dcsimg
www.webdeveloper.com
Results 1 to 9 of 9

Thread: Search Username & Password and the verify status

  1. #1
    Join Date
    Feb 2015
    Posts
    4

    Search Username & Password and the verify status

    Hi, I have a question is this situation possible below? I'm just starting my project and I'm looking if this is possible.

    My loginscreen has only 2 fields, username and password.

    sample database table Information

    ID, Username,Password,level
    1 user1 Pass1 1
    2 user2 Pass2 2

    I want a php code i which when I login my username and password it will check 3 fields in the table, the username and password if it matches from the database and the it will check what level is the user. So if ever username and password is correct it will also check if what level is the user, so if the users level is 1 it will go to level1.php page and if 2 it will go to level2.php

    Hope you can help me with this problem of mine.

  2. #2
    Join Date
    Feb 2012
    Location
    Pensacola, FL
    Posts
    309
    Something like:
    PHP Code:
    <?php

    session_start
    ();
    $sqli = new musqli(host,user,pass,dbase);

    $user $sqli->real_escape_string($_POST['username']);
    $pass $sqli->real_escape_string($_POST['password']);

    $getUser "SELECT level FROM users WHERE Username = '{$user}' AND Password = '{$pass}';";
    $exeGetUser $sqli->query($getUser);

    if(
    $exeGetUser->num_rows != 1){
        
    $error "Invalid Username or Password";
    }else{
        while(
    $r $exeGetUser->fetch_array(MYSQLI_ASSOC)){
            
    //Store the access level for later, in case you need it and to check again once they are on the page
            
    $_SESSION['userLevel'] = $r['level'];
            
    $level $r['level'];
        }
        
    header("Location: level{$level}.php");
    }

  3. #3
    Join Date
    Feb 2015
    Posts
    4
    Hi NoEffinWay,

    Tried it and It works, now my only problem is the level1.php, when I go there I want a greeting line that says "Hello user(name of the user)", but since we have already used $_SESSION['userLevel'] = $r['level']; what i'm having is "Hello 1", is there a way we can change that in like for example in level1.php?

    By the way many thanks for help

  4. #4
    Join Date
    Feb 2012
    Location
    Pensacola, FL
    Posts
    309
    Then assign the username to another session variable and use that:
    PHP Code:
     <?php

    session_start
    ();
    $sqli = new musqli(host,user,pass,dbase);

    $user $sqli->real_escape_string($_POST['username']);
    $pass $sqli->real_escape_string($_POST['password']);

    $getUser "SELECT level FROM users WHERE Username = '{$user}' AND Password = '{$pass}';";
    $exeGetUser $sqli->query($getUser);

    if(
    $exeGetUser->num_rows != 1){
        
    $error "Invalid Username or Password";
    }else{
        while(
    $r $exeGetUser->fetch_array(MYSQLI_ASSOC)){
            
    //Store the access level for later, in case you need it and to check again once they are on the page
            
    $_SESSION['userLevel'] = $r['level'];
            
    $level $r['level'];
        }
        
    $_SESSION['userName'] = $user;
        
    header("Location: level{$level}.php");
    }

  5. #5
    Join Date
    Feb 2015
    Posts
    4
    Thank you very much now I have it

  6. #6
    Join Date
    Feb 2015
    Posts
    4
    Hey NoEffinWay just a follow up,

    If I want to use the first name of the user in level1.php, for example I want a line that will say "Hi Kevin" how am I going to create a session from the previous page to get the first name of the user? lets just say i added a fname field in the sample table i shown.

    Thanks

  7. #7
    Join Date
    Feb 2012
    Location
    Pensacola, FL
    Posts
    309
    Modify the query slightly and then assign a session var:
    PHP Code:
     <?php

    session_start
    ();
    $sqli = new mysqli(host,user,pass,dbase);

    $user $sqli->real_escape_string($_POST['username']);
    $pass $sqli->real_escape_string($_POST['password']);

    $getUser "SELECT level,fname FROM users WHERE Username = '{$user}' AND Password = '{$pass}';";
    $exeGetUser $sqli->query($getUser);

    if(
    $exeGetUser->num_rows != 1){
        
    $error "Invalid Username or Password";
    }else{
        while(
    $r $exeGetUser->fetch_array(MYSQLI_ASSOC)){
            
    //Store the access level for later, in case you need it and to check again once they are on the page
            
    $_SESSION['userLevel'] = $r['level'];
            
    $_SESSION['firstName'] = $r['fname'];
            
    $level $r['level'];
        }
        
    $_SESSION['userName'] = $user;
        
    header("Location: level{$level}.php");
    }

  8. #8
    Join Date
    Mar 2007
    Location
    localhost
    Posts
    2,944
    Wouldn't it be easier to start the session, test if a session variable already exists, if so then just redirect to that level, if not, do a REQUEST_METHOD check to see if the action is a form post, if it is, sanitize the inputs against both code injection and sql injection.

    Check the login credentials, limit the search results to 1 return, check if you have a row, if so, then set the session level, then redirect to it.

    If you fail the login test or fail the form post test, redirect to the login page.


    PHP Code:
     <?php
    session_start
    ();
    // first off, check that the session vars are not already set
    $username    = isset($_SESSION['username'])    ? $_SESSION['username']        : false;
    $userLevel    = isset($_SESSION['userLevel'])    ? $_SESSION['userLevel']    : false;

    if( 
    $username and $userLevel )
        
    header("Location: level{$level}.php");

    // get here and no sessions...
    // nothing set are we a form?
    if( $_SERVER['REQUEST_METHOD']=='POST' ){
        
    // we are a form, invoke a white list policy
        
    $whitelist = array(
            
    "username"=>FILTER_SANITIZE_STRING,
            
    "password"=>FILTER_SANITIZE_STRING
            
    );
        
    // filter inputs for guarding against php code injection (not sql injection)
        
    foreach( $whitelist as $fieldname=>&$value )
            
    $value filter_vartrim($_POST[$fieldname]), $value);

        
    // we can extract the data in to variables as its now sanitized
        
    extract($whitelist);
            
        
    $sqli = new musqli(host,user,pass,dbase);
        
    $username $sqli->real_escape_string($username);
        
    $password $sqli->real_escape_string($password);
            
        
    // format the query string and run the query
        
    $getUser sprintf("SELECT level FROM users WHERE Username='%s' AND Password='%s' LIMIT 1;",$username,$password);
        
    $exeGetUser $sqli->query($getUser);
        
        
    // do we have a user? if we have a match we will have 1 record
        
    if($exeGetUser->num_rows>0){
            while(
    $r $exeGetUser->fetch_array(MYSQLI_ASSOC)){
                
    //Store the access level for later, in case you need it and to check again once they are on the page
                
    $_SESSION['userLevel'] = $userLevel $r['level'];
            }
            
    $_SESSION['userName'] = $username;
            
    header("Location: level{$userLevel}.php");
        }
        
    }
    // we get here, then then no form post...     
    header("Location: loginpage.php");
    that kind of idea...

    If you test for a session first, you can get that out the way. No idea if it would work, but worth a shot if it speeds things up, not having to repeatedly run a query saves on time.
    Last edited by \\.\; 02-11-2015 at 04:20 PM.
    STOP using $ prefix on JavaScript variable names...
    Please remember to wrap any code you have in forum tags:-

    [CODE]...[/CODE] [HTML]...[/HTML] [PHP]...[/PHP]

    If you can't think outside the box, you will be trapped forever with no escape...

  9. #9
    Join Date
    Feb 2015
    Location
    China
    Posts
    13
    Hello Everyone,

    I have no knowledge about it, please suggest me.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles