Page 1 of 1

login problem

Posted: Wed Aug 13, 2008 8:25 pm
by oneyani
i want to ask bout my login script
sometimes i can login..but sometimes its appear error login
here is my script
o<?php

include('connection/decl.php');
include('connection/atr.php');


session_start();
{

//".md5($_POST['user_password'])."'

$usrname=$_POST['username'];
$passwrd=$_POST['password'];



$username=mysql_query("SELECT username FROM $tbl5 WHERE username='$usrname' AND password='$passwrd'");
$username_ar=mysql_fetch_array($username);

$password=mysql_query("SELECT password FROM $tbl5 WHERE username='$usrname' AND password='$passwrd'");
$password_ar=mysql_fetch_array($password);

$designation=mysql_query("SELECT designation FROM $tbl5 WHERE username='$usrname' AND password='$passwrd'");
$designation_ar=mysql_fetch_array($designation);

$level=mysql_query("SELECT level FROM $tbl5 WHERE username='$usrname' AND password='$passwrd'");
$level_ar=mysql_fetch_array($level);

//$name=mysql_query("SELECT name FROM $tbl5 WHERE username='$usrname' AND password='$passwrd'");
//$name_ar=mysql_fetch_array($name);

$idStaffS=mysql_query("SELECT idStaff FROM $tbl5 WHERE username='$usrname' AND password='$passwrd'");
$idStaff_ar=mysql_fetch_array($idStaffS);

//$codeCompany=mysql_query("SELECT codecat FROM $tbl5 WHERE username='$usrname' AND password='$passwrd'");
//$codeCompany_ar=mysql_fetch_array($codeCompany);


if($designation_ar['designation'] == "$designation1")
{
header('Location:spadmin/index.php');
//echo $mainSprAdmin;
}
if($designation_ar['designation'] == "$designation2")
{
header('Location:admin/index.php');
}

if($designation_ar['designation'] == "$designation3")
{
header('Location:staff/index.php');

}
if($designation_ar['designation'] == "$designation4")
{
header('Location:cust/index.php');

}

else {
echo "<meta http-equiv=\"refresh\" content=\"0; URL=mesej.php?msg=ralatLogin\">";


}



$username=$_POST['username'];

$username=$username_ar['username'];

$designation=$designation_ar['designation'];
//$codeCompany=$codeCompany_ar['codecat'];
$idStaffS=$idStaff_ar['idStaff'];

$name=$name_ar['name'];
$level=$level_ar['level'];

session_register('username');
session_register('designation');
//session_register('name');
session_register('level');
session_register('idStaffS');
//session_register('codeCompany');


//

}
?>

Re: login problem

Posted: Wed Aug 13, 2008 8:53 pm
by omniuni
Can you please put [ code ] tags around the PHP? It will make it easier to follow.

A quick glance makes me wonder, first, whether some of those lines could be combined to grab the value you need directly out of the returned array, and also that I usually store session values by simply doing $_SESSION['key'] = "blah";

Also, should you not retrieve your username and password BEFORE you check/authenticate them? I might be reading your code wrong, though...

Good Luck,
OmniUni

Re: login problem

Posted: Thu Aug 14, 2008 1:00 am
by eskio
Hi,

Instead of fetching (writing a query) for each variable, you can do it like

Code: Select all

$query = "SELECT *  FROM $tbl5
    WHERE WHERE username='".mysql_real_escape_string($usrname)."' 
    AND password='".mysql_real_escape_string($passwrd)."'";     
$result = @mysql_query($query) or die("Error: ".mysql_error());
$nbrows = @mysql_num_rows($result);  // count rows - number of rows
if ($nbrows == 0) {print  'There is no data';}
if ($nbrows> 0) { // if data exists 
while ($rowdata = @mysql_fetch_array($result)) {
    $username = $rowdata['username'];
    $password = $rowdata['password'];
    .......................
    ........................
} // while ($rowdata = @mysql_fetch_array($result))
} // f ($nbrows> 0)

Re: login problem

Posted: Thu Aug 14, 2008 1:29 am
by oneyani
u mean by replaces this script?

$username=mysql_query("SELECT username FROM $tbl5 WHERE username='$usrname' AND password='$passwrd'");
$username_ar=mysql_fetch_array($username);

$password=mysql_query("SELECT password FROM $tbl5 WHERE username='$usrname' AND password='$passwrd'");
$password_ar=mysql_fetch_array($password);

$designation=mysql_query("SELECT designation FROM $tbl5 WHERE username='$usrname' AND password='$passwrd'");
$designation_ar=mysql_fetch_array($designation);

$level=mysql_query("SELECT level FROM $tbl5 WHERE username='$usrname' AND password='$passwrd'");
$level_ar=mysql_fetch_array($level);

//$name=mysql_query("SELECT name FROM $tbl5 WHERE username='$usrname' AND
password='$passwrd'");
//$name_ar=mysql_fetch_array($name);

$idStaffS=mysql_query("SELECT idStaff FROM $tbl5 WHERE username='$usrname' AND password='$passwrd'");
$idStaff_ar=mysql_fetch_array($idStaffS);

//$codeCompany=mysql_query("SELECT codecat FROM $tbl5 WHERE username='$usrname' AND password='$passwrd'");
//$codeCompany_ar=mysql_fetch_array($codeCompany);



sory..how to make a page(script) with lines

Re: login problem

Posted: Thu Aug 14, 2008 6:21 am
by eskio
Replace this script
$username=mysql_query("SELECT username FROM $tbl5 WHERE username='$usrname' AND password='$passwrd'");
$username_ar=mysql_fetch_array($username);
$password=mysql_query("SELECT password FROM $tbl5 WHERE username='$usrname' AND password='$passwrd'");
$password_ar=mysql_fetch_array($password);
$designation=mysql_query("SELECT designation FROM $tbl5 WHERE username='$usrname' AND password='$passwrd'");
$designation_ar=mysql_fetch_array($designation);
$level=mysql_query("SELECT level FROM $tbl5 WHERE username='$usrname' AND password='$passwrd'");
$level_ar=mysql_fetch_array($level);
//$name=mysql_query("SELECT name FROM $tbl5 WHERE username='$usrname' AND password='$passwrd'");
//$name_ar=mysql_fetch_array($name);
$idStaffS=mysql_query("SELECT idStaff FROM $tbl5 WHERE username='$usrname' AND password='$passwrd'");
$idStaff_ar=mysql_fetch_array($idStaffS);
//$codeCompany=mysql_query("SELECT codecat FROM $tbl5 WHERE username='$usrname' AND password='$passwrd'");
//$codeCompany_ar=mysql_fetch_array($codeCompany);
with this one

Code: Select all

$query = "SELECT *  FROM $tbl5
    WHERE WHERE username='".mysql_real_escape_string($usrname)."'
    AND password='".mysql_real_escape_string($passwrd)."'";     
$result = @mysql_query($query) or die("Error: ".mysql_error());
$nbrows = @mysql_num_rows($result);  // count rows - number of rows
if ($nbrows == 0) {print  'There is no data';}
if ($nbrows> 0) { // if data exists
while ($rowdata = @mysql_fetch_array($result)) {
    $username = $rowdata['username'];
    $password = $rowdata['password'];
    $designation = $rowdata['designation'];
    $level = $rowdata['level'];
    $name = $rowdata['name'];
    $idStaff = $rowdata['idStaff'];   
} // while ($rowdata = @mysql_fetch_array($result))
} // if ($nbrows> 0)
how to make a page(script) with lines
You just select the text and click Code button on the top