My login page couldn't read on the multi level users. I have two types of users: UMD and CMD. Their location page will be different based on their level (CMD_home.php for CMD & UMD_home2.php for UMD). Currently when click login, both user navigate to UMD_home2.php page. Below are my codes, please assist to edit the code.
<?php
include "../setting/config.php";
session_start();
if (isset($_POST['login']))
{
$username = $_POST['username'];
$password = $_POST['password'];
//UMD,CMD
$query2 = "SELECT * FROM registered_accounts WHERE username='$username' AND password='$password'";
if (count(fetchAll($query2)) > 0)
{ //this is to catch unknown error.
foreach (fetchAll($query2) as $row)
{
if ($row['username'] == $username && $row['password'] == $password)
{
$_SESSION['test'] = true;
$level['level'] == "CMD";
header('location:CMD_home.php');
}
else
{
echo "<script>alert('Wrong login details.')</script>";
}
}
}
}
if (isset($_POST['login']))
{
$username = $_POST['username'];
$password = $_POST['password'];
//UMD,CMD
$query3 = "SELECT * FROM registered_accounts WHERE username='$username' AND password='$password'";
if (count(fetchAll($query2)) > 0)
{ //this is to catch unknown error.
foreach (fetchAll($query2) as $row)
{
if ($row['username'] == $username && $row['password'] == $password)
{
$_SESSION['test'] = true;
$level['level'] == "UMD";
header('location:UMD_home2.php');
}
else
{
echo "<script>alert('Wrong login details.')</script>";
}
}
}
}
?>
I think your problem is really easy. There is no if statments arround the $level['level'] == "CMD"; and $level['level'] == "UMD";
Try this:
<?php
include "../setting/config.php";
session_start();
if (isset($_POST['login'])) {
if (!isset($_POST['username']) || !isset($_POST['password'])){
exit;
}
$username = $_POST['username'];
$password = $_POST['password'];
//UMD,CMD
$sql = $pdo->prepare('SELECT * FROM registered_accounts WHERE username = :name AND password = :password');
$sql->execute([ 'name' => $username , 'password' => $password]);
if (count($sql) > 0) { //this is to catch unknown error.
foreach ($sql as $row) {
if ($row['username'] == $username && $row['password'] == $password) {
$_SESSION['test'] = true;
if($level['level'] == "CMD"){
header('location:CMD_home.php');
exit;
}else if($level['level'] == "UMD"){
header('location:UMD_home2.php');
exit;
}
}else{
alert();
}
}
}else {
alert();
}
function alert(){
echo "<script>alert('Wrong login details.')</script>";
}
}
?>
Related
I can't do authorization on the site! I register everything is fine! But he does not want to enter the site! I do not know what to do ! + I use the md5 () function, and my database encrypts everything perfectly, but how to make it enter through this function too? Also not included without this feature, please help !!!
Here is the authorization code:
require("include/connect.php");
if (isset($_SESSION["user_id"])) {
// вывод "Session is set"; // в целях проверки
header("Location: main.php");
}
if (isset($_POST['button-login'])) {
if (!empty($_POST['login']) && !empty($_POST['password_1'])) {
$login = htmlspecialchars($_POST['login']);
$email = htmlspecialchars($_POST['email']);
$password = htmlspecialchars($_POST['password_1']);
$query = mysql_query("SELECT * FROM users WHERE id='" . $login . "' AND password='" . $password . "'");
$numrows = mysql_num_rows($query);
if ($numrows != 0) {
while ($row = mysql_fetch_assoc($query)) {
$dbusername = $row['login'];
$dbpassword = $row['password_1'];
}
if ($login == $dbusername && $password == $dbpassword) {
// старое место расположения
// session_start();
$_SESSION['login'] = $login;
$_SESSION['user_id'] = $login;
header("Location: main.php");
}
} else {
// $message = "Invalid username or password!";
echo "Invalid username or password!";
}
} else {
$message = "All fields are required!";
}
}
Try to convert the $password variable into md5()
$password = md5($password);
after md5() encryption check your username & password condition
if($login == $dbusername && $password == $dbpassword)
Hope this will helps!
