Successful login in php

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
hubertj
Forum Newbie
Posts: 1
Joined: Thu Mar 29, 2012 6:53 pm

Successful login in php

Post by hubertj »

can anyone tell me why this code is not working?? any silly mistake i made?

The Problem: There is a login page. In the Login page i type in the ID and password and click enter. Once i click enter it will run the next file which is login_now.php. In my database, i have 2 entry. first entry the position is manager and 2ns entry position is staff. Logging in with manager is very successful while logging in with staff is a total failure...failure as in it never do what it should do it just return me back to log in page.

This is the code that is in login_now.php and this is what it suppose to do when enter button is clicked:

Code: Select all

$query = "select * from emp where EID = '$myeid' and PASS = '$mypassword'";


//run the query
$result = mysql_query($query, $conn);
$row = mysql_fetch_assoc($result);

if (mysql_num_rows($result) > 0 and $row['POSITION']=="manager")            //found a record?
{
$_SESSION['eid'] = $myeid;      //remember name as a session variable
$_SESSION['password'] = $mypassword;    //remember password as a session variable
header('Location: welmanager.php');             //redirect user to index
}
elseif (mysql_num_rows($result) > 0 and $row['POSITION']=="staff")
{
$_SESSION['eid'] = $myeid;      //remember name as a session variable
$_SESSION['password'] = $mypassword;    //remember password as a session variable
header('Location: welstaff.php');           //redirect user to index
}
else
{
header('Location: login.php');          //kick back to login
}
Let me know if you guys need to see other parts of my code....thanks in advance
User avatar
azycraze
Forum Commoner
Posts: 56
Joined: Mon Oct 24, 2011 12:08 pm
Location: India

Re: Successful login in php

Post by azycraze »

$query = "select * from emp where EID = '$myeid' and PASS = '$mypassword'";


//run the query
$result = mysql_query($query, $conn);

if (mysql_num_rows($result) > 0) //found a record?
{
$_SESSION['eid'] = $myeid; //remember name as a session variable
$_SESSION['password'] = $mypassword; //remember password as a session variable
$row = mysql_fetch_assoc($result);
if($row['position']=="manager")
{
header('Location: welmanager.php'); //redirect user to index
}
else
{
header('Location: welstaff.php'); //redirect user to index
}
}
else
{
header('Location: login.php'); //kick back to login
}

===================================================
this will work if you have only manager and staff as the values in position column.
phphelpme
Forum Contributor
Posts: 261
Joined: Sun Nov 21, 2010 3:32 pm

Re: Successful login in php

Post by phphelpme »

I would personally save the account type in the database along with the corresponding file location name. That way your code can just grab from the database the credentials, check to see if correct then grab account type and redirect auto to correct page. On that page you would have if statement at top checking to see if account type matches that of the page with that in the database.

This way your script is not limiting your amount of account types. For instance, I have system where I have 7-8 different account types depending on role, so with the coding above I would need 7=8 different if/elseif statements. So create yourself a standard function to grab this data from the database and get it to redirect on the basis that account type matches that of current page.

You could even go one step ahead and get everything in one page. Then echo on basis that x = y if not it does not echo etc. That way every single account redirects to the same page no matter what account type but only gets to see what options are supposed to be echoed for that particular account type.

Best wishes
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: Successful login in php

Post by social_experiment »

phphelpme wrote:That way every single account redirects to the same page no matter what account type but only gets to see what options are supposed to be echoed for that particular account type.
A good idea; this will save you from coding 2 user areas; using the 'type' of user you can determine what to display for which user (as phphelpme mentions elsewhere in his post)
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: Successful login in php

Post by Celauran »

Also, and I'm surprised this hasn't already been mentioned, don't store the user's password in session data. In fact, don't store the user's password anywhere. Ever.
phphelpme
Forum Contributor
Posts: 261
Joined: Sun Nov 21, 2010 3:32 pm

Re: Successful login in php

Post by phphelpme »

Yes, I was going to say that but I suppose its not as bad as say storing in a cookie is it... lol But totally agree with you Celauran.

I would suggest generating a hash of some sort and storing this in the session with a display name etc. That way you are not storing the username or the password in sessions. You can then verify the user via the hash instead.

Best wishes
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: Successful login in php

Post by social_experiment »

Celauran wrote: and I'm surprised this hasn't already been mentioned
This type of advice (a basic login how-to) should be a sticky thread somewhere; containing do's and don'ts about login scripts; it would imo be a great help to beginners
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Post Reply