I have this code and I have tried everything i can think of to get it to work on my WAMP local server any help would be greatly appreciated. I am PHP stupid. This works on a live server but not my WAMP server. I do get logged in just the pages do not seem to be passing the session variable to the proper user level. That's what's not working sorry for the poor description the first time.
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['login']))
{
if ($level == "Administrator") {
echo 'My Content';
}
elseif ($level == "Bank Officer") {
echo "";
}
elseif ($level == "Agent") {
echo "";
}
elseif(!empty($_POST['login']) && !empty($_POST['password']))
{
$login = mysql_real_escape_string($_POST['login']);
$password = $_POST['password'];
$checklevel = mysql_query("SELECT * FROM users WHERE login = '".$login."' AND password = '".$password."' ");
if(mysql_num_rows($checklevel) == 1)
{
$row = mysql_fetch_array($checklevel);
$level = $row['level'];
$_SESSION['level'] = $level;
}
$checklogin = mysql_query("SELECT * FROM users WHERE login = '".$login."' AND password = '".$password."' AND level='".$level."'");
if(mysql_num_rows($checklogin) == 1)
{
$row = mysql_fetch_array($checklogin);
$firstname = $row['firstname'];
$login = $row['login'];
$agent = $row['agent'];
$_SESSION['agent'] = $agent;
$_SESSION['firstname'] = $firstname;
$_SESSION['login'] = $login;
$_SESSION['LoggedIn'] = 1;
Thanks you for any help at all.
if ($_SESSION['level'] == "Bank Officer")
{
header('Location: index3.php');
exit;
}
elseif ($_SESSION['level'] == "Agent")
{
header('Location: index4.php');
exit;
}
elseif ($_SESSION['level'] == "Bank Manager")
{
header('Location: index5.php');
exit;
}
else
{
echo "Contact Administrator";
exit;
}
Related
My login page couldn't read on the multi level users. I have two types of users: UMD and CMD. Their location page will be different based on their level (CMD_home.php for CMD & UMD_home2.php for UMD). Currently when click login, both user navigate to UMD_home2.php page. Below are my codes, please assist to edit the code.
<?php
include "../setting/config.php";
session_start();
if (isset($_POST['login']))
{
$username = $_POST['username'];
$password = $_POST['password'];
//UMD,CMD
$query2 = "SELECT * FROM registered_accounts WHERE username='$username' AND password='$password'";
if (count(fetchAll($query2)) > 0)
{ //this is to catch unknown error.
foreach (fetchAll($query2) as $row)
{
if ($row['username'] == $username && $row['password'] == $password)
{
$_SESSION['test'] = true;
$level['level'] == "CMD";
header('location:CMD_home.php');
}
else
{
echo "<script>alert('Wrong login details.')</script>";
}
}
}
}
if (isset($_POST['login']))
{
$username = $_POST['username'];
$password = $_POST['password'];
//UMD,CMD
$query3 = "SELECT * FROM registered_accounts WHERE username='$username' AND password='$password'";
if (count(fetchAll($query2)) > 0)
{ //this is to catch unknown error.
foreach (fetchAll($query2) as $row)
{
if ($row['username'] == $username && $row['password'] == $password)
{
$_SESSION['test'] = true;
$level['level'] == "UMD";
header('location:UMD_home2.php');
}
else
{
echo "<script>alert('Wrong login details.')</script>";
}
}
}
}
?>
I think your problem is really easy. There is no if statments arround the $level['level'] == "CMD"; and $level['level'] == "UMD";
Try this:
<?php
include "../setting/config.php";
session_start();
if (isset($_POST['login'])) {
if (!isset($_POST['username']) || !isset($_POST['password'])){
exit;
}
$username = $_POST['username'];
$password = $_POST['password'];
//UMD,CMD
$sql = $pdo->prepare('SELECT * FROM registered_accounts WHERE username = :name AND password = :password');
$sql->execute([ 'name' => $username , 'password' => $password]);
if (count($sql) > 0) { //this is to catch unknown error.
foreach ($sql as $row) {
if ($row['username'] == $username && $row['password'] == $password) {
$_SESSION['test'] = true;
if($level['level'] == "CMD"){
header('location:CMD_home.php');
exit;
}else if($level['level'] == "UMD"){
header('location:UMD_home2.php');
exit;
}
}else{
alert();
}
}
}else {
alert();
}
function alert(){
echo "<script>alert('Wrong login details.')</script>";
}
}
?>
i have a login system to backoffice, but user verification don't work.
