Admin login and User login

@siabanieFeb 21.2011

Hi guys,

Can anyone assist me. I am trying to create a login for admin and user (if user not a member click register link) below is my code: But whenever I enter the value as: Username: admin Password:123 – I got an error message “That user does not exist!”

Any suggestion and help would be highly appreciated.
Thanks.

[code=php] <?php //Assigned varibale $error_msg as empty //$error_msg = “”;

session_start(); $error_msg = “”;

if (isset($_POST[‘submit’])) {

if ($a_username = “admin” && $a_password = “123”) { //Define $_POST from form text feilds $username = $_POST[‘username’]; $password = $_POST[‘password’];

//Add some stripslashes $username = stripslashes($username); $password = stripslashes($password);

//Check if usernmae and password is good, if it is it will start session if ($username == $a_username && $password == $a_password) { session_start(); $_SESSION[‘session_logged’] = ‘true’; $_SESSION[‘session_username’] = $username;

//Redirect to admin page header(“Location: admin_area.php”); } }

$username = (isset($_POST[‘username’])) ? $_POST[‘username’] : ”; $password = (isset($_POST[‘password’])) ? $_POST[‘password’] : ”;

if($username && $password) {

$connect = mysql_connect(“localhost”, “root”, “”) or die (“Couldn’t connect!”); mysql_select_db(“friendsdb”) or die (“Couldn’t find the DB”);

$query = mysql_query (“SELECT * FROM `user` WHERE username = ‘$username'”);

$numrows = mysql_num_rows($query);

if ($numrows != 0){

while ($row = mysql_fetch_array($query)) {

$dbusername = $row[‘username’]; $dbpassword = $row[‘password’]; }

//Check to see if they are match! if ($username == $dbusername && md5($password) == $dbpassword) {

header (“Location: user_area.php”); $_SESSION[‘username’] = $username; } else $error_msg = “Incorrect password!”; //code of login

}else $error_msg = “That user does not exist!”;

//echo $numrows; } else $error_msg = “Please enter a username and password!”; } ?> <!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”> <html xmlns=”http://www.w3.org/1999/xhtml”> <head> <meta http-equiv=”Content-Type” content=”text/html; charset=iso-8859-1″ /> <title>Login Page</title> </head>

<body> <br /> <?php require “header.php”; ?><br /> <div align=”center”> <table width=”200″ border=”1″>

<?php // If $error_msg not equal to emtpy then display error message if($error_msg!=””) echo “<div id=”error_message”style=”color:red; “>$error_msg</div><br />”;?>

<form action=”<?php echo $_SERVER[‘PHP_SELF’];?>” method=”post”> <!–form action=”login_a.php” method=”post”–> Username: <input type=”text” name=”username” /><br /><br /> Password: <input type=”password” name=”password” /><br /><br />

<input type=”submit” name = “submit” value=”Log in” /> </form> <p> </p>

Register a <a href=”register.php”>New User</a> </table> </div> </body> </html>

[/code]

to post a comment

PHP

6 Comments(s) _↴

@shivaoneFeb 21.2011 — #Hi Siabanie,

I'm very new to all this and I don't know if the reason why is not working is due to a mispelling in "username" word, check this code:

//Check if usernmae and password is good, if it is it will start session

let me know how's going.

@siabanieauthorFeb 21.2011 — #Hi shivaone,

The //check if usernmae...........

is just a comment, it is nothing to do with the rest of code so I do not think that is the main problem - I'm still thinking what did I miss here.. if you get any idea please let me know.

Thanks

@DasherFeb 21.2011 — #[code=php] if ($username == $a_username && $password == $a_password) [/code]

Where do the variables $a_username and $a_password get filled? It appears the $a_variables are always empty. Therefore the if statement will always fail.

@eval_BadCode_Feb 21.2011 — #= means assignment.

== means checking for logical equivalence

=== means checking for logical equivalence and type checking.

You are using assignment operators ?

Other than being ugly it is not a problem (in this specific case, since: ("123" and "admin") evaluates to true).

You did use session_start(); twice, that is a problem since you have not defined any separate path for each session.

How to fix your script:

1) delete the 2nd "session_start();"

2) add "exit;" after "header("Location: admin_area.php"); "

I did not read past

header("Location: admin_area.php");

since I know you must put exit; or die(); behind it.

Cheers

Edit: You could add a salt to your hashes, it would made that "123" considerably harder to crack (if it was in the DB anyways) :p

@siabanieauthorFeb 21.2011 — #Thanks guys,

I sort of solved it out - I am using the admin = 1 and user = 0 condition.

The only problem that I have is when user or admin log in;

Admin will allow to create, edit and delete the data, where user/member only can create their own profile - but it seems both of these index page (admin_area.php and user_area.php) are the same.

Is there any other way I could make it one page instead of having admin_area.php and user_area.php - but just call it index.php which will be use for both user?

Any suggestion please?

@Dada88Sep 16.2011 — #Hey can you send post the entire code of that , i would like to have a glance please

Also in #PHP _↴

Open Source for Community Circle Key/Value Question..php flash streaming....

Success!

Help @siabanie spread the word by sharing this article on Twitter...

Tweet This

Admin login and User login

6 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

Admin login and User login

6 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

6 Comments(s) _↴

Also in #PHP _↴