PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
No matter what I input I am always getting authed...
To my understanding my query statement checks to see if there is a matching username and password in the same row and if there isnt the script is exited... (stopped on that line)..
mysql_query always returns a value, it doesn't return any results. So try:
$result = @mysql_query("SELECT * FROM user WHERE email='$email' && password='$password'") or die(mysql_error());
if(!mysql_num_rows($result)){
die('Invalid username and/or password');
}
Yeah, die() is just like exit() but you can specify a message.
Not sure why it's not working, but just to be sure it's not a stray authed session from a previous attempt you should close the browser and retry it.
Depends, a header can go anywhere before output is sent, that could be at the bottom of a script if you want.
If you're going to do a header("Location: foo.php"); then there's no reason to have output before it, so it can go anywhere (before output).
<?php
<? session_start();
include('inc/connect.php');
?> <link href="inc/css.css" rel="stylesheet" type="text/css"> <?
if ($_SESSION['userlvl']=='admin')
{
header('Location: adminpanel.php');
}elseif ($_SESSION['userlvl']=='customer'){
header('Location: userpanel.php');
}
if ($_SESSION['auth'] != 'authed')
{
$login='1';
include ('form.php');
}
if (isset($_POST['submit']))
{
$email = $_POST['email'];
$password = $_POST['password'];
$result = @mysql_query("SELECT * FROM user WHERE email='$email' && password='$password'") or die(mysql_error());
if(!mysql_num_rows($result))
{
die('Invalid username and/or password');
}else{
$row = mysql_fetch_array($result);
$userlevel = $row['userlevel'];
$_SESSION['auth'] = 'authed';
$_SESSION['userlvl'] = $userlevel
}
} // line 37
?>
?>
This is what I'm ending up with but I'm getting unexpected } on line 37 but even if I remove it, add another or anything always getting that error... I'm boggled.
$_SESSION['userlvl'] = $userlevel <-- missing the ;
Also the <link href="inc/css.css" rel="stylesheet" type="text/css"> would be classed as output so the headers would fail. You should move that line down past the point where you no longer want to redirect.