My Level = Beginner
Working on a fictitious site to learn PHP.
I have some code I found that allows me to check a mySQL table for Username & Password and if found let's me in. Perfect. But now, I entered an ADMIN userid & password in the table and assigned its USERTYPE '5' where as the other account level I make '0.'
I was messing around with it for a while, but then realized my login script is checking the values I enter on the form against the values in the database and I don't know how to also make it check the USERTYPE for 5, so I can be directed to a different page than the person who has a USERTYPE of 0.
So, here's what I have. Can someone tell me if this is where I need to put something to check USERTYPE? Examples are greatly appreciated, but I don't mind a mystery if you can point me in the right direction. I'm good at Google'ing. Here it is:
Code: Select all
<?php session_start();
include ("../_config/_config.php");
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
if (empty($_SESSION['myusername']))
session_register('myusername');
$_SESSION['myusername'] = $myusername ;
if (empty($_SESSION['mypassword']))
session_register('mypassword');
$_SESSION['mypassword'] = $mypassword ;
header("location:../templates/contact.php");
}
else {
echo "Wrong Username or Password";
}
?>Any help with the logic of this thing would be great.
Thank you...