Page 1 of 1

PHP Login Validator/Redirect Script ( full source included )

Posted: Wed Oct 16, 2002 5:59 pm
by infolock
Reciently, as most you know, I had a small problem with setting up a login/password script for use on my local intranet at home. After much help with the posters here on the boards, my problems I was expierienced were resolved, which left me with a working login/password validator that I found on phpbuilder.net

However, I have revised that script, and now have a suped up version of it.

This code was originally written by Matt Slavin ( Email At neophite17@hotmail.com ), and revised/updated by me.

His original code merely checked to see if a username/password was correct in a specified MySQL database. What I wanted to do, was get to distinguish what type of user it was, and according to that user access level, redirect them to the appropriate page ( ie, if it's an admin logging in, redirect them to the admin page, and if it's a regular user, then redirect them to the regular user pages ).

So, here we go!

First of all, you will need to create a MySQL database, and table, with the fields username, password, type.

I have destinguished an Admin with a type of 1, and a regular user with a type of 2.

Here, is the code.


First, you will need a page that asks the user to enter a username/password ( this was the easiest way for me ).

here the layout of the login/password page ( index.php ):

Code: Select all

<html> 
<head><title>Please Login</title></head> 
<body> 
<form action="login.php" method="post"> 
Username: <input type="text" name="username"><br> 
Password: <input type="password" name="password"><br> 
<input type="submit" name="buttonSelection" value="Login"> 
</form> 
</body> 
</html>

Here is the code for the login.php page :

Code: Select all

if(!isset($_POST&#1111;'username']) || !isset($_POST&#1111;'password'])) &#123;  
       print 'Please Retry your UserName/Password'; 
       exit(); 
&#125; 

/*First, we connect to MySQL, using the hostname of where mysql is located ( in this case 
Localhost ), the Username to log into MySQL, ( in this case, myusername ), and the Password. */


mysql_connect("localhost","myusername","mypassword") or die("Could not connect to MySQL!!"); 

// Select the name of the database we are going to use ( in this case, auth ) 

mysql_select_db("auth") or die("Could not connect to auth Database!");  

//Create a variable that we will use to be queried in MySQL

$sql = "select * from info where password='&#123;$_POST&#1111;'password']&#125;' and 
username='&#123;$_POST&#1111;'username']&#125;' and type=1"; 

//Query the above statement.
$result = mysql_query($sql) or die("Could not query table userinfo!!"); 

//Look to see if we found any rows.
$num = mysql_numrows($result); 

// If we found a row, then the username/password must be correct.
// If this is an admin, we redirect them to the admin page.
if ($num == "1")
&#123;
          print ("Logged in okay"); 
          header("Location: http://localhost/testdir/admin.php"); 
          exit; 				
&#125;

// If we didn't return a row for $num, then check to see if it's a regular user.

// connect to the database, now using the type of 2, for a regular user.
$sql = "select * from info where password='&#123;$_POST&#1111;'password']&#125;' and username='&#123;$_POST&#1111;'username']&#125;' and type=2"; 

//Query the above statement in the table.
$result2 = mysql_query($sql2) or die("Could not query table userinfo!!"); 

// check to see if there are any rows.
$num2 = mysql_numrows($result2); 


/*

if we find rows, then obviously the user is there.

if $num2 has a row, then this is a guest user, and so we redirect them to the correct page.

*/

if ($num2 == "1")
&#123;
          print ("Logged in okay"); 
          header("Location: http://localhost/testdir/admin.htm"); 
          exit; 				
&#125;

// if both rows fail to produce values, then we tell them incorrect username/password..
if ($num == "0" && $num2 == "0") // End of new lines
&#123; 
          print ("Username/Password Incorrect"); 
&#125;