Page 1 of 1

hi please help

Posted: Wed Apr 19, 2006 11:11 am
by reecec
Hi

i hope someone can help

i need it so when you login in you get the continue link that links to the page that the sql table tells it to

so it gets data out of my priv coloum that stores the url eg. admin.php




i change things and get an error every time normaly different i hope some on can just see the problem its fine when i take out all the priv stuff and just give it the link to go to but it just can get it out of the database i think


sorry to be a pain

Code: Select all

<?php 

// Connect to the database
mysql_connect($server,$dbuser,$dbpass) or die ("Could not establish connection"); // make connection
mysql_select_db($dbname); // select database


// convert posted info to easy to use variables
$user = $_REQUEST['username'];
$pass = $_REQUEST['password'];

// strip away any dangerous tags
$user=strip_tags($user);
$pass=strip_tags($pass);

// remove spaces from variables
$user=str_replace(" ","",$user);
$pass=str_replace(" ","",$pass);

// remove escaped spaces
$user=str_replace("%20","",$user);
$pass=str_replace("%20","",$pass);

// add slashes to stop hacking
$user=addslashes($user);
$pass=addslashes($pass);

// hash password into md5 (random 32 characters - md5)
$pass=md5($pass);

// search database to check for user
$request = "SELECT * FROM $dbtable WHERE password ='".$pass."' AND username='".$user."'";

// hand over the request
$results = mysql_query($request);

// hand over the request
$results = mysql_query($request);

// if mysql returns any number of rows great than 0 then there is a succesful login
(mysql_num_rows($query) == 1)
{
// get information on user
$query= "SELECT `user`, `priv` FROM `$dbtable` WHERE username='".$user."' LIMIT 1";
$rs = mysql_query($query);
$result = mysql_fetch_array($rs);
$userid = $result['userid'];
$priv = $result['priv'];

$html_user = htmlentities($user);
setcookie('userid', $userid, time() + 3600, '/', '', 0);
echo "You have successfuly loged in! Welcome, $html_user .<br><br><a href=\"$priv\">Continue...</a>";
}


else // only happens if not a succesful username and password match

{
// login failed so display error message and kill script
die("Username and passwords do not match our records<br><br><a href=\"login.htm\">Click to retry ?");
}

?>

thanks hope someone can help


http://www.rjcdesigns.co.uk

Posted: Wed Apr 19, 2006 11:23 am
by feyd
what's the error you are getting?
[url=http://forums.devnetwork.net/viewtopic.php?t=30037]Forum Rules[/url] Section 1.1 wrote:2. Use descriptive subjects when you start a new thread. Vague titles such as "Help!", "Why?" are misleading and keep you from receiving an answer to your question.