Thats why I have the accesslevel field, also the reason for having that field is so when a user logins if they have access to level 1 the script directs them to /members/index.php if they have access to level 2 the script directs them to /managers/index.php and so on. Now the error Im having is: When trying to login using the login it is saying
"Your Account is Not Activated" (when the account is activated)
I think its a problem with the login script, does anyone see any errors?
Code: Select all
<?php
$con = mysql_connect("*****","****","****") or die('Could not connect: ' . mysql_error());
mysql_select_db("login", $con);
session_start();
if(!$_POST['submit']){
echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\">\n";
echo "<form method=\"post\" action=\"login.php\">\n";
echo "<tr><td>Username</td><td><input type=\"text\" name=\"username\"></td></tr>\n";
echo "<tr><td>Password</td><td><input type=\"password\" name=\"password\"></td></tr>\n";
echo "<tr><td colspan=\"2\" align=\"right\"><input type=\"submit\" value=\"Login\" name=\"submit\"></td></tr>\n";
echo "</form></table>\n";
}else {
$user = mysql_real_escape_string(trim($_POST['username']));
$pass = mysql_real_escape_string(trim($_POST['password']));
$errors = array();
if(!$user){
$errors[] = "You did not supply a username!";
}else {
if(!$pass){
$errors[] = "You did not supply a password!";
}else {
$sql = "SELECT count(*) FROM `users` WHERE `uid`='".$uid."'";
$res = mysql_query($sql) or die(mysql_error());
if(mysql_num_rows($res) == 0){
$errors[] = "Username does not exist!";
}else {
$sql2 = "SELECT uid,activated,accesslevel FROM `users` WHERE `uid`='".$user."' AND `pass`='".md5($pass)."'";
$res2 = mysql_query($sql2) or die(mysql_error());
if(mysql_num_rows($res) == 0){
$errors[] = "Incorrect username and password combination!";
}else {
$row = mysql_fetch_assoc($res2);
if($row['activated'] == 0){
$errors[] = "Your account is not activated!";
}
}
}
}
}
if(count($errors) > 0){
foreach($errors AS $error){
echo $error . "<br>\n";
}
}else {
$_SESSION['uid'] = $row['id'];
switch($row['accesslevel']){
case 1:
header("Location: /members/index.php");
break;
case 2:
header("Location: /admin/index.php");
break;
case 3:
header("Location: /manager/index.php");
break;
default:
header("Location: /directors/index.php");
}
}
}
?>