Problems with login with multiple users

hujan · 10-22-2012, 12:37 PM

Hi,

I need help with my login script. which the requirement have 3 users, every users need to go to their on page. For eg, once admin fill in the login form he should go to admin site. and here is my code

<?php session_start(); ?>
<?php

$username = $_POST['username'];
$password = $_POST['password'];

mysql_connect("localhost","root","") or die ("Cannot connect to db");
mysql_select_db("test") or die ("Cannot create connection");
$sql = "SELECT * FROM user WHERE username='$username' AND password='$password'";
$result= mysql_query($sql);

$count = mysql_num_rows($result);

if ($count > 1){
if($count['profile'] == 1)//admin
{
$path = "adminpage.php";

$_SESSION['profile'] = 'admin';
}
elseif($count['profile']==2) //supplier
{
$path ="supplierpage.php";

$_SESSION['profile'] = 'supplier';
}
elseif($count['profile'] == 3) //staff
{
$path ="staffpage.php";

$_SESSION['profile'] = 'saff';
}
else
{
echo "Wrong username or password";
}
}

?>

Redcoder · 10-22-2012, 02:55 PM

You are using $count all wrong. $count contains the number of rows that have that username and Password combination.

USe mysql_fetch_assoc to get the row contents.

So it becomes:

PHP Code:


			

<?php session_start(); ?>
<?php

$username = $_POST['username'];
$password = $_POST['password'];

mysql_connect("localhost","root","") or die ("Cannot connect to db");
mysql_select_db("test") or die ("Cannot create connection");
$sql = "SELECT * FROM user WHERE username='$username' AND password='$password'";
$result= mysql_query($sql);

$count = mysql_num_rows($result); //This has the number of rows that have that username/password combination


if ($count > 1){ 

$row = mysql_fetch_assoc($result); //Now has the row contents

if($row['profile'] == 1)//admin
{
$path = "adminpage.php";

$_SESSION['profile'] = 'admin';
}
elseif($row['profile']==2) //supplier
{
$path ="supplierpage.php";

$_SESSION['profile'] = 'supplier';
}
elseif($row['profile'] == 3) //staff
{
$path ="staffpage.php";

$_SESSION['profile'] = 'saff';
}
else
{
echo "Wrong username or password";
}
}

?>

hujan · 10-22-2012, 03:18 PM

Hi Redcoder,

I tried using your code, instead going into their respective page, it still give me the action page with blank page. Do u know why is it so?

sunfighter · 10-22-2012, 03:40 PM

IMHO

Code:

if ($count > 1)

should be

Code:

 if ($count == 1)

to guarantee that you don't have multiple listing (same person and pass).

And I just see you setting a variable to the php page

Code:

$path ="staffpage.php";

But never calling it

Code:

header('Location:http://www.google.com');

nani_nisha06 · 10-22-2012, 04:08 PM

Quote:

Originally Posted by hujan

Hi Redcoder,

I tried using your code, instead going into their respective page, it still give me the action page with blank page. Do u know why is it so?

Code:

<?php
$host="localhost"; // Host name 
$username=""; // Mysql username 
$password=""; // Mysql password 
$db_name="test"; // Database name 
$tbl_name="members"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);

$path = "wrong.php";
$usercond = true;
preg_match("/^\w{2,10}$/", $myusername,$match);
$row = 0;
if (!empty($match[0]))
{
$sql="SELECT * FROM `".$tbl_name."` WHERE username='$myusername'";

$result=mysql_query($sql);
$row=mysql_fetch_assoc($result);
$mypassword = mysql_real_escape_string($mypassword);
if($mypassword != $row['password'])
$row = 0;
}

//echo "SDFSD". $row ;exit;
if ( !empty($row) > 0) 
{
$_SESSION['myusername']=$myusername;// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['usertype']=$row['usertype'];

if($row['usertype']==0) //admin user
{
$path = "adminpage.php";
}
elseif($row['usertype']==1) //dean
{ 
$path ="supplierpage.php";
}
elseif($row['usertype'] == 2) //lecturer
{
$path ="staffpage.php";
}
}
header("Location: ".$path);
?>

hujan, this is working perfect I have also tested it my lab....

1) created a table with 3 fields, username, password & usertype.
2) now insertyour desire 3 different login credentials in the username & password fields, but in usertype please select each with 0,1,2.... respectively.
3) now try loging in......you will see the redirection as per user type.
4) njoy the script

request, if this works for you please thank redcoder on behalf of me coz he helped me lot in learning things....

hujan · 10-22-2012, 04:38 PM

Thanks Redcoder, sunfighter and nani_nisha06 for all your help.The code works great. Thank you!