Redirecting

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
2bran
Forum Commoner
Posts: 38
Joined: Fri Mar 04, 2005 7:03 pm

Redirecting

Post by 2bran »

Hi guys

I hope you can help me with a little problem i've got. I have a login script thats working fine and it redirects the users to there appropriate homepages. The way the users are different is defined by there usertype which is stored in the database table 'users'. The extra bit want to add is a third user which gets redirected to there homepage. Right now theres only two different user groups admin and call center i would like to add the engineers as well.

The script below is the login script and i've added the engineeers redirect. I don't know how to add final bit. I've used a else again and thats were the error occurs. Does anyone know how 2 get the final section working

any answers would be cool

Heres the script

Code: Select all

<?php
session_start();	
include('redirect.php');
$_SESSION['UserID'] = $_POST['UserID'];	 
$UserID=$_SESSION['UserID'];
$connection = mysql_connect("", "", "");
$Usertype = mysql_query("select Usertype from users where UserID= '$UserID'");
mysql_select_db ("");
$result = mysql_query("SELECT * from users WHERE UserID='$UserID'");	
$row = mysql_fetch_assoc($result);		

if (!isset($_POST['UserID']) || !isset($_POST['Password']) || 
    $_POST['UserID']=='' || $_POST['Password']=='')
{

    echo "<center><h1>LOGIN WARNING</h1><br></center>";
    echo "<h3>You are are not an employee of S.E Services </h3><br>";
	echo "<h3>Go away</h3>";
}

elseif ($_POST['Password'] !=$row['Password'])
{
echo "<h1>You have entered the wrong password</h1>";
echo "<h1>Please re-type</h1>";
}

elseif ($row['Usertype']==0)	

{
  $_SESSION['Usertype'] = 0;


    redirect ('Administration/AdminHomepage.php');
}
	

else

{

    $_SESSION['Usertype'] = 1;


    redirect ('Call%20Center/Call%20center%20Homepage.htm');
	
	
	
}	

else //this bit doesn't work 

{

$_SESSION[['Usertype'] = 2;


    redirect ('Engineers/Engineers%20Homepage.htm');
}


?>
cheers 2branw
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

What kind of errors are you getting? Are you sure it's redirecting to the correct page?
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
2bran
Forum Commoner
Posts: 38
Joined: Fri Mar 04, 2005 7:03 pm

Post by 2bran »

the error is on line 50

something wron with the else statment
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

pickle:

Code: Select all

if()
{
}
elseif()
{
}
elseif()
{
}
else
{
}
else
{
}
;)

2bran:
look up the "switch" flow control construct.
2bran
Forum Commoner
Posts: 38
Joined: Fri Mar 04, 2005 7:03 pm

Post by 2bran »

cheers for the help mate and i managed to get it working. But another chanllange i need to overcome is using MD5 encrytion. I've been doing some and figured some stuff i don't where to put it in the script. Very confussing

Cheers
User avatar
infolock
DevNet Resident
Posts: 1708
Joined: Wed Sep 25, 2002 7:47 pm

Post by infolock »

2bran wrote:cheers for the help mate and i managed to get it working. But another chanllange i need to overcome is using MD5 encrytion. I've been doing some and figured some stuff i don't where to put it in the script. Very confussing

Cheers
care to explain the issue? md5 is pretty simple to use.. just wondering, have you checked out PHP Manual on MD5 ?
2bran
Forum Commoner
Posts: 38
Joined: Fri Mar 04, 2005 7:03 pm

Post by 2bran »

cheers for the link mate, cool reference. I've implemented into my code as below but when i try to log in it says i've entered the wrong password. lol

Do i have to something to the database table at all?

any suggestions please!

The code

Code: Select all

<?php
session_start();	
include('redirect.php');
$_SESSION['UserID'] = $_POST['UserID'];	 
$UserID=$_SESSION['UserID'];
$Password = $_POST['Password'];//the password from html form 
$md5Password = md5($Password);// encrypting it 
$connection = mysql_connect("", "", "");
$Usertype = mysql_query("select Usertype from users where UserID= '$UserID'");
mysql_select_db ("");
$result = mysql_query("SELECT * from users WHERE UserID='$UserID'");	
$row = mysql_fetch_assoc($result);		

if (!isset($_POST['UserID']) || !isset($_POST['Password']) || 
    $_POST['UserID']=='' || $_POST['Password']=='')
{

    echo "<center><h1>LOGIN WARNING</h1><br></center>";
    echo "<h3>You are are not an employee of S.E Services </h3><br>";
	echo "<h3>Go away</h3>";
}
elseif ($md5Password != $row['Password'])// checking to see if the password is correct
{
echo "<h1>You have entered the wrong password</h1>";
echo "<h1>Please re-type</h1>";
}
User avatar
infolock
DevNet Resident
Posts: 1708
Joined: Wed Sep 25, 2002 7:47 pm

Post by infolock »

well, you would actually have to of stored the password with the md5 encryption.. meaning when/if you encrypt a password with md5 and it's not in the mysql table itself encrypted, obviously it isn't gonna match..

so, you would have to do something like this when you first create the username/password for the user..

