Jump to content

Archived

This topic is now archived and is closed to further replies.

OriginalSunny

Problem with login page (accessing 2 tables)

Recommended Posts

Hi,
I am creating a login page for an employee however the administrator should also be able to access the page. I have got it working for the employee to be able to access the page with a username and password using:

$sql = "SELECT Username FROM Employee
WHERE Username='$_POST[username]'";
$result = mysql_query($sql)
or die("Couldn't execute query.");
$num = mysql_num_rows($result);
if ($num == 1) // login name was found
{
$sql = "SELECT password FROM Employee
WHERE Username='$_POST[username]'
AND password='$_POST[password]'";
$result2 = mysql_query($sql)
or die("Couldn't execute query 2.");
$num2 = mysql_num_rows($result2);
if ($num2 > 0) // password is correct
(
.........................

Now how do i alter it so that an administrator from the admin table can also access the page??
I am thinking of using this but i know it wont work so there must be another way??

$sql = "SELECT Username FROM Employee [b]OR Admin[/b]
WHERE Username='$_POST[username]'";
$result = mysql_query($sql)
or die("Couldn't execute query.");
..............................

The bit in bold is the bit i am supposed to be changing.
Thanks.

Share this post


Link to post
Share on other sites
I wouldn't use seperate tables for users and admin. Have one table for users, and an authorisation level field within that table.

ie.

userID, username, password, authLevel

authLevel can then be set as 1 for users, 2 for admin and 3 for super-admin... or whatever you like.

Then, if you want a page to be visible ONLY to the user to whom it is relevant, have the $_SESSION[username] variable set when they log on... and you can have a query like "SELECT * FROM users WHERE username = $_SESSION[username]"

admin could access the same page by using a form or a list to select the name of the user for whom they'd like to view the details... ie

"SELECT * FROM users WHERE username = $_GET[username]"


Hope this helps.

Share this post


Link to post
Share on other sites
I have tried to do it so that if the value in admin is 1 it will let the user go through to the next page but it just doesnt work. The code i have used is:

$sql1 = "SELECT admin FROM Employee
WHERE empUsername='$_POST[empUsername]'";
$result1 = mysql_query($sql1)
or die("Couldn't execute query.");
if ($result1 == 1)
{

....(go through to the next page)
}
else
{
(print error message)
}

No matter what i do it just seems to output the error message. I have stored the value 1 for one of the employees and 0 for the other but it still doesnt work. Is it an error in my code?? (I have also tried to put "" around the 1 highlighted in bold). Please help!

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.