My code to login is:
$userName = isset($_POST["user-name"]) ? $_POST["user-name"]: '';
$userPass = isset($_POST["user-pass"]) ? $_POST["user-pass"]: '';
if ($userName != '0' && $userPass != '0'){
$criptSen = hash("whirlpool", $userPass);
$rediURL = isset($_GET["url"]) ? $_GET["url"]: '';
$SQL = "SELECT Usuario, Senha, Rank FROM utilizadores WHERE Usuario='$userName' AND Senha='$criptSen' limit 1";
$query = mysql_query($SQL);
if (mysql_num_rows($query)>0)
{
$row = mysql_fetch_array($query);
$_SESSION['Usuario'] = $row['Usuario'];
$_SESSION['Rank'] = $row['Rank'];
mysql_free_result($query);
if($row['Rank'] == 0){
header("Location: membro.php");
} else {
if($row['Rank'] == 1) {
header("Location: admin/index1.php");
}
}
} else {
if (isset($query)){
mysql_free_result($query);
}
header('location: index.php');
}
} else {
header('location: index.php');
}
?>
My code to verify session is true is:
When i login he doens't work fine, i think this code is wrong and i need your help to build it correctly.
<?php
#$Usuario = $_SESSION["Usuario"];
#$Rank = $_SESSION['Rank']
if(!(isset($Usuario) && isset($Senha))){
$url = explode("/", $_SERVER["REQUEST_URI"]);
header("Location: index1.php?url=$url[3]");
} else if(isset($Usuario) && isset($Senha)){
$SQL = mysql_query("SELECT Usuario, Senha FROM utilizadores WHERE Usuario='$Usuario' AND Senha='$Senha' AND Rank=1");
if(mysql_num_rows($SQL) == 0){
echo "<script>alert(\"Area Restrita\");</scrpit>";
header("Location: ../index.php");
}
}
?>
Changed my code to the following thanks to the tips. But I'm still not redirected to the user.php. Added the variable $rowcount and give it a value. If the query has a value of a user it have to be redirected to the user.php page.
<?php
include("inc/header.php");
?>
<?php
if(isset($_POST["submit"])) {
$username = trim($_POST["username"]);
$password = trim($_POST["password"]);
if($username == "" && $password == "") {
echo "Please fill in all the details";
exit;
}
if($username == "admin" &$password == "test") {
$_SESSION["admin"] = true;
header("location: admin-panel.php");
}
$rowcount = 0;
$password_secure = md5($password);
if($username != "" && $password != "") {
$sql = "SELECT * FROM user WHERE username = '".mysqli_escape_string($connection, $username)."'
AND password = '".mysqli_escape_string($connection, $password_secure)."'";
$query = mysqli_query($connection, $sql);
$rowcount = mysqli_num_rows($query);
} else {
echo "Username of password was not right, please try again.";
}
if($rowcount != 0) {
$row = mysql_fetch_array($connection, $query);
$_SESSION["username"] = $row["username"];
$_SESSION["login"] = true;
header("location: user.php");
exit;
}
}
?>
<?php
include("inc/footer.php");
?>
// if logged in, redirect towards user account
if($logged_in) {
header("Location: useraccount.php");
exit(0);
}
Change $logged_in with your php stracture
Your $rowcount must to be declared at outside of the "if":
$rowcount=0;
if($username != "" && $password != "") {
$sql = "SELECT * FROM user WHERE username = '".$username."'
AND password = '".$password_secure."'";
$query = mysqli_query($connection, $sql);
$rowcount = mysqli_num_rows($query);
}
Add session_start() at the top of your page. Also change the following code.
session_start();
..
..
if($rowcount == 1)
{
while($row = mysqli_fetch_array($query))
{
$_SESSION["username"] = $row["username"];
$_SESSION["login"] = true;
}
header("location: user.php");
}
In user.php, first check whether user is logged in or not. For that write a simple function -
function is_loggedin()
{
if(isset($_SESSION['username']) && isset($_SESSION['login']))
return TRUE;
else
return FALSE;
}
If return FALSE, redirect back to Login page.
Hello Ladies and Gentlemen, I have been working on this project for some time now. And all of a sudden when I go into the web page to login I just get a blank screen at the 'success_login.php' which is literally just the login script that runs once login is clicked on my screen.
