I have a database table that holds a users username, password and other information as well as whether theyre and administrator or not. Its currently set to Char where A is for admin and U is for normal user.
I have the following code which checks if a user exists:
<?php
session_start(); // Starting Session
include_once('config.php');
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['user']) || empty($_POST['pass'])) {
$error = "Please complete both fields";
}
else
{
// Define $username and $password
$user=$_POST['user'];
$_SESSION['login_user']=$user;
$pass=md5($_POST['pass']);
// To protect MySQL injection for Security purpose
$user = stripslashes($user);
$pass = stripslashes($pass);
$user = mysqli_real_escape_string($mysqli, $user);
$pass = mysqli_real_escape_string($mysqli, $pass);
// SQL query to fetch information of registered users and finds user match.
$result = mysqli_query($mysqli, "SELECT * FROM users WHERE Username='$user' AND Password='$pass'");
if(mysqli_num_rows($result) == 1) {
header("Location: home.php");
} else {
$error = "Username or Password is invalid";
}
mysqli_close($mysqli); // Closing mysqlinection
}
}
?>
<!doctype html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="style/style.css">
<script type="text/javascript" src="//code.jquery.com/jquery-2.1.3.min.js"></script>
<title>Login</title>
</head>
<body>
<div id = "logReg">
<span href="#" class="button" id="toggle-login">Log in</span>
</div>
<div id="login">
<div id="triangle"></div>
<h1>Log in</h1>
<form action = "" id = "logregform" method = "POST">
<p id = "err"> <?php if(isset($error)) {echo $error;} ?> </p>
<input id = "logtxt" type="text" placeholder="Username" name = "user" required/>
<input type="password" placeholder="Password" name = "pass" required/>
<input type="submit" value="Log in" name = "submit" />
<br>
<br>
<p id ="bklg">Dont have an account? Sign up</p>
</form>
</div>
</html>
How would i check if Account_Type is A and if so direct the user to another page instead of the normal home.php page?
EDIT:
It works fine however the admin wont log in.
Ive given it test username of 456 and a password of 456 when i enter them into the two textboxes nothing happens, the screen just refreshes and im back on the login page:
new code below:
<?php
session_start(); // Starting Session
include_once('config.php');
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['user']) || empty($_POST['pass'])) {
$error = "Please complete both fields";
}
else
{
// Define $username and $password
$user=$_POST['user'];
$pass=md5($_POST['pass']);
// To protect MySQL injection for Security purpose
$user = stripslashes($user);
$pass = stripslashes($pass);
$user = mysqli_real_escape_string($mysqli, $user);
$pass = mysqli_real_escape_string($mysqli, $pass);
// SQL query to fetch information of registered users and finds user match.
$result = mysqli_query($mysqli, "SELECT * FROM users WHERE Username='$user' AND Password='$pass'");
if ($row = mysqli_fetch_array($result)) {
//set the session variables
$_SESSION['Username'] = $row['Username'];
$_SESSION['Account_Type'] = $row['Account_Type'];
if ($row['Account_Type'] === 'A') {
header ("location: adminHome.php");
exit;
} else {
header ("location: home.php");
exit;
}
} else {
$error = "Username or Password is invalid";
}
mysqli_close($mysqli); // Closing mysqlinection
}
}
?>
<!doctype html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="style/style.css">
<script type="text/javascript" src="//code.jquery.com/jquery-2.1.3.min.js"></script>
<title>Login</title>
</head>
<body>
<div id = "logReg">
<span href="#" class="button" id="toggle-login">Log in</span>
</div>
<div id="login">
<div id="triangle"></div>
<h1>Log in</h1>
<form action = "" id = "logregform" method = "POST">
<p id = "err"> <?php if(isset($error)) {echo $error;} ?> </p>
<input id = "logtxt" type="text" placeholder="Username" name = "user" required/>
<input type="password" placeholder="Password" name = "pass" required/>
<input type="submit" value="Log in" name = "submit" />
<br>
<br>
<p id ="bklg">Dont have an account? Sign up</p>
</form>
</div>
<script>
$('#toggle-login').click(function(){
$('#login').slideToggle('fast');
});
</script>
</html>
You are going about this the wrong way. Every page that requires the user to be authenticated should check at the very start if the user is authenticated and at what level. The way to do that is to use the session.