I am trying to redirect the user after login, but it is not working.
This is my code:
session_start();
include_once 'config.php';
if (isset($_SESSION['username']) != "") {
header("Location: Home.php");
}
if (isset($_POST['submit'])) {
$username = $_POST['username'];
$res = mysql_query("SELECT * FROM employee_login WHERE email = '$username'");
$pass = $_POST['pass'];
$row = mysql_fetch_array($res);
$newpass = $row['pass'];
if ($newpass == $pass && !empty($row)) {
$user_email = $row['email'];
$_SESSION['username'] = $user_email;
$username = $_SESSION['username'];
if ($_SESSION['username'] == "abc#gmail.con") {
header("Location: admin/dashboard.php");
}
else {
header("location: Home.php");
exit();
}
}
else {
print_r("no");
}
}
I am using the logic below to check if the user is logged in on the homepage.
session_start();
include_once 'config.php';
if (isset($_SESSION['username'])) {
}
else {
}
What have I done wrong, or what have I missed out that is stopping my redirect from working?
Changed my code to the following thanks to the tips. But I'm still not redirected to the user.php. Added the variable $rowcount and give it a value. If the query has a value of a user it have to be redirected to the user.php page.
<?php
include("inc/header.php");
?>
<?php
if(isset($_POST["submit"])) {
$username = trim($_POST["username"]);
$password = trim($_POST["password"]);
if($username == "" && $password == "") {
echo "Please fill in all the details";
exit;
}
if($username == "admin" &$password == "test") {
$_SESSION["admin"] = true;
header("location: admin-panel.php");
}
$rowcount = 0;
$password_secure = md5($password);
if($username != "" && $password != "") {
$sql = "SELECT * FROM user WHERE username = '".mysqli_escape_string($connection, $username)."'
AND password = '".mysqli_escape_string($connection, $password_secure)."'";
$query = mysqli_query($connection, $sql);
$rowcount = mysqli_num_rows($query);
} else {
echo "Username of password was not right, please try again.";
}
if($rowcount != 0) {
$row = mysql_fetch_array($connection, $query);
$_SESSION["username"] = $row["username"];
$_SESSION["login"] = true;
header("location: user.php");
exit;
}
}
?>
<?php
include("inc/footer.php");
?>
// if logged in, redirect towards user account
if($logged_in) {
header("Location: useraccount.php");
exit(0);
}
Change $logged_in with your php stracture
Your $rowcount must to be declared at outside of the "if":
$rowcount=0;
if($username != "" && $password != "") {
$sql = "SELECT * FROM user WHERE username = '".$username."'
AND password = '".$password_secure."'";
$query = mysqli_query($connection, $sql);
$rowcount = mysqli_num_rows($query);
}
Add session_start() at the top of your page. Also change the following code.
session_start();
..
..
if($rowcount == 1)
{
while($row = mysqli_fetch_array($query))
{
$_SESSION["username"] = $row["username"];
$_SESSION["login"] = true;
}
header("location: user.php");
}
In user.php, first check whether user is logged in or not. For that write a simple function -
function is_loggedin()
{
if(isset($_SESSION['username']) && isset($_SESSION['login']))
return TRUE;
else
return FALSE;
}
If return FALSE, redirect back to Login page.
so I have my site which i am coding, in my login.php, this is the source:
<?php
include "out_config.php";
session_start();
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
if(!$username) {
header("Location: ../index?errormsg=nousername");
}
if(!$password) {
header("Location: ../index?errormsg=nopassword");
}
$sql = "SELECT * FROM users WHERE username='$username' and password='$password'";
if($rankcheck == "Administrator" || $rankcheck == "Client") {
$check = 1;
}
else {
$check = 0;
}
if($_SERVER['REQUEST_METHOD'] == 'POST') {
$result = mysql_query($sql);
$count = mysql_num_rows($result);
if($count==1 && $check == 1) {
$_SESSION['username'] = $username;
header("Location: ../home");
}
else {
header("location: ../index?errormsg=invalidlogin");
}
}
?>
1st: I know MySQL is depreciated but I want to use MySQL because my Host Supports MySQL more than MySQLi/PDO.
