Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
  1. #1
    New Coder
    Join Date
    Oct 2012
    Posts
    29
    Thanks
    10
    Thanked 0 Times in 0 Posts

    Problems with login with multiple users

    Hi,

    I need help with my login script. which the requirement have 3 users, every users need to go to their on page. For eg, once admin fill in the login form he should go to admin site. and here is my code

    <?php session_start(); ?>
    <?php

    $username = $_POST['username'];
    $password = $_POST['password'];

    mysql_connect("localhost","root","") or die ("Cannot connect to db");
    mysql_select_db("test") or die ("Cannot create connection");
    $sql = "SELECT * FROM user WHERE username='$username' AND password='$password'";
    $result= mysql_query($sql);

    $count = mysql_num_rows($result);

    if ($count > 1){
    if($count['profile'] == 1)//admin
    {
    $path = "adminpage.php";

    $_SESSION['profile'] = 'admin';
    }
    elseif($count['profile']==2) //supplier
    {
    $path ="supplierpage.php";

    $_SESSION['profile'] = 'supplier';
    }
    elseif($count['profile'] == 3) //staff
    {
    $path ="staffpage.php";

    $_SESSION['profile'] = 'saff';
    }
    else
    {
    echo "Wrong username or password";
    }
    }

    ?>

  • #2
    Regular Coder Redcoder's Avatar
    Join Date
    May 2012
    Location
    /dev/null
    Posts
    333
    Thanks
    2
    Thanked 47 Times in 46 Posts
    You are using $count all wrong. $count contains the number of rows that have that username and Password combination.

    USe mysql_fetch_assoc to get the row contents.

    So it becomes:

    PHP Code:

    <?php session_start(); ?>
    <?php

    $username 
    $_POST['username'];
    $password $_POST['password'];

    mysql_connect("localhost","root","") or die ("Cannot connect to db");
    mysql_select_db("test") or die ("Cannot create connection");
    $sql "SELECT * FROM user WHERE username='$username' AND password='$password'";
    $resultmysql_query($sql);

    $count mysql_num_rows($result); //This has the number of rows that have that username/password combination


    if ($count 1){ 

    $row mysql_fetch_assoc($result); //Now has the row contents

    if($row['profile'] == 1)//admin
    {
    $path "adminpage.php";

    $_SESSION['profile'] = 'admin';
    }
    elseif(
    $row['profile']==2//supplier
    {
    $path ="supplierpage.php";

    $_SESSION['profile'] = 'supplier';
    }
    elseif(
    $row['profile'] == 3//staff
    {
    $path ="staffpage.php";

    $_SESSION['profile'] = 'saff';
    }
    else
    {
    echo 
    "Wrong username or password";
    }
    }

    ?>

  • Users who have thanked Redcoder for this post:

    hujan (10-22-2012)

  • #3
    New Coder
    Join Date
    Oct 2012
    Posts
    29
    Thanks
    10
    Thanked 0 Times in 0 Posts
    Hi Redcoder,

    I tried using your code, instead going into their respective page, it still give me the action page with blank page. Do u know why is it so?

  • #4
    Senior Coder
    Join Date
    Jan 2011
    Location
    Missouri
    Posts
    4,316
    Thanks
    23
    Thanked 613 Times in 612 Posts
    IMHO
    Code:
    if ($count > 1)
    should be
    Code:
     if ($count == 1)
    to guarantee that you don't have multiple listing (same person and pass).

    And I just see you setting a variable to the php page
    Code:
    $path ="staffpage.php";
    But never calling it
    Code:
    header('Location:http://www.google.com');

  • Users who have thanked sunfighter for this post:

    hujan (10-22-2012)

  • #5
    Regular Coder
    Join Date
    Oct 2012
    Location
    mother land --india
    Posts
    165
    Thanks
    38
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by hujan View Post
    Hi Redcoder,

    I tried using your code, instead going into their respective page, it still give me the action page with blank page. Do u know why is it so?
    Code:
    <?php
    $host="localhost"; // Host name 
    $username=""; // Mysql username 
    $password=""; // Mysql password 
    $db_name="test"; // Database name 
    $tbl_name="members"; // Table name 
    
    // Connect to server and select databse.
    mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
    mysql_select_db("$db_name")or die("cannot select DB");
    
    // username and password sent from form 
    $myusername=$_POST['myusername']; 
    $mypassword=$_POST['mypassword']; 
    
    // To protect MySQL injection (more detail about MySQL injection)
    $myusername = stripslashes($myusername);
    $mypassword = stripslashes($mypassword);
    $myusername = mysql_real_escape_string($myusername);
    
    $path = "wrong.php";
    $usercond = true;
    preg_match("/^\w{2,10}$/", $myusername,$match);
    $row = 0;
    if (!empty($match[0]))
    {
    $sql="SELECT * FROM `".$tbl_name."` WHERE username='$myusername'";
    
    $result=mysql_query($sql);
    $row=mysql_fetch_assoc($result);
    $mypassword = mysql_real_escape_string($mypassword);
    if($mypassword != $row['password'])
    $row = 0;
    }
    
    //echo "SDFSD". $row ;exit;
    if ( !empty($row) > 0) 
    {
    $_SESSION['myusername']=$myusername;// Register $myusername, $mypassword and redirect to file "login_success.php"
    $_SESSION['usertype']=$row['usertype'];
    
    if($row['usertype']==0) //admin user
    {
    $path = "adminpage.php";
    }
    elseif($row['usertype']==1) //dean
    { 
    $path ="supplierpage.php";
    }
    elseif($row['usertype'] == 2) //lecturer
    {
    $path ="staffpage.php";
    }
    }
    header("Location: ".$path);
    ?>
    hujan, this is working perfect I have also tested it my lab....

    1) created a table with 3 fields, username, password & usertype.
    2) now insertyour desire 3 different login credentials in the username & password fields, but in usertype please select each with 0,1,2.... respectively.
    3) now try loging in......you will see the redirection as per user type.
    4) njoy the script

    request, if this works for you please thank redcoder on behalf of me coz he helped me lot in learning things....

  • Users who have thanked nani_nisha06 for this post:

    hujan (10-22-2012)

  • #6
    New Coder
    Join Date
    Oct 2012
    Posts
    29
    Thanks
    10
    Thanked 0 Times in 0 Posts
    Thanks Redcoder, sunfighter and nani_nisha06 for all your help.The code works great. Thank you!


  •  

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •