yddib Posted March 25, 2008 Share Posted March 25, 2008 This code tests my login form. It is connecting to the database but it is allowing the user to go to the profile page whether or not the username and password are correct. I have 4 different types of users that need to access different areas of the site. ie if level = 1 go to manager.php etc Please help <?php session_start(); $_SESSION['username'] = @$_POST['username']; $_SESSION['pass'] = @$_POST['pass']; $username = @$_POST['username']; $pass= @$_POST['pass']; $conn = new COM('ADODB.Connection') or die('Could not make conn'); $rs = new COM('ADODB.Recordset') or die('Coult not make rs'); $connstring = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=c:\wamp\www\pro\employees.mdb"; $conn->Open($connstring); if (!$conn) {exit("Connection Failed: " . $conn);} $sql="SELECT Username, Password FROM Details WHERE Username = '$username' AND Password= '$pass'"; $rs->Open($sql, $conn); if (!$rs->EOF) { if ( $rs->Fields["Username"]->value && $rs->Fields["Username"]->value == $email && $rs->Fields["Password"]->value && $rs->Fields["Password"]->value == $pass ) { $_SESSION["error"] = "login Error as $username. " ; header("Location: index.php?error=Sign in error"); } } else { $_SESSION["auth"] = $username; // Relocate to the logged-in page header("Location: profile.php"); } ?> Link to comment https://forums.phpfreaks.com/topic/97718-need-login-if-statements-please-help/ Share on other sites More sharing options...
MadTechie Posted March 25, 2008 Share Posted March 25, 2008 shouldn't if (!$rs->EOF) be if ($rs->EOF) (no !) ? Link to comment https://forums.phpfreaks.com/topic/97718-need-login-if-statements-please-help/#findComment-500025 Share on other sites More sharing options...
yddib Posted March 25, 2008 Author Share Posted March 25, 2008 It didn't make any difference. Thanks for your help though. Have you any idea how to bring in if statements to bring different users to different pages? Link to comment https://forums.phpfreaks.com/topic/97718-need-login-if-statements-please-help/#findComment-500027 Share on other sites More sharing options...
MadTechie Posted March 25, 2008 Share Posted March 25, 2008 untested but may help ( i don't use access much) also check the comments about level field (change to the correct field name) <?php session_start(); $_SESSION['username'] = @$_POST['username']; $_SESSION['pass'] = @$_POST['pass']; $username = $_POST['username']; $pass= $_POST['pass']; $conn = new COM('ADODB.Connection') or die('Could not make conn'); $rs = new COM('ADODB.Recordset') or die('Coult not make rs'); $connstring = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=c:\wamp\www\pro\employees.mdb"; $conn->Open($connstring); if (!$conn){ exit("Connection Failed: " . $conn); } //Add field Level $sql="SELECT Username, Password, Level FROM Details WHERE Username = '$username' AND Password= '$pass'"; $rs->Open($sql, $conn); $page = "index.php?error=Sign in error"; if($rs->EOF) { $_SESSION["error"] = "login Error as $username. " ; }else{ $_SESSION["auth"] = $username; $level = $rs->Fields['Level']->Value; //Field Level switch($level) { case "1": $page = "profile.php"; break; case "2": $page = "profile2.php"; // whatever break; } } // Relocate to the logged-in page header("Location: $page"); ?> Link to comment https://forums.phpfreaks.com/topic/97718-need-login-if-statements-please-help/#findComment-500046 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.