Right now you are setting the session variable before you even check whether the user / password combination is correct so you are effectively logging in anybody who enters a username.
You need to store the variables in the session only upon successful login and as mentioned you need to get a row from your result set to get the user information:
// Personally I would use a prepared statement here
$result = mysqli_query($mysqli, "SELECT * FROM users WHERE Username='$user' AND Password='$pass'");
if ($row = mysqli_fetch_array($result)) {
// Now you can set the session variables
$_SESSION['Username'] = $row['Username'];
$_SESSION['Account_Type'] = $row['Account_Type'];
// Add any additional user information to the session that you might need later on
if ($row['Account_Type'] === 'A') {
header ("location: adminHome.php");
exit;
} else {
header ("location: home.php");
exit;
}
} else {
$error = "Username or Password is invalid";
}
Now in every page where a user is required you can do:
session_start();
if (isset($_SESSION['Username']))
{
// valid user, additional checks for user type?
}
else
{
// not a valid / logged in user
}
Note:
(unsalted...) md5 is unsafe to use for passwords, see Secure hash and salt for PHP passwords;
$row = mysqli_fetch_array($result);
if ($row['Account_Type'] === 'A') {
} elseif ($row['Account_Type'] === 'U') {
} else {
}
Related
I wanted to show the variable username into another page. These are the codes I've used. This is the first page where the username is inserted.
<?php
include('login.php'); // Includes Login Script
if(isset($_SESSION['login_user'])){
}
?>
<html>
<head>
<title>Login</title>
</head>
<body>
<div id="login" align="center">
<h2>Welcome!</h2>
<form action="" method="post">
<label>Username :</label>
<input id="name" name="username" placeholder="username" type="text"><br>
<label>Password :</label>
<input id="password" name="password" placeholder="**********"
type="password">
<br><br>
<input name="submit" type="submit" value=" Login ">
<span><?php echo $error; ?></span>
</form>
</div>
</body>
</html>
Then in this page I wanted to show the username that was inserted
<?php include 'database.php'; ?>
<?php session_start(); ?>
<?php
function visualizza($file) {
$f = fopen($file, "r"); // apro il file in lettura
return fread($f, filesize($file));
fclose($f);
}
?>
<html>
<main>
<div class="container">
<h2> Quiz Completato!</h2>
<p> Congratulations <?php
$username = $_POST['username'];
echo $username;
?>
! You completed the test</p>
<p>Final Score:<?php echo $_SESSION['score']; ?> </p>
</div>
</main>
I can't put form action="final.php", because this is the final page of a quiz, while the submit button has to send me to another page
Do you know how to do this please?
This is where the user and password are processed (login.php)
<?php
session_start(); // Starting Session
$error = ''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
}
else
{
// Define $username and $password
$username = $_POST['username'];
$password = $_POST['password'];
// mysqli_connect() function opens a new connection to the MySQL server.
$conn = mysqli_connect("localhost", "root", "", "quizzer");
// SQL query to fetch information of registerd users and finds user match.
$query = "SELECT username, password from login where username=? AND
password=? LIMIT 1";
// To protect MySQL injection for Security purpose
$stmt = $conn->prepare($query);
$stmt->bind_param("ss", $username, $password);
$stmt->execute();
$stmt->bind_result($username, $password);
$stmt->store_result();
if($stmt->fetch()) //fetching the contents of the row
{
$_SESSION['login_user'] = $username; // Initializing Session
header("location: quizzer.php"); // Redirecting To Profile Page
}
else {
$error = "Username o Password sbagliate";
}
mysqli_close($conn); // Closing Connection
}
}
?>
In your form element, the action attribute needs to go to another page submitting all the $_POST[] requests.
<form action="page2.php" method="post">
Now the $_POST['username'] can now be seen in the second page.
As soon as you login u may store the username in session as follows
$_SESSION['username'] = $_POST['username'];
And echo it on any page by starting starting session
echo $_SESSION['username'];
I'm just learning the PHP basics and I need to create a blog. I've followed a few tutorials but I can't seem to be able to get PHP to recognize when I've pressed the login form I created with HTML.
