I am having a problem and so I will explain as best I can.
If the code is messed up it is because I really don't know what
I am doing.
There is a client entrance page with a list of the company names.
I set up a mysql schema for each company with individual names,
and different usernames and passwords for each company person to log in as.
This is the table:
Code: Select all
create table users (
id int not null auto_increment,
username varchar( 50 ) not null,
password varchar( 100 ) not null,
authority varchar( 10 ) not null default 'user',
primary key(id)
)
When they click on their company name they are taken to their login page
which has the form and logs them in, and will not let them log in unless they enter
the correct name and pw for that db. ( they can't log in to anyone elses company)
This is the php for one of the login pages:
Code: Select all
<?php
session_start( );
// if username and password are set and not empty then proceed with the rest of the process
if( isset( $_POST[ 'username' ] ) && isset( $_POST[ 'password' ] ) && $_POST[ 'username' ] != '' && $_POST[ 'password' ] != '' )
{
$username = $_POST['username'];
$password = $_POST['password'];
@ $db = new mysqli( 'localhost', 'root', 'rn2846', 'kdesBarrister' );
if( mysqli_connect_errno( ) )
{
echo"Connection to the database failed. Please try again later." ;
exit;
}
//checks for username and password in db table.
$results = $db->query( "select * from users where username='" . $username . "' and password = '" . $password . "'" );
//greater than zero
if( $results->num_rows > 0 )
{
$_SESSION['username'] = $username;
//redirect
header('Location:barrister.php');
}
else
{
echo 'You must be registered before you may log in.';
}
}
?>Code: Select all
<?php
include( 'sessions.php' );
show_statement( );
if (isset($_SESSION['username']))
{
echo '<br />';
echo 'You are now logged in '.$_SESSION['username'].'';
echo '<br /><br />';
}
else
{
echo 'You are not logged in.<br />';
}
?>
<form action="login_barrister.php" method="post">
<p>
Name:
<input type="text" name="username"/>
</p>
<p>
Password:
<input type="password" name="password"/>
</p>
<p>
<input type="submit" value="Log In"/>
</p>
</form>Here is the php on that page:
Code: Select all
<?php session_start( ); ?>
<?php
if (isset($_SESSION['username']))
{
echo '<p>You are logged in as '.$_SESSION['username'].'</p>';
}
else
{
echo '<p>You are not logged in.</p>';
echo '<p>Only logged in members may visit these pages.</p>';
echo '<p><a href="clients.htm">Return to Client Entrance</a><br /><br /></p>';
}
?>Code: Select all
<?php
function set_statement( $statement )
{
$_SESSION[ 'show_statement' ] = $statement;
}
function show_statement( )
{
if( isset( $_SESSION[ 'show_statement' ] ) && $_SESSION[ 'show_statement' ] != '' )
{
echo '<p id="statement">' . $_SESSION[ 'show_statement' ] . '</p>';
unset( $_SESSION[ 'show_statement' ] );
}
}
?>back to the main page with the list of companies. They can click onto
another company and it says they are logged in as _____, and lets them
go into the other companies files!!!!
What do I need to do? This is really the extent of my php understanding, ( and I don't undertstand it very well at that ) so to do things differently would
require a lot of explaining?
I so much appreciate any advice.
Renee