I think I have an error uon the usertype 3 cause it always go to the notification and if I change both notification and plsvote.php it will just refresh so please help me what to do
if (isset($_POST['login'])){
$idno = $_POST['idno'];
$password = $_POST['password'];
$position = $_POST['user_type'];
$sql1 = "SELECT * FROM users WHERE idno = '$idno' AND password = '$password'";
$result = mysql_query($sql1) or die();
$row = mysql_fetch_array($result);
$num_row = mysql_num_rows($result);
//if the user is admin
if ($row['user_type'] == "1"){
mysql_query("insert into user_log (idno,login_date) values('$username',NOW())")or die(mysql_error());
$YearNow=Date('Y');
header('location:admin/index.php');
}
//if the user is student
else if ($row['user_type'] == "3") {
$sql_c = "SELECT * FROM users,studentvotes,school_year = users.idno = studentvotes.idno AND studentvotes.syearid =school_year.syearid AND school_year.from_year like $YearNow ";
$result1 = mysql_query($sql_c) or die(mysql_error());
while($row2=mysql_fetch_array($result1)){
$_SESSION['SESS_COURSE'] = $row2['progid'];
$_SESSION['SESS_MEMBER_ID'] = $idno;
//$query = mysql_query ("INSERT INTO user_log VALUES('$idno',NOW(), 'Login') ") or die(mysql_error());
header('location:plsvote.php');
}
}
else{
header('location:notification.php');
exit();
}
}
Related
I am new to this PHP login script stuff but I do want to learn.
I have dbconect.php like this:
<?php
//core
function dbcon(){
$user = "root";
$pass = "";
$host = "localhost";
$db = "test";
$connect = mysqli_connect($host,$user,$pass,$db);
$select = mysqli_select_db($connect,$db);
}
function host(){
$h = "http://".$_SERVER['HTTP_HOST']."/test/";
return $h;
}
function hRoot(){
$url = $_SERVER['DOCUMENT_ROOT']."/test/";
return $url;
}
//parse string
function gstr(){
$qstr = $_SERVER['QUERY_STRING'];
parse_str($qstr,$dstr);
return $dstr;
}
?>
And i do have login.php like this:
<?php
include('admin/lib/dbcon.php');
dbcon();
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
/*................................................ admin .....................................................*/
$query = "SELECT * FROM admin WHERE username='$username' AND password='$password'";
$result = mysqli_query($connect,$query)or die(mysqli_error($connect));
$row = mysqli_fetch_array($result);
$num_row = mysqli_num_rows($result);
/*...................................................Technical Staff ..............................................*/
$query_client = "SELECT * FROM client WHERE username='$username' AND password='$password'";
$result_client = mysqli_query($connect, "SELECT * FROM client WHERE username='$username' AND password='$password'")or die(mysqli_error($connect));
$num_row_client = mysqli_num_rows($query_client);
$row_client = mysqli_fetch_array($query_client);
if( $num_row > 0 ) {
$_SESSION['id']=$row['admin_id'];
echo 'true_admin';
mysqli_query($connect, "insert into user_log (username,login_date,admin_id)values('$username',NOW(),".$row['admin_id'].")")or die(mysqli_error($connect));
}else if ($num_row_client > 0){
$_SESSION['client']=$row_client['client_id'];
echo 'true';
mysqli_query($connect, "insert into user_log (username,login_date,client_id)values('$username',NOW(),".$row_client['client_id'].")")or die(mysqli_error($connect));
}else{
echo 'false';
}
?>
I also had made the table SQL
The question is: What is wrong so i can not login using those code?
very appreciate with all the answer
thank you very much
/...................................................Try This ............................................../
$query_client = "SELECT * FROM client WHERE username='$username' AND password='$password'";
$result_client = mysqli_query($connect, $query_client); //pass your method here rather than duplicate query
$num_row_client = mysqli_num_rows($query_client);
$row_client = mysqli_fetch_array($query_client);
if( $num_row > 0 ) {
$_SESSION['id']=$row['admin_id'];
echo 'true_admin';
mysqli_query($connect, "insert into user_log (username,login_date,admin_id)values('$username',NOW(),".$row['admin_id'].")")or die(mysqli_error($connect));
}else if ($num_row_client > 0){
$_SESSION['client']=$row_client['client_id'];
echo 'true';
mysqli_query($connect, "insert into user_log (username,login_date,client_id)values('$username',NOW(),".$row_client['client_id'].")")or die(mysqli_error($connect));
}else{
echo 'false';
}
I'm working on implementing the ability for users to edit their passwords.
I'm using PASSWORD_BYCRYPT, and password_verify works fine after creating a user, but as soon as a user edits their password, it stops working.
Password change:
else if (isset($_POST["submitUpdateSettingsPW"])) {
$passwordText = $_POST["passwordChangeInput"];
$userID = $_SESSION["userID"];
$passwordNew = password_hash($passwordText, PASSWORD_BCRYPT);
$sql = "UPDATE users SET password = '$passwordNew' WHERE id = '$userID';";
if (mysqli_query($conn, $sql)) {
header("location: settings.php");
}
else {
header("location: settings.php?message=Something+went+wrong.+You+may+not+have+the+permissions+to+do+this.");
}
}
Password creation
else if (isset($_POST["submitSignup"])) {
$email = mysqli_real_escape_string($conn, $_POST["emailInput"]);
$passwordText = $_POST["passwordInput"];
$password = password_hash($passwordText, PASSWORD_BCRYPT);
$signupSQLCheck = "SELECT * FROM users WHERE email = '$email'";
$result = mysqli_query($conn, $signupSQLCheck);
if (mysqli_num_rows($result) == 0) {
$signupSQL = "INSERT INTO users set email = '$email', password = '$password'";
mysqli_query($conn, $signupSQL);
header("location: login.php?message=Your+account+is+active.+You+may+now+login.");
}
else {
header("location: login.php?message=This+email+is+already+registered.+Do+you+want+to+<a href = 'login.php'>login</a>?");
}
}
Password verify (works fine until changing password)
if (isset($_POST["submitLogin"])) {
$email = mysqli_real_escape_string($conn, $_POST["emailInput"]);
$passwordText = $_POST["passwordInput"];
$loginSQL = "SELECT * FROM users WHERE email = '$email' LIMIT 1";
$result = mysqli_query($conn, $loginSQL);
if (mysqli_num_rows($result) == 1) {
$row = mysqli_fetch_assoc($result);
$hash = $row["password"];
if (password_verify($passwordText, $hash)) {
$_SESSION["user"] = 1;
$_SESSION["userID"] = $row["id"];
header("location: index.php");
}
}
else {
header("location: login.php?message=Incorrect+email+or+password.+Do+you+want+to+<a href = 'signup.php'>sign up</a>?");
}
}
Thanks in advance
I am trying to make a sample website that have a different privileges the admin is for admin page and the client is for client page?
and this is my PHP code db_login
<?php
$uname = $_POST["uname"];
$pword = $_POST["pword"];
require_once("../connector/db_open.php");
$sql = "SELECT * FROM tbl_create_acc WHERE uname = '".$uname."' AND pword = '".$pword."'";
$result = $conn->query($sql) or die ($conn->error);
if($result->num_rows >0)
{
if (isset($_SESSION["uname"]) == ($_COOKIE['admin']))
{
$row = mysqli_fetch_array($result);
session_start();
$_SESSION['id'] = $row['id'];
$_SESSION['uname'] = $row['uname'];
$_SESSION['pword'] = $row['pword'];
header("Location: ../page/adminpage.php");
}
else
{
header("Location: ../page/clientpage.php");
}
}
else
{
header("Location: ../page/index1.php");
}
require_once("../connector/db_close.php");
?>
Hello guys I was confused using the if else statement I know it is the basic in conditioning also other languages. Don't know what to do here, I would like that it has an if condition(check) then also inside I want that it has an else if but my problem is I have to else statement which is wrong cause I know that else statement will be use at the end of a condition
Here's my code:
if (isset($_POST['login']))
{
$idno = mysql_real_escape_string($_POST['idno']);
$password = mysql_real_escape_string($_POST['password']);
$position = $_POST['user_type'];
$YearNow=Date('Y');
$_SESSION['SESS_MEMBER_ID'] = $idno;
$sql1 = "SELECT * FROM student WHERE idno = '$idno' AND password = '$password' " ;
$result = mysql_query($sql1) or die();
$row = mysql_fetch_array($result);
$num_row = mysql_num_rows($result);
//,student WHERE studentvotes.idno = student.idno
$sql2 = "SELECT * FROM vote_logs,school_year where vote_logs.idno='$idno' AND vote_logs.syearid = school_year.syearid AND school_year.from_year like $YearNow ";
$result1 = mysql_query($sql2) or die();
$row1 = mysql_fetch_array($result1);
if (mysql_num_rows($result1)<=1)
{
$_SESSION['idno']=$row['idno'];
$sql_c = "SELECT * FROM student WHERE idno = '$idno' AND password = '$password'";
$result2 = mysql_query($sql_c) or die(mysql_error());
$faunc = mysql_fetch_assoc($result2);
$_SESSION['SESS_COURSE'] = $faunc['progid'];
$_SESSION['SESS_MEMBER_ID'] = $idno;
header('location: plsvote.php');
}
else if ($row['status'] == 'lock')
{
header('location: last.php');
}
else
{
header('location: notification.php');
exit();
}
else
{
echo "<script type='text/javascript'>\n";
echo "alert('Username or Password incorrect!, Please try again.');\n";
echo "window.location = 'index.php';";
echo "</script>";
exit();
}
}
Please help me
You have imbricated your blocks, try this:
if (isset($_POST['login']))
{
$idno = mysql_real_escape_string($_POST['idno']);
$password = mysql_real_escape_string($_POST['password']);
$position = $_POST['user_type'];
$YearNow=Date('Y');
$_SESSION['SESS_MEMBER_ID'] = $idno;
$sql1 = "SELECT * FROM student WHERE idno = '$idno' AND password = '$password' " ;
$result = mysql_query($sql1) or die();
$row = mysql_fetch_array($result);
$num_row = mysql_num_rows($result);
//,student WHERE studentvotes.idno = student.idno
$sql2 = "SELECT * FROM vote_logs,school_year where vote_logs.idno='$idno' AND vote_logs.syearid = school_year.syearid AND school_year.from_year like $YearNow ";
$result1 = mysql_query($sql2) or die();
$row1 = mysql_fetch_array($result1);
if (mysql_num_rows($result1)<=1)
{
$_SESSION['idno']=$row['idno'];
$sql_c = "SELECT * FROM student WHERE idno = '$idno' AND password = '$password'";
$result2 = mysql_query($sql_c) or die(mysql_error());
$faunc = mysql_fetch_assoc($result2);
$_SESSION['SESS_COURSE'] = $faunc['progid'];
$_SESSION['SESS_MEMBER_ID'] = $idno;
header('location: plsvote.php');
}
else if ($row['status'] == 'lock')
{
header('location: last.php');
}
else
{
header('location: notification.php');
exit();
}
}
else
{
echo "<script type='text/javascript'>\n";
echo "alert('Username or Password incorrect!, Please try again.');\n";
echo "window.location = 'index.php';";
echo "</script>";
exit();
}
With an indentation, this kind of problem is easily visible.