Here is the success_login.php script:
<?php
require_once($_SERVER['DOCUMENT_ROOT'] . '/luke/classes/userFunctions.php');
$userFunctions = new userFunctions();
session_start();
//assign all posted values to a session
if (!empty($_POST)) {
foreach($_POST as $key => $value) {
$_SESSION['login_info'][$key] = $value;
}
}
//Get the username and password
$username = htmlentities($_POST["username"], ENT_QUOTES);
$password = htmlentities($_POST["password"], ENT_QUOTES);
//Get the user id if the login was valid
$userId = $userFunctions->validLogin($username,$password);
if($userId != 0) {
$_SESSION['login_info']['username'] = $username;
$_SESSION['login_info']['password'] = $password;
$_SESSION['login_info']['user_id'] = $userId;
header('LOCATION: home.php');
exit;
}
header('LOCATION: login.php');
exit;
?>
and here is the function it refers to:
public function validLogin($username,$password) {
$dbact = new DbInteraction();
$query = "select * from person";
$result = $dbact->interact($query,true);
$row = mysql_numrows($result);
$valid = false;
$userId = 0;
while ($row = mysql_fetch_array($result)) {
//Check to see if the username and password are valid
$validUsername = strcmp($username,$row['username']);
if($validUsername == 0) {
$hashedPassword = md5($password . Constants::SALTED);
$validPassword = strcmp($hashedPassword,$row['password']);
if($validPassword == 0) {
$valid = true;
$userId = $row['idperson'];
}
}
}
if(!$valid) {
$_SESSION['login_info']['username'] = "error";
$_SESSION['login_info']['password'] = "";
header('LOCATION: login.php');
exit;
return $userId;
} else {
$_SESSION['login_info']['username'] = "";
$_SESSION['login_info']['password'] = "";
return $userId;
}
}
Like I said, its been working for months and now all of a sudden its not anymore, and it has me really worried. Could someone shed some light for me?
Thanks a million for your time!
so I have my site which i am coding, in my login.php, this is the source:
<?php
include "out_config.php";
session_start();
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
if(!$username) {
header("Location: ../index?errormsg=nousername");
}
if(!$password) {
header("Location: ../index?errormsg=nopassword");
}
$sql = "SELECT * FROM users WHERE username='$username' and password='$password'";
if($rankcheck == "Administrator" || $rankcheck == "Client") {
$check = 1;
}
else {
$check = 0;
}
if($_SERVER['REQUEST_METHOD'] == 'POST') {
$result = mysql_query($sql);
$count = mysql_num_rows($result);
if($count==1 && $check == 1) {
$_SESSION['username'] = $username;
header("Location: ../home");
}
else {
header("location: ../index?errormsg=invalidlogin");
}
}
?>
1st: I know MySQL is depreciated but I want to use MySQL because my Host Supports MySQL more than MySQLi/PDO.
2nd: You can see my $rankcheck won't work. My rank check lines are included in out_config.php, the source for it is:
<?php
<Removed Details>
$connect = mysql_connect($host, $username, $password);
$selectdb = mysql_select_db($db);
$IP = getenv('REMOTE_ADDR');
$sql2 = mysql_query("SELECT `rank` FROM `users` where username='$user'");
if(isset($_SESSION['username'])) {
$user = $_SESSION['username'];
$rankcheck = mysql_result($sql2,0);
}
?>
So you can see, it looks all fine. :P
Now, the problem is that I am trying to allow access to this area only to people who are ranked 'Administrator' and 'Client' so it won't work. My Database structure is:
http://i.stack.imgur.com/AAzr9.png
It does not grant access to User and Awaiting usergroup members. But it does not even let Administrator's and Clients. ( I am sure there is no Password Encryption yet ).
If you could help me, it would be really helpful!
in the moment you are including your "out_config.php" $username and $password is not set
change to this:
<?php
session_start();
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
include "out_config.php";
if(!$username) {
header("Location: ../index?errormsg=nousername");
}
if(!$password) {
header("Location: ../index?errormsg=nopassword");
}
$sql = "SELECT * FROM users WHERE username='$username' and password='$password'";
if($rankcheck == "Administrator" || $rankcheck == "Client") {
$check = 1;
}
else {
$check = 0;
}
if($_SERVER['REQUEST_METHOD'] == 'POST') {
$result = mysql_query($sql);
$count = mysql_num_rows($result);
if($count==1 && $check == 1) {
$_SESSION['username'] = $username;
header("Location: ../home");
}
else {
header("location: ../index?errormsg=invalidlogin");
}
}
?>