...

View Full Version : Problems with login with multiple users



hujan
10-22-2012, 01:37 PM
Hi,

I need help with my login script. which the requirement have 3 users, every users need to go to their on page. For eg, once admin fill in the login form he should go to admin site. and here is my code

<?php session_start(); ?>
<?php

$username = $_POST['username'];
$password = $_POST['password'];

mysql_connect("localhost","root","") or die ("Cannot connect to db");
mysql_select_db("test") or die ("Cannot create connection");
$sql = "SELECT * FROM user WHERE username='$username' AND password='$password'";
$result= mysql_query($sql);

$count = mysql_num_rows($result);

if ($count > 1){
if($count['profile'] == 1)//admin
{
$path = "adminpage.php";

$_SESSION['profile'] = 'admin';
}
elseif($count['profile']==2) //supplier
{
$path ="supplierpage.php";

$_SESSION['profile'] = 'supplier';
}
elseif($count['profile'] == 3) //staff
{
$path ="staffpage.php";

$_SESSION['profile'] = 'saff';
}
else
{
echo "Wrong username or password";
}
}

?>

Redcoder
10-22-2012, 03:55 PM
You are using $count all wrong. $count contains the number of rows that have that username and Password combination.

USe mysql_fetch_assoc (http://php.net/manual/en/function.mysql-fetch-assoc.php) to get the row contents.

So it becomes:




<?php session_start(); ?>
<?php

$username = $_POST['username'];
$password = $_POST['password'];

mysql_connect("localhost","root","") or die ("Cannot connect to db");
mysql_select_db("test") or die ("Cannot create connection");
$sql = "SELECT * FROM user WHERE username='$username' AND password='$password'";
$result= mysql_query($sql);

$count = mysql_num_rows($result); //This has the number of rows that have that username/password combination


if ($count > 1){

$row = mysql_fetch_assoc($result); //Now has the row contents

if($row['profile'] == 1)//admin
{
$path = "adminpage.php";

$_SESSION['profile'] = 'admin';
}
elseif($row['profile']==2) //supplier
{
$path ="supplierpage.php";

$_SESSION['profile'] = 'supplier';
}
elseif($row['profile'] == 3) //staff
{
$path ="staffpage.php";

$_SESSION['profile'] = 'saff';
}
else
{
echo "Wrong username or password";
}
}

?>

hujan
10-22-2012, 04:18 PM
Hi Redcoder,

I tried using your code, instead going into their respective page, it still give me the action page with blank page. Do u know why is it so?

sunfighter
10-22-2012, 04:40 PM
IMHO
if ($count > 1) should be
if ($count == 1) to guarantee that you don't have multiple listing (same person and pass).

And I just see you setting a variable to the php page

$path ="staffpage.php";
But never calling it

header('Location:http://www.google.com');

nani_nisha06
10-22-2012, 05:08 PM
Hi Redcoder,

I tried using your code, instead going into their respective page, it still give me the action page with blank page. Do u know why is it so?



<?php
$host="localhost"; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name="test"; // Database name
$tbl_name="members"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);

$path = "wrong.php";
$usercond = true;
preg_match("/^\w{2,10}$/", $myusername,$match);
$row = 0;
if (!empty($match[0]))
{
$sql="SELECT * FROM `".$tbl_name."` WHERE username='$myusername'";

$result=mysql_query($sql);
$row=mysql_fetch_assoc($result);
$mypassword = mysql_real_escape_string($mypassword);
if($mypassword != $row['password'])
$row = 0;
}

//echo "SDFSD". $row ;exit;
if ( !empty($row) > 0)
{
$_SESSION['myusername']=$myusername;// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['usertype']=$row['usertype'];

if($row['usertype']==0) //admin user
{
$path = "adminpage.php";
}
elseif($row['usertype']==1) //dean
{
$path ="supplierpage.php";
}
elseif($row['usertype'] == 2) //lecturer
{
$path ="staffpage.php";
}
}
header("Location: ".$path);
?>


hujan, this is working perfect I have also tested it my lab....

1) created a table with 3 fields, username, password & usertype.
2) now insertyour desire 3 different login credentials in the username & password fields, but in usertype please select each with 0,1,2.... respectively.
3) now try loging in......you will see the redirection as per user type.
4) njoy the script :)

request, if this works for you please thank redcoder on behalf of me coz he helped me lot in learning things....:)

hujan
10-22-2012, 05:38 PM
Thanks Redcoder, sunfighter and nani_nisha06 for all your help.The code works great. Thank you!:D



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum