www.webdeveloper.com
Page 1 of 2 12 LastLast
Results 1 to 15 of 23

Thread: if statement/login problems

  1. #1
    Join Date
    Jun 2005
    Posts
    411

    if statement/login problems

    I have this code
    PHP Code:
    <? 
    if(isset($_POST['submit']))
    {
      include(
    'includes/connect.htm');
      
    //did they supply a password and username
      
    $username=$_POST['username'];
      
    $password=$_POST['password'];
      
    $password=md5($password);
      
    $query mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());
      
    $data mysql_fetch_array($query);
      if(
    $password==NULL)
      {
        die(
    "<center><h3>A password was not supplied</h3></center>");
      }else{
        
    $query mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());
        
    $data mysql_fetch_array($query);
        if(
    $data['password'] != $password)
        {
          die(
    "<center><h3>The supplied login is incorrect</h3></center>");
        }else{
          
    $query mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());
          
    $data mysql_fetch_array($query);
          if(
    $data['userlevel'] != "1")
          {
            die(
    "<center><h3>You are not a admin</h3></center>");
          }else{
            
    $query mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());
            
    $row mysql_fetch_array($query);
            
    $_SESSION['s_username'] = $row['username'];
            echo 
    "<meta http-equiv=\"Refresh\" content=\"0;url=\">";
            return;
          }
        }
      }
    }
    ?><? if(!session_is_registered('s_username')) { ?><p>
    <form action="" method="post">
    <b>Username: </b><input type="text" size="15" maxlength="25" name="username"><br>

    <b>Password: </b><input type="password" size="15" maxlength="25" name="password"><br>

    <center><input type="submit" value="Login" name="submit"></center><p>
    </form>
    <? 
    }elseif(session_is_registered('s_username')){
      include(
    'includes/connect.htm');
      
    $query mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());
      
    $data mysql_fetch_array($query);
      if(
    $data['userlevel'] != "1")
      {
        die(
    "<center><h3>You are not a admin.</h3></center>");
      }else{
     
    ?>
    //webpage here
    <? 
      
    }
    }
     
    ?>
    It is not working, it is supposed to do the following, if you are not loged in already, it gives you a login form, which when submited is supposed to check against the database, to see wether or not your information is correct, if it is, it sets a session variable with your name in it, and re-directs you to the same page, which will then have you showing as loged in, so the webpage within will show. If, However, you are already loged in, it will simply check your user level from the database. But, the problem is, is that this is doing nothing, i submit it, and it redirects back to the same page, but i still am being shown the login form, please help. Thanks.
    HTML skill level: Good
    Javascript skill level: somewhere between poor and good
    php: good but still getting better
    sql: good but still getting better

  2. #2
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,246
    Most important is that you need a session_start(); at the beginning of the script. Secondly, you should not use session_is_registered() in combination with $_SESSION. Instead, just do if(isset($_SESSION['s_username'])).
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  3. #3
    Join Date
    Jun 2005
    Posts
    411
    sorry, i knew about that, i just wasn't thinking. Also, it is actually giving me a response now, but its the you are not a admin message, which as i'm looking at the table right now, I do in fact have a user level of one, so why isn't this working? I have the table column right, and I added a bit which echo's out the username that it's checking on, and it is the user which has a userlevel of 1. So I'm not sure why this isn't working.
    HTML skill level: Good
    Javascript skill level: somewhere between poor and good
    php: good but still getting better
    sql: good but still getting better

  4. #4
    Join Date
    Aug 2006
    Posts
    31
    do you have more than 1 row with the same `username` value?

  5. #5
    Join Date
    Jun 2005
    Posts
    411
    Nope, sure dont
    HTML skill level: Good
    Javascript skill level: somewhere between poor and good
    php: good but still getting better
    sql: good but still getting better

  6. #6
    Join Date
    Aug 2006
    Posts
    31
    try echoing the $data['userlevel'] just above
    PHP Code:
    if($data['userlevel'] != "1"
          { 
            die(
    "<center><h3>You are not a admin</h3></center>"); 
    and see if "1" appears right before your "You are not a admin" error message
    Last edited by boeing747fp; 09-07-2006 at 10:21 PM.

  7. #7
    Join Date
    Jun 2005
    Posts
    411
    showed up as 1 alright
    HTML skill level: Good
    Javascript skill level: somewhere between poor and good
    php: good but still getting better
    sql: good but still getting better

  8. #8
    Join Date
    Aug 2006
    Posts
    31
    try
    PHP Code:
    if(trim($data['userlevel']) != "1"

  9. #9
    Join Date
    Jun 2005
    Posts
    411
    same effect
    HTML skill level: Good
    Javascript skill level: somewhere between poor and good
    php: good but still getting better
    sql: good but still getting better

  10. #10
    Join Date
    Aug 2006
    Posts
    31
    hmm.. try removing ""s from around your 1

  11. #11
    Join Date
    Jun 2005
    Posts
    411
    that didn't work either, does anyone else have any comments on this and how i might fix it?
    HTML skill level: Good
    Javascript skill level: somewhere between poor and good
    php: good but still getting better
    sql: good but still getting better

  12. #12
    Join Date
    Mar 2006
    Posts
    413
    it could very well be the refresh, it will still hold the session data but your final mysql_query will not have a valid $username variable.

  13. #13
    Join Date
    Mar 2006
    Posts
    413
    actually after having another look at your script it has many problems, not least all the mysql_queries you are running.

    heres something for you to work with, its not perfect:
    PHP Code:
    session_start() ;
    if(isset($_POST['submit'])) 
    {  
      $username=$_POST['username']; 
      $password=$_POST['password']; 
      $password=md5($password); 

      mysql_connect("localhost", "user", "pass") ;
      mysql_select_db("user") ;  
      $query = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error()); 
      $data = mysql_fetch_array($query);
       
        if($data['password'] != $password) 
        { 
          exit("<center><h3>The supplied login is incorrect</h3></center>"); 
        }
        
        if($data['userlevel'] != "1") 
        { 
           exit("<center><h3>You are not a admin</h3></center>"); 
        }

        $_SESSION['s_username'] = $data['username'];


    if(!isset($_SESSION['s_username'])) 

    ?>
    <form action="" method="post"> 
    <b>Username: </b><input type="text" size="15" maxlength="25" name="username"><br> 

    <b>Password: </b><input type="password" size="15" maxlength="25" name="password"><br> 

    <center><input type="submit" value="Login" name="submit"></center><p> 
    </form> 
    <?php
    }
    elseif(isset(
    $_SESSION['s_username']))
    {  
      if(
    $data['userlevel'] != "1"
      { 
        die(
    "<center><h3>You are not a admin.</h3></center>"); 
      }
      else
      { 
            echo 
    "//webpage here" 
      } 
    }

  14. #14
    Join Date
    Jun 2005
    Posts
    411
    There were so many errors, and i wasn't being told about any of them, so decided to try to re-write my intire code.
    HTML skill level: Good
    Javascript skill level: somewhere between poor and good
    php: good but still getting better
    sql: good but still getting better

  15. #15
    Join Date
    Jul 2004
    Location
    West Coast, Canada
    Posts
    665
    Quote Originally Posted by Heavy Metal
    There were so many errors, and i wasn't being told about any of them, so decided to try to re-write my intire code.
    While you're at it, you might want to learn how to OOP.

    "Everything in a web browser."

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles