Page 1 of 1

Problem with die.

Posted: Fri Aug 19, 2005 9:10 am
by ianhull
Hi Guys,

I am using this code but if the username and or password is wrong it still shows the usercontent page any ideas on how I can show an un authorised message?

Thanks

Code: Select all

<?php 
include ("connect.php"); 
$sql = "SELECT companyname, firstname, lastname, email, password, ulevel FROM users WHERE firstname='$_REQUEST[fname]' AND password='$_REQUEST[pwd]'"; 

$result = mysql_query($sql) 
or die ("Couldn't select $_REQUEST[fname]"); 

echo "\n"; 

while ($line = mysql_fetch_array($result))     
      { 
      extract($line);
      } 
echo "\n"; 
$usrlevel = $ulevel; 
$adminlevel = "1"; 
if ($usrlevel == $adminlevel){ 
    echo include_once("admincontent.php"); 
} else { 
    echo include_once("usercontent.php"); 
} 
?>

Posted: Fri Aug 19, 2005 9:12 am
by raghavan20
your query will execute perfectly without any error if the syntax is valid and does not return any rows
think you shd be using (mysql_num_rows($result) > 0 )to find a match. if not, echo an error.

Posted: Fri Aug 19, 2005 9:14 am
by raghavan20
how many of you guys use a die or trigger_error in similar situations???jus curious :)

Posted: Fri Aug 19, 2005 9:16 am
by ianhull
Thanks for the advise.

I am new to all this and have not got a clue where I would put such code. can u help?

Thanks

Posted: Fri Aug 19, 2005 9:16 am
by feyd
examples here: die()
actual work, more likely to use trigger_error(), because of the massive logging system we use..

Posted: Fri Aug 19, 2005 9:33 am
by ianhull
I have changed my code to this but now I have an error.

can anyone please help?

thanks

Code: Select all

<?php 
include ("connect.php"); 
$sql = "SELECT companyname, firstname, lastname, email, password, ulevel FROM users WHERE firstname='$_REQUEST[fname]' AND password='$_REQUEST[pwd]'"; 

$result = mysql_num_rows($sql) 
or die ("Couldn't select $_REQUEST[fname]"); 

echo "\n"; 

while ($line = mysql_fetch_array($result))      
      { 
      extract($line); 
      } 
echo "\n"; 
$usrlevel = $ulevel; 
$adminlevel = "1"; 
if ($usrlevel == $adminlevel){ 
    echo include_once("admincontent.php"); 
} else { 
    echo include_once("usercontent.php"); 
} 
?>

Posted: Fri Aug 19, 2005 9:38 am
by feyd
what was the error?

Posted: Fri Aug 19, 2005 9:47 am
by ianhull
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource on line 5

Posted: Fri Aug 19, 2005 9:50 am
by feyd
you mistakenly swapped mysql_num_rows() for mysql_query() .. raghavan20 was talking about placing mysql_num_rows() down with your authentication checks.

Posted: Fri Aug 19, 2005 9:57 am
by ianhull
Thanks,

I switched it back and tried placing (mysql_num_rows($result) > 0 ) above my if else statement but no luck, it still return the usercontent page.

Any ideas how I could avoid this?

Thanks.

Code: Select all

<?php 
include ("connect.php"); 
$sql = "SELECT companyname, firstname, lastname, email, password, ulevel FROM users WHERE firstname='$_REQUEST[fname]' AND password='$_REQUEST[pwd]'"; 

$result = mysql_query($sql) 
or die ("Couldn't select $_REQUEST[fname]"); 

echo "\n"; 

while ($line = mysql_fetch_array($result))      
      { 
      extract($line); 
      } 
	  
echo "\n";
 
$usrlevel = $ulevel; 
$adminlevel = "1"; 
(mysql_num_rows($result) > 0 );
if ($usrlevel == $adminlevel){ 
    echo include_once("admincontent.php"); 
} else { 
    echo include_once("usercontent.php"); 
} 
?>

Posted: Fri Aug 19, 2005 10:08 am
by feyd

Code: Select all

if(mysql_num_rows($result) > 0 )
{
  if ($usrlevel == $adminlevel){
      echo include_once("admincontent.php");
  } else {
      echo include_once("usercontent.php");
  }
}

Posted: Fri Aug 19, 2005 4:02 pm
by ianhull
Thanks for your help but it still does not seem to work.

Here is what I am trying to achieve.

A user logs in, if the users details are in the database then redirect them to the relevant page depending on there user level.

If the details are not in the database then they are sent to a page which says unauthorised access.

Is there another way of achieving this?

Thanks.

Code: Select all

<?php 
include ("connect.php"); 
$sql = "SELECT companyname, firstname, lastname, email, password, ulevel FROM users WHERE firstname='$_REQUEST[fname]' AND password='$_REQUEST[pwd]'"; 

$result = mysql_query($sql)
 or die ("Un Authorised Access");

echo "\n"; 

while ($line = mysql_fetch_array($result))      
      { 
      extract($line); 
      } 
	  
echo "\n";
$usrlevel = $ulevel;
$adminlevel = "1"; 
{
  if ($usrlevel == $adminlevel){ 
      echo include_once("admincontent.php"); 
  } else { 
      echo include_once("usercontent.php"); 
  } 
}  

?>

Posted: Fri Aug 19, 2005 5:28 pm
by feyd
you didn't really use the code I posted. :?

Posted: Fri Aug 19, 2005 5:48 pm
by ianhull
I did i switched it back to try again.

I now have this problem.

my table column ulevel when printed returns 11 instead of 1 like it should any ideas why?

Code: Select all

<?php 
include ("connect.php"); 
$sql = "SELECT companyname, firstname, lastname, email, password, ulevel FROM users WHERE firstname='$_REQUEST[fname]' AND password='$_REQUEST[pwd]' ORDER BY companyname"; 

$r = mysql_query($sql);
if(!$r) {
$err=mysql_error();
print $err;
exit();
}
if(mysql_affected_rows()==0){
print "no such login in the system. please try again.";
exit();
}
else{
print "successfully logged into system.";
//proceed to perform website’s functionality – e.g. present information to the user
}
echo "

\n";

//-------------get each event type ------

while ($line = mysql_fetch_array($r))    
      {
      extract($line);      // extracts all line into variables with same name as fields 
      }
echo "\n";
$usrlevel = $line["ulevel"];
$adminlevel = "11"; 
{ 
  if ($usrlevel == $adminlevel){ 
      echo include_once("admincontent.php"); 
  } else { 
      echo include_once("usercontent.php"); 
  } 
}  
?>
<?php echo $ulevel ?>

Posted: Fri Aug 19, 2005 5:53 pm
by ianhull
SOLVED

Thanks for all your help.

very much appreciated.

Code: Select all

<?php 
include ("connect.php"); 
$sql = "SELECT companyname, firstname, lastname, email, password, ulevel FROM users WHERE firstname='$_REQUEST[fname]' AND password='$_REQUEST[pwd]' ORDER BY companyname"; 

$r = mysql_query($sql);
if(!$r) {
$err=mysql_error();
print $err;
exit();
}
if(mysql_affected_rows()==0){
print "no such login in the system. please try again.";
exit();
}
else{
print "successfully logged into system.";
//proceed to perform website’s functionality – e.g. present information to the user
}
echo "

\n";

//-------------get each event type ------

while ($line = mysql_fetch_array($r))    
      {
      extract($line);      // extracts all line into variables with same name as fields 
      }
echo "\n";
$usrlevel = "$ulevel";
$adminlevel = "1"; 
{ 
  if ($usrlevel == $adminlevel){ 
      echo include_once("admincontent.php"); 
  } else { 
      echo include_once("usercontent.php"); 
  } 
}  
?>
<?php echo $ulevel ?>