking of using this but i know it wont work so there must be another way??

$sql = "SELECT Username FROM Employee OR Admin
WHERE Username='$_POST[username]'";
$result = mysql_query($sql)
or die("Couldn't execute query.");
..............................

The bit in bold is the bit i am supposed to be changing.
Thanks.


#2 wisewood

wisewood
  • Members
  • PipPipPip
  • Advanced Member
  • 226 posts
  • LocationRotherham, England

Posted 18 April 2006 - 03:31 PM

I wouldn't use seperate tables for users and admin. Have one table for users, and an authorisation level field within that table.

ie.

userID, username, password, authLevel

authLevel can then be set as 1 for users, 2 for admin and 3 for super-admin... or whatever you like.

Then, if you want a page to be visible ONLY to the user to whom it is relevant, have the $_SESSION[username] variable set when they log on... and you can have a query like "SELECT * FROM users WHERE username = $_SESSION[username]"

admin could access the same page by using a form or a list to select the name of the user for whom they'd like to view the details... ie

"SELECT * FROM users WHERE username = $_GET[username]"


Hope this helps.
wisewood: proven fact, I am both wise, and wooden.

#3 OriginalSunny

OriginalSunny
  • Members
  • PipPipPip
  • Advanced Member
  • 95 posts

Posted 18 April 2006 - 07:39 PM

I have tried to do it so that if the value in admin is 1 it will let the user go through to the next page but it just doesnt work. The code i have used is:

$sql1 = "SELECT admin FROM Employee
WHERE empUsername='$_POST[empUsername]'";
$result1 = mysql_query($sql1)
or die("Couldn't execute query.");
if ($result1 == 1)
{

....(go through to the next page)
}
else
{
(print error message)
}

No matter what i do it just seems to output the error message. I have stored the value 1 for one of the employees and 0 for the other but it still doesnt work. Is it an error in my code?? (I have also tried to put "" around the 1 highlighted in bold). Please help!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users