<?php
session_start(); //keep a session open so no need to relogin
if(isset($_POST['submit'])){ //check to see if submit button is pressed
$user = $_POST['username'];
$pwrd = $_POST['pwrd'];
//add database connection
include('./includes/db_connect.php');
if(empty($user) || empty($pwrd)){
echo 'Please ensure both password and username fields are filled.';
}else{
$pwrd = md5($pwrd);
$query = $db->query("SELECT user_id, username FROM user WHERE username='$user' AND password = '$pwrd'"); //grab username and password from table
if($query->num_rows ===1) {
while ($row = $query->fetch_object()) {
$_SESSION['user_id'] = $row->user_id;
}
header('Location : index.php'); //redirt user to index.php
exit();
}else{
echo 'Wrong credentials';
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
</head>
<body>
<div id="container">
<form action="login.php" method="post">
<p>
<label>Username</label><input type="text" name="username" />
</p>
<p>
<label>Password</label><input type="password" name="pwrd" />
</p>
<input type="submit" value="LogIn" />
</form>
</div>
</body>
</html>
When I press log in while both username and password are empty I get nothing instead of 'Please ensure both password and username fields are filled.'
Any help would be appreciated.
You are checking with if(isset($_POST['submit'])){ but there is no field in the form named submit.
Try with, if ($_SERVER['REQUEST_METHOD'] === 'POST') { instead.
Or rename the submit button to submit [or something else but remember to fix the check as well]
$_POST data comes from the 'name="..."' item. Not type="...". Note that simply checking if POST exists is a risky practice since you can have more than 1 form on the page, so I always use explicit checks of the desired form fields to trigger form handlers.
<?php
session_start(); //keep a session open so no need to relogin
if(isset($_POST['username'])){ //check to see if submit button is pressed
$user = $_POST['username'];
$pwrd = $_POST['pwrd'];
//add database connection
include('./includes/db_connect.php');
if(empty($user) || empty($pwrd)){
echo 'Please ensure both password and username fields are filled.';
}else{
$pwrd = md5($pwrd);
$query = $db->query("SELECT user_id, username FROM user WHERE username='$user' AND password = '$pwrd'"); //grab username and password from table
if($query->num_rows ===1) {
while ($row = $query->fetch_object()) {
$_SESSION['user_id'] = $row->user_id;
}
header('Location : index.php'); //redirt user to index.php
exit();
}else{
echo 'Wrong credentials';
}
}
}
?>
Hi there I am currently working on a user login where there can be 2 different situations when a person submits the form.
What I am trying to accomplish is that if someone logs in,
they would either be redirected to the user page or the admin page depending on what table their username is located.
My problem is, after submitting the form, the browser shows a blank page with no errors, with the URL being the php action of the form.
Here is my html file
<?php
//Start session
//error_reporting = E_ALL & ~E_NOTICE;
ini_set( 'error_reporting', E_ALL & ~E_NOTICE);
session_start();
//Unset the variables stored in session
unset($_SESSION['SESS_MEMBER_ID']);
unset($_SESSION['SESS_USERNAME']);
unset($_SESSION['SESS_PASSWORD']);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="css/style.css" title="" />
<link rel="stylesheet" href="css/animate.css" title="" />
<link href='http://fonts.googleapis.com/css?family=Open+Sans:400,600,700,300' rel='stylesheet' type='text/css'>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.js"> </script>
<script src="js/mouseEvents.js"></script>
<title>Grey Avenue Item Inventory Login</title>
</head>
<body>
<div id="container">
<div id="mainform" >
<div id="formcontainer" class="animated fadeInDown">
<div id="formheader">
<div class="logocont">
<span class="logoImg"></span>
<h2 class="textheader">Inventory System Log-In</h2>
</div>
</div>
<form action="login.php" method="post" id="loginform">
<div class="inputbox"> <input type="text" name="username" placeholder="Username" maxlength="12"/></div>
<div class="inputbox"> <input type="password" name="password" placeholder="Password" maxlength="12"/></div>
</form>
<div id="loginbutton">
<button type="submit" form="loginform" class="loginbutton" value="Log In">
<span class="loginbut_text">Log In</span>
</button>
<button class="regbutton" value="Register">
<span class="loginbut_text">Register</span>
</button>
</div>
<div id="errormsg">
<?php
if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0 ) {
echo '<ul class="err">';
foreach($_SESSION['ERRMSG_ARR'] as $msg) {
echo '<li>',$msg,'</li>';
}
echo '</ul>';
unset($_SESSION['ERRMSG_ARR']);
