PHP Login Validator/Redirect Script ( full source included )
Posted: Wed Oct 16, 2002 5:59 pm
Reciently, as most you know, I had a small problem with setting up a login/password script for use on my local intranet at home. After much help with the posters here on the boards, my problems I was expierienced were resolved, which left me with a working login/password validator that I found on phpbuilder.net
However, I have revised that script, and now have a suped up version of it.
This code was originally written by Matt Slavin ( Email At neophite17@hotmail.com ), and revised/updated by me.
His original code merely checked to see if a username/password was correct in a specified MySQL database. What I wanted to do, was get to distinguish what type of user it was, and according to that user access level, redirect them to the appropriate page ( ie, if it's an admin logging in, redirect them to the admin page, and if it's a regular user, then redirect them to the regular user pages ).
So, here we go!
First of all, you will need to create a MySQL database, and table, with the fields username, password, type.
I have destinguished an Admin with a type of 1, and a regular user with a type of 2.
Here, is the code.
First, you will need a page that asks the user to enter a username/password ( this was the easiest way for me ).
here the layout of the login/password page ( index.php ):
Here is the code for the login.php page :
However, I have revised that script, and now have a suped up version of it.
This code was originally written by Matt Slavin ( Email At neophite17@hotmail.com ), and revised/updated by me.
His original code merely checked to see if a username/password was correct in a specified MySQL database. What I wanted to do, was get to distinguish what type of user it was, and according to that user access level, redirect them to the appropriate page ( ie, if it's an admin logging in, redirect them to the admin page, and if it's a regular user, then redirect them to the regular user pages ).
So, here we go!
First of all, you will need to create a MySQL database, and table, with the fields username, password, type.
I have destinguished an Admin with a type of 1, and a regular user with a type of 2.
Here, is the code.
First, you will need a page that asks the user to enter a username/password ( this was the easiest way for me ).
here the layout of the login/password page ( index.php ):
Code: Select all
<html>
<head><title>Please Login</title></head>
<body>
<form action="login.php" method="post">
Username: <input type="text" name="username"><br>
Password: <input type="password" name="password"><br>
<input type="submit" name="buttonSelection" value="Login">
</form>
</body>
</html>Here is the code for the login.php page :
Code: Select all
if(!isset($_POSTї'username']) || !isset($_POSTї'password'])) {
print 'Please Retry your UserName/Password';
exit();
}
/*First, we connect to MySQL, using the hostname of where mysql is located ( in this case
Localhost ), the Username to log into MySQL, ( in this case, myusername ), and the Password. */
mysql_connect("localhost","myusername","mypassword") or die("Could not connect to MySQL!!");
// Select the name of the database we are going to use ( in this case, auth )
mysql_select_db("auth") or die("Could not connect to auth Database!");
//Create a variable that we will use to be queried in MySQL
$sql = "select * from info where password='{$_POSTї'password']}' and
username='{$_POSTї'username']}' and type=1";
//Query the above statement.
$result = mysql_query($sql) or die("Could not query table userinfo!!");
//Look to see if we found any rows.
$num = mysql_numrows($result);
// If we found a row, then the username/password must be correct.
// If this is an admin, we redirect them to the admin page.
if ($num == "1")
{
print ("Logged in okay");
header("Location: http://localhost/testdir/admin.php");
exit;
}
// If we didn't return a row for $num, then check to see if it's a regular user.
// connect to the database, now using the type of 2, for a regular user.
$sql = "select * from info where password='{$_POSTї'password']}' and username='{$_POSTї'username']}' and type=2";
//Query the above statement in the table.
$result2 = mysql_query($sql2) or die("Could not query table userinfo!!");
// check to see if there are any rows.
$num2 = mysql_numrows($result2);
/*
if we find rows, then obviously the user is there.
if $num2 has a row, then this is a guest user, and so we redirect them to the correct page.
*/
if ($num2 == "1")
{
print ("Logged in okay");
header("Location: http://localhost/testdir/admin.htm");
exit;
}
// if both rows fail to produce values, then we tell them incorrect username/password..
if ($num == "0" && $num2 == "0") // End of new lines
{
print ("Username/Password Incorrect");
}