This can be ok:
if ( //validate the email
filter_var($email, FILTER_VALIDATE_EMAIL) &&
preg_match('/#.+\./', $email)
) {
$result = mysql_query (
"INSERT INTO users(unique_id, name, email, encrypted_password, salt, created_at) VALUES('$uuid', '$name', '$email', '$encrypted_password', '$salt', NOW())"
);
if ($result) { // check for successful store
// get user details
$uid = mysql_insert_id(); // last inserted id
$result = mysql_query("SELECT * FROM users WHERE uid = $uid");
// return user details
return mysql_fetch_array($result);
} else {
return false; //unsuccessful store
}
} else {
//not a valid email
return false;
}
}
Try this one :
if (filter_var($email, FILTER_VALIDATE_EMAIL) && preg_match('/#.+\./', $email)) {
$result = mysql_query ("INSERT INTO users(unique_id, name, email, encrypted_password, salt, created_at) VALUES('$uuid', '$name', '$email', '$encrypted_password', '$salt', NOW())");
if ($result) { // check for successful store
// get user details
$uid = mysql_insert_id(); // last inserted id
$result = mysql_query("SELECT * FROM users WHERE uid = $uid");
// return user details
return mysql_fetch_array($result);
} else {
return false; //unsuccessful store
}
} else {
//not a valid email
return false;
}
Hello i just want to check if the user (who is logging in) has usertype Employer then he should redirect to my-profile.php and if usertype is Jobseeker then he should redirect to latest-jobs.php. Here is my code please help me if you can.
I am trying to add some script in my code but it has some mistake and not working. Now it's redirecting to latest-jobs.php to both (Employer and Jobseeker). Check down my second script.
Thanks
<?php
session_start();
include("lib/conn.php");
?>
<?php
$email=$_POST['user'];
$password=$_POST['password'];
if ($email && $password){
$query = "SELECT * FROM register WHERE email = '$email' AND password= '$password' and status = '1'";
$result = mysql_query( $query ) or die ("didn't query");
$num = mysql_num_rows( $result );
if ($num == 1){
$_SESSION['ocer']=$email;
header("Location: my-profile.php");
}
else {
header("Location: index.php?l=1");
}
}
?>
My second script
<?php
session_start();
include("lib/conn.php");
?>
<?php
$email=$_POST['user'];
$password=$_POST['password'];
if ($email && $password){
$query = "SELECT * FROM register WHERE email = '$email' AND password= '$password' and status = '1'";
$result = mysql_query( $query ) or die ("didn't query");
$num = mysql_num_rows( $result );
if ($num == 1){
$_SESSION['ocer']=$email;
if ($usertype == "Employer") {
header("Location: my-profile.php");
}
else {
header ("Location: latest-jobs.php");
}
}
else {
header("Location: index.php?l=1");
}
}
?>
I got the solution now.
<?php
session_start();
include("lib/conn.php");
$email=$_POST['user'];
$password=$_POST['password'];
if ($email && $password)
{
$query = "SELECT * FROM register WHERE email = '".$email."' AND password= '".$password."' and status = '1'";
$result = mysql_query($query) or die ("didn't query". mysql_error());
$num = mysql_num_rows($result);
if($num ==1){
$data = mysql_fetch_array($result);
if($data['usertype'] == 'Employer')
{
$_SESSION['ocer'] = $email;
header("Location: my-profile.php");
}
else if($data['usertype'] == 'Jobseeker')
{
$_SESSION['ocer'] = $email;
header("Location: latest-jobs.php");
}
}
else{
header("Location: index.php?l=1");
}
}
?>