}
?>
</div>
</div>
</div>
</div>
</body>
</html>
And my login.php file
<?php
session_start();
require("connect.php");
require("lib/password.php");
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
$username = $_POST["username"];
$password = $_POST["password"];
//Input Validations
if($username == "") {
$errmsg_arr[] = "*Username missing";
$errflag = true;
}
if($password == "") {
$errmsg_arr[] = "*Password missing";
$errflag = true;
}
//If there are input validations, redirect back to the login form
if($errflag) {
$_SESSION["ERRMSG_ARR"] = $errmsg_arr;
session_write_close();
header("location: index.php");
die();
}
if ($sql = $conn->prepare("SELECT id, username, password, firstName, lastName FROM users WHERE username = ?")){
$sql->bind_param("s", $username) ;
$sql->execute();
$sql->store_result();
$result = $sql->num_rows;
$sql->bind_result($id, $username, $passwordhash, $firstName, $lastName);
$sql->fetch();
if ($result > 0){
if(password_verify($password, $passwordhash)){
session_regenerate_id();
$_SESSION["SESS_MEMBER_ID"] = $id;
$_SESSION["SESS_USERNAME"] = $username;
$_SESSION["SESS_PASSWORD"] = $password;
$_SESSION["SESS_FIRSTNAME"] = $firstName;
$_SESSION["SESS_LASTNAME"] = $lastName;
session_write_close();
header("location: inventory.php");
die();
}
else {
//Login failed
$errmsg_arr[] = "Username and Password do not match";
$errflag = true;
if($errflag) {
$_SESSION["ERRMSG_ARR"] = $errmsg_arr;
session_write_close();
header("location:index.php");
die();
}
}
}
}
else {
if($sql = $conn->prepare("SELECT id, username, password, firstName, lastName FROM admin WHERE username=?")){
$sql->bind_param("s", $username);
$sql->execute();
$sql->store_result();
$result = $sql->num_rows;
$sql->bind_result($id, $username, $passwordhash, $firstName, $lastName);
$sql->fetch();
if($result > 0){
if(password_verify($password, $passwordhash)){
session_regenerate_id();
$_SESSION["SESS_MEMBER_ID"] = $id;
$_SESSION["SESS_USERNAME"] = $username;
$_SESSION["SESS_PASSWORD"] = $password;
$_SESSION["SESS_FIRSTNAME"] = $firstName;
$_SESSION["SESS_LASTNAME"] = $lastName;
session_write_close();
header("location: http://www.greyavenue.ph/shoplogin/inventoryadmin.php");
die();
}
else {
//Login failed
$errmsg_arr[] = "Username and Password do not match";
$errflag = true;
if($errflag) {
$_SESSION["ERRMSG_ARR"] = $errmsg_arr;
session_write_close();
header("location: index.php");
die();
}
}
}
else{
//Login failed
$errmsg_arr[] = "Username and Password not found";
$errflag = true;
if($errflag) {
$_SESSION["ERRMSG_ARR"] = $errmsg_arr;
session_write_close();
header("location: http://www.greyavenue.ph/shoplogin/index.php");
die();
}
}
}
}
?>
I am confused because the login seems to function and redirect the browser to the pages when I am not hashing the password before, but now after changing the code with the hash function the URL remains at this php file.
Really appreciate the effort in taking the time to read and answer my question in advance! Thanks!
There's a logical error:
your code, stripped to the beef:
if ($sql = $conn->prepare("SELECT id, username, password, firstName, lastName FROM users WHERE username = ?")){
// retrieve result
if ($result > 0){
// check result
}
}
else {
// select from admin
}
In the case you have a user/pwd tupel which doesn't fit, the $result is 0.
In this particular cse, none of the redirect branches will be hit and the page just shows as empty.
you need to change similar to the following:
if ($sql = $conn->prepare("SELECT id, username, password, firstName, lastName FROM users WHERE username = ?")){
// handle sql error
}
// retrieve result
if ($result > 0){
// check result, either logged in or error
}
// no result in users, check admin:
if ($sql = $conn->prepare("SELECT id, username, password, firstName, lastName FROM admin WHERE username = ?")){
// handle sql error
}
// retrieve result
if ($result > 0){
// check result, either logged in or error
}
make this changes in your html code
<form action="login.php" method="post" id="loginform">
<div class="inputbox"> <input type="text" name="username" placeholder="Username" maxlength="12"/></div>
<div class="inputbox"> <input type="password" name="password" placeholder="Password" maxlength="12"/></div>
<div id="loginbutton">
<button type="submit" form="loginform" class="loginbutton" value="Log In">
<span class="loginbut_text">Log In</span>
</button>
<button class="regbutton" value="Register">
<span class="loginbut_text">Register</span>
</button>
</form>
What seems to be happening is that error reporting is off (you set it on in your "html" file but not in login.php) and at the same time there is an issue inside your password_verify() function.
You should post that function as well so that we can take a look.
UPDATE
Also if you are using as it seems a password_verify that is not the built in one, and your PHP is 5.5 or greater you may be trying to define a function with a reserved name (password_verify) and thus getting a fatal error, which you can't see, as apparently errors are not displayed in your server.
Hi guys I have solved my problem which was pretty simple and I am very sorry if I have troubled you.
I forgot to put the second else query statement inside the first one where it checks the number of rows available.
Many thanks for your insights and feedbacks!
I am designing a website which have four modules Admin, branch admin, reporter, accountant where each of the respective person can login to their respective page like admin will login to the admin page and reporter will login to it's page, but the code is not working.
When I try login to any module it login only to the admin page and does goes to the branch admin or reporter or accountant.
This is my index.php page
<?php
include('login.php'); // Includes Login Script
if(isset($_SESSION['login_user']))
{
header("Location: admin.php");
}
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>LoginIN</title>
<link href="styles/bootstrap.min.css" rel="stylesheet">
<link href="styles/signin.css" rel="stylesheet">
</head>
<body>
<div id="wrapper">
<header id="top">
<center><h1>Reporter Management System</h1></center>
<div class="container">
<form class="form-signin" role="form" action ="" method="post">
<h2 class="form-signin-heading">Please sign in</h2>
<input type="email" name="username" class="form-control" placeholder="Email address" required autofocus>
<input type="password" name="password" class="form-control" placeholder="Password" required>
<br>
<div class="checkbox">
<label>
<input type="checkbox" value="remember-me">Remember me
<br>
</label>
</div>
<input name="submit"button class="btn btn-lg btn-primary btn-block" type="submit" value=" Sign in">
<span><?php echo $error; ?></span>
<br>
Forgot your password?
</body>
</html>
This is my login.php page
<?php
error_reporting( E_ALL );
ini_set('display_errors',1);
ini_set('display_startup_errors',1);
error_reporting(-1);
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
}
else
{
// Define $username and $password
$usr=$_POST['username'];
$pwd=$_POST['password'];
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$con = mysql_connect("localhost", "root1", "oec#123") or die('Error Connecting to mysql server');
// To protect MySQL injection for Security purpose
$username = stripslashes($usr);
$password = stripslashes($pwd);
$username = mysql_real_escape_string($usr);
$password = mysql_real_escape_string($pwd);
// Selecting Database
$db=mysql_select_db('rms',$con);
// SQL query to fetch information of registerd users and finds user match.
$query = mysql_query("select username, password from login where password='$pwd' AND username='$usr'", $con) or die('Error querying database');
$rows = mysql_num_rows($query);
while ($rows = mysql_fetch_array($query)) {
$_SESSION['Sl_no']=$rows['Sl_no'];
if ($rows ==1)
{
// Initializing Session
header("location: admin.php"); // Redirecting To Other Page
}
elseif ($rows==2)
{
header("location: branchadmin.php");
}
elseif($rows==3)
{
header("location: accountant.php");
}
elseif($rows==4)
{
header("location: reporter.php");
}
else
{
$error = "Username or Password is invalid";
}
}
mysql_close($con); // Closing Connection
}
}
?>
I think the problem is with your retrieval and condition statements around this area
while ($rows = mysql_fetch_array($query)) {
$_SESSION['Sl_no']=$rows['Sl_no'];
if ($rows ==1)
{
and since the login page is redirecting to the admin.php every time, this could be because you put the number of returned rows in the $rows variable like $rows = mysql_num_rows($query); and if it is returning one row this would meet the the if ($rows ==1){header("location: admin.php");} condition you check later on...
Just an educated (and/or non-educated) guess.
Why don't you put a column in your db that indicates the users level of access. Like user_level or something where admin = 1, branchadmin = 2, accountant = 3, etc. and then do a check and re-direct based on that.