Code: Select all

$user = $_POST['user'];
$pass = $_POST['pass'];
$md5Pass = md5($pass);
$sql = mysql_query("Insert into usertablenamehere (username, password) VALUES ('".$user."', '".$md5Pass."'") or die(MySQL_Error());
and THEN grab it like this

Code: Select all

$user = $_POST['user'];
$pass = $_POST{'pass'];
$md5Pass = md5($pass);
$sql = mysql_query("Select * from usertablenamehere where username = '".$user."' and password = '".$md5Pass."'") or die (MySQL_Error());
$num = mysql_num_rows($sql);
if($num > 0)
{
   echo 'User found!';
   //do something...
}
else
{
   echo 'Incorrect Username/Password';
   exit;
}
of course this could be rewritten, but that's a down and dirty simple way to do it...


edit: or if you already have users, just grab the password, encrypt it with md5, and then update the table's password field where username = who you are wanting to change...
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

remember that MD5() requires 32 characters to be stored in SQL..
2bran
Forum Commoner
Posts: 38
Joined: Fri Mar 04, 2005 7:03 pm

Post by 2bran »

Cheers for that mate it worked just fine :D

I was just wondering do u know how to check the html form to see if the user has entered the correct information with php. I know u can use form validation with javascript but can i check when the user is entering information into the form that they've actually entered corectly with php.


cheers william
User avatar
infolock
DevNet Resident
Posts: 1708
Joined: Wed Sep 25, 2002 7:47 pm

Post by infolock »

2bran wrote:Cheers for that mate it worked just fine :D

I was just wondering do <span style='color:blue' title='ignorance is bliss'>you</span> know how to check the html form to see if the user has entered the correct information with php. I know <span style='color:blue' title='ignorance is bliss'>you</span> can use form validation with javascript but can i check when the user is entering information into the form that they've actually entered corectly with php.


cheers william
i'm sorry... i don't quite understand what you are tryng to ask? :?
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

you would run a query to see if the user exists in the database

Code: Select all

$result = mysql_query("SELECT * FROM `users` WHERE `uname` = '".$_POST['uname']."' AND `password` = '".md5($_POST['upass'])."' LIMIT 1");

if (mysql_num_rows($result) > 0)
{
     //user is logged in
     //set some flag so you know the user is logged in
}
else
{
     //show error
}
Note: you should sanitsize your post variables
2bran
Forum Commoner
Posts: 38
Joined: Fri Mar 04, 2005 7:03 pm

Post by 2bran »

in the following script i would like to check if the user has entered a UserID with an elseif statement. But it comes up with error on the elseif line.

any suggestions?

Code: Select all

<?PHP 
if (isset ($_POST['UserID']))
{
$UserID= $_POST['UserID'];
$Password = $_POST['Password'];
$md5Password = md5($Password);
$Name = $_POST['Name'];
$VanNo= $_POST['VanNo'];
$MobileNo= $_POST['MobileNo'];
$Email= $_POST['Email'];
$Usertype= $_POST['Usertype'];

$connection= mysql_connect("", "", "");

mysql_select_db ('');

$result = mysql_query ("INSERT INTO users values ('$UserID', '$md5Password', '$Name', '$VanNo', '$MobileNo', '$Email', '$Usertype')")or die(mysql_error());



mysql_close($connection);





}
 
elseif

{
echo "You have not entered a UserID please reenter";
}






	





?>
User avatar
infolock
DevNet Resident
Posts: 1708
Joined: Wed Sep 25, 2002 7:47 pm

Post by infolock »

i added the table fields in the query as well...


anyways, try this :

Code: Select all

<?PHP 
if (!isset($_POST['UserID']) || !isset($_POST['Password']))
{
	echo "You have not entered a UserID/Password <br /> Please Reenter";
	exit;
}

$UserID= $_POST['UserID'];
$Password = $_POST['Password'];
$md5Password = md5($Password);
$Name = $_POST['Name'];
$VanNo= $_POST['VanNo'];
$MobileNo= $_POST['MobileNo'];
$Email= $_POST['Email'];
$Usertype= $_POST['Usertype'];

$connection= mysql_connect("", "", "");
mysql_select_db ('',$connection); //Forgot the $conn here...
$result = mysql_query ("INSERT INTO users (username, password, name, vanno, mobileno, email, usertype) values ('$UserID', '$md5Password', '$Name', '$VanNo', '$MobileNo', '$Email', '$Usertype')", $connection)or die(mysql_error()); //forgot it here too...
mysql_close($connection);
?>
2bran
Forum Commoner
Posts: 38
Joined: Fri Mar 04, 2005 7:03 pm

Post by 2bran »

Yeah i tried it and no errors appear but unfortunatly the echoed message appears striaght away when the page gets loaded up. I would like the echo message only to appear if the user hasn't entered the information.

any suggestions
Post Reply