2nd: You can see my $rankcheck won't work. My rank check lines are included in out_config.php, the source for it is:
<?php
<Removed Details>
$connect = mysql_connect($host, $username, $password);
$selectdb = mysql_select_db($db);
$IP = getenv('REMOTE_ADDR');
$sql2 = mysql_query("SELECT `rank` FROM `users` where username='$user'");
if(isset($_SESSION['username'])) {
$user = $_SESSION['username'];
$rankcheck = mysql_result($sql2,0);
}
?>
So you can see, it looks all fine. :P
Now, the problem is that I am trying to allow access to this area only to people who are ranked 'Administrator' and 'Client' so it won't work. My Database structure is:
http://i.stack.imgur.com/AAzr9.png
It does not grant access to User and Awaiting usergroup members. But it does not even let Administrator's and Clients. ( I am sure there is no Password Encryption yet ).
If you could help me, it would be really helpful!
in the moment you are including your "out_config.php" $username and $password is not set
change to this:
<?php
session_start();
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
include "out_config.php";
if(!$username) {
header("Location: ../index?errormsg=nousername");
}
if(!$password) {
header("Location: ../index?errormsg=nopassword");
}
$sql = "SELECT * FROM users WHERE username='$username' and password='$password'";
if($rankcheck == "Administrator" || $rankcheck == "Client") {
$check = 1;
}
else {
$check = 0;
}
if($_SERVER['REQUEST_METHOD'] == 'POST') {
$result = mysql_query($sql);
$count = mysql_num_rows($result);
if($count==1 && $check == 1) {
$_SESSION['username'] = $username;
header("Location: ../home");
}
else {
header("location: ../index?errormsg=invalidlogin");
}
}
?>
I have this code and I have tried everything i can think of to get it to work on my WAMP local server any help would be greatly appreciated. I am PHP stupid. This works on a live server but not my WAMP server. I do get logged in just the pages do not seem to be passing the session variable to the proper user level. That's what's not working sorry for the poor description the first time.
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['login']))
{
if ($level == "Administrator") {
echo 'My Content';
}
elseif ($level == "Bank Officer") {
echo "";
}
elseif ($level == "Agent") {
echo "";
}
elseif(!empty($_POST['login']) && !empty($_POST['password']))
{
$login = mysql_real_escape_string($_POST['login']);
$password = $_POST['password'];
$checklevel = mysql_query("SELECT * FROM users WHERE login = '".$login."' AND password = '".$password."' ");
if(mysql_num_rows($checklevel) == 1)
{
$row = mysql_fetch_array($checklevel);
$level = $row['level'];
$_SESSION['level'] = $level;
}
$checklogin = mysql_query("SELECT * FROM users WHERE login = '".$login."' AND password = '".$password."' AND level='".$level."'");
if(mysql_num_rows($checklogin) == 1)
{
$row = mysql_fetch_array($checklogin);
$firstname = $row['firstname'];
$login = $row['login'];
$agent = $row['agent'];
$_SESSION['agent'] = $agent;
$_SESSION['firstname'] = $firstname;
$_SESSION['login'] = $login;
$_SESSION['LoggedIn'] = 1;
Thanks you for any help at all.
if ($_SESSION['level'] == "Bank Officer")
{
header('Location: index3.php');
exit;
}
elseif ($_SESSION['level'] == "Agent")
{
header('Location: index4.php');
exit;
}
elseif ($_SESSION['level'] == "Bank Manager")
{
header('Location: index5.php');
exit;
}
else
{
echo "Contact Administrator";
exit;
}