So when you check whether the username and password from the form are in the the database and if it is then you could look at their user level to see where to re-direct them.
if ($rows === 1){
$row_array = mysql_fetch_assoc($query);
if ($row_array['admin_level'] == 1){
header("location: admin.php"); // Redirecting To Other Page
}
elseif ($row_array['admin_level']==2){
header("location: branchadmin.php");
}
elseif($row_array['admin_level']==3){
header("location: accountant.php");
}
elseif($row_array['admin_level']==4){
header("location: reporter.php");
}
else{
$error = "Username or Password is invalid";
}
}
mysql_close($con); // Closing Connection
Does that make sense or am I misunderstanding what you want to achieve?
In this case, you have to use multiple session variables like $_SESSION['email'] and $_SESSION['type'].
Here, $email will be the username of particular user and $type will be the type of user like admin, branch admin, reporter, accountant etc.
These two session variables needs to be set while user is logging in.
For example, consider the following code snippet:
if(isset($_SESSION['email']))
{
if($_SESSION['type'] == "admin")
{
header('location:admin.php');
}
else if($_SESSION['type'] == "reporter")
{
header('location:reporter.php');
}
}
Im creating a website where users can login to buy books and collect them from store. I have a login screen where both normal users as well as staff use to login. However im trying to find a way to differentiate between normal users and staff.
I have a table called "users" where one of the columns is called "account_type" which can hold a value of U for normal user and A for admin.
this is the code i currently have:
<?php
session_start(); // Starting Session
include_once('config.php');
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['user']) || empty($_POST['pass'])) {
$error = "Please complete both fields";
}
else
{
// Define $username and $password
$user=$_POST['user'];
$_SESSION['login_user']=$user;
$pass=md5($_POST['pass']);
// To protect MySQL injection for Security purpose
$user = stripslashes($user);
$pass = stripslashes($pass);
$user = mysqli_real_escape_string($mysqli, $user);
$pass = mysqli_real_escape_string($mysqli, $pass);
// SQL query to fetch information of registered users and finds user match.
$query = mysqli_query($mysqli, "SELECT * FROM users where Username='$user' AND Password='$pass'");
$rows = mysqli_num_rows($query);
if ($rows == 1) {
header("location: home.php"); // Redirecting To Other Page
}elseif ($rows["account_type"] == "A"){
header ("location: adminHome.php");
}else {
$error = "Username or Password is invalid";
}
mysqli_close($mysqli); // Closing mysqlinection
}
}
?>
<!doctype html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="style/style.css">
<script type="text/javascript" src="//code.jquery.com/jquery-2.1.3.min.js"></script>
<title>Login</title>
</head>
<body>
<div id = "logReg">
<span href="#" class="button" id="toggle-login">Log in</span>
</div>
<div id="login">
<div id="triangle"></div>
<h1>Log in</h1>
<form action = "" id = "logregform" method = "POST">
<p id = "err"> <?php if(isset($error)) {echo $error;} ?> </p>
<input id = "logtxt" type="text" placeholder="Username" name = "user" required/>
<input type="password" placeholder="Password" name = "pass" required/>
<input type="submit" value="Log in" name = "submit" />
<br>
<br>
<p id ="bklg">Dont have an account? Sign up</p>
</form>
</div>
<script>
$('#toggle-login').click(function(){
$('#login').slideToggle('fast');
});
</script>
</html>
Line 24-30 is where ive put the check but it doesnt seem to work.
I dont get any errors it just skips to the validation part when i try the admins login details and says "username or password is invalid" It does login as the normal user however.
Any ideas?
$rows = mysqli_num_rows($query);
if ($rows == 1) {
header("location: home.php"); // Redirecting To Other Page
}elseif ($rows["account_type"] == "A"){
...
}
Take a closer look at this. You are setting $rows with mysqli_num_rows, it will not be an array and should only be an integer. You need to use a fetch function to get the column data. The fetch would be run using the MySQLi statement variable (in your case the return value of mysqli_query or $query. Read more about fetch here: http://php.net/manual/en/mysqli-stmt.fetch.php
P.S. Your code a little messy. You use stripslashes then real escape, why not use prepared statements? They are safer and more efficient because they let the DBMS (MySQL) handle the variables. Read more about prepared statements here: http://php.net/manual/en/mysqli.prepare.php