PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
I am using this code but if the username and or password is wrong it still shows the usercontent page any ideas on how I can show an un authorised message?
your query will execute perfectly without any error if the syntax is valid and does not return any rows
think you shd be using (mysql_num_rows($result) > 0 )to find a match. if not, echo an error.
you mistakenly swapped mysql_num_rows() for mysql_query() .. raghavan20 was talking about placing mysql_num_rows() down with your authentication checks.
<?php
include ("connect.php");
$sql = "SELECT companyname, firstname, lastname, email, password, ulevel FROM users WHERE firstname='$_REQUEST[fname]' AND password='$_REQUEST[pwd]' ORDER BY companyname";
$r = mysql_query($sql);
if(!$r) {
$err=mysql_error();
print $err;
exit();
}
if(mysql_affected_rows()==0){
print "no such login in the system. please try again.";
exit();
}
else{
print "successfully logged into system.";
//proceed to perform website’s functionality – e.g. present information to the user
}
echo "
\n";
//-------------get each event type ------
while ($line = mysql_fetch_array($r))
{
extract($line); // extracts all line into variables with same name as fields
}
echo "\n";
$usrlevel = $line["ulevel"];
$adminlevel = "11";
{
if ($usrlevel == $adminlevel){
echo include_once("admincontent.php");
} else {
echo include_once("usercontent.php");
}
}
?>
<?php echo $ulevel ?>
<?php
include ("connect.php");
$sql = "SELECT companyname, firstname, lastname, email, password, ulevel FROM users WHERE firstname='$_REQUEST[fname]' AND password='$_REQUEST[pwd]' ORDER BY companyname";
$r = mysql_query($sql);
if(!$r) {
$err=mysql_error();
print $err;
exit();
}
if(mysql_affected_rows()==0){
print "no such login in the system. please try again.";
exit();
}
else{
print "successfully logged into system.";
//proceed to perform website’s functionality – e.g. present information to the user
}
echo "
\n";
//-------------get each event type ------
while ($line = mysql_fetch_array($r))
{
extract($line); // extracts all line into variables with same name as fields
}
echo "\n";
$usrlevel = "$ulevel";
$adminlevel = "1";
{
if ($usrlevel == $adminlevel){
echo include_once("admincontent.php");
} else {
echo include_once("usercontent.php");
}
}
?>
<?php echo $ulevel ?>