0

I have tried different ways but still can't work it out. The first page that loads is two buttons - either Register or Login. When the person logins in they are assigned to either Status 1 (normal user), or Status 2 (admin). I am trying to link the login page to a menu depending on the user's status. Admin and normal users will have different menus. The code doesn't seem to work and all it does is echo the status. I am using PHP. To login in the user must enter two fields --> their "Username" - $un and "Password" - $pw. Status = $st

Here is my code on my process_user_login:

<?php
session_start();
?>
<!DOCTYPE HTML>    
<html>
<head>
    <meta charset="utf-8">
    <title>
        Untitled Document
    </title>
</head>
<body>

<?php
$un = $_POST['Username'];
$pw = $_POST['Password'];
$st = $_POST['Status'];
echo $un;
echo $pw;
echo $st;

//code to populate user table goes here
mysql_connect("localhost", "****", "*****") or die(mysql_error());
mysql_select_db("database name***") or die(mysql_error());
//Find user details from User table using the username entered and comparing the entered password with the one retrieved form the user table
$result = mysql_query(  "SELECT Username, Password, Status
                         FROM User
                         WHERE Username = '$un' ");
                         echo "Successfully Logged In" 
              or die(mysql_error());
      while ($row = mysql_fetch_array($result)) {
        //Print out the contents of each row into a table
        $stored_password = $row['Password'];
        if ($stored_password == sha1($pw)){
        echo "Stored Username is ". $row['Username'];
        echo "<br />";
        echo "Stored Status is ". $row['Status'];
        echo "<br />";

}

else{ 
    echo " Incorrect password - ";
    echo "<a href= '****myurl****'> Please try again</a>";
}
}
?>

<?php
echo "<link href='user_login.css' rel='stylesheet' type='text/css'/>";
?>

I would really appreciate it if I could get some help and if you can also tell me where I should put it, that would be even better.

Thank you to everyone that helps!

Veej
  • 19
  • 7
  • `if ($status == ADMIN_STATUS) { // Show admin link here. } else { // Other links. }`? Also no need to `echo` out all the HTML like the stylesheet. – Script47 Oct 24 '15 at 12:09

1 Answers1

0

1- First of all, I don't think you should be using $_POST for their status. Surely you want to get from the database the status of the individual. Otherwise you are allowing the user to pick their own status?

2- Secondly use mysqli_ or pdo as apposed to deprecated mysql_

check protection against sql injection

There are a few ways you could do this. Here's what I'd do.

3- I'd check the database for the individual so something on the lines of:

   $check = $conn->query("SELECT * FROM users WHERE username = '$un'");
        $row = $check->fetch_assoc();

4- Then i'd get the feild corresponding to the users status so:

$status= $row['status'];

5- Then I'd set up an if statement such as:

if($status == 1){
    $isAdmin ="link_to_admin_page";
    //$isAdminStr ="Admin Page";
}
else
    $isAdmin ="link_to_other_page";
    //$isAdminStr ="User Page";

You could also add the string of the link into the if statement, so when the user sees the link it would either say admin page or user page. I've commented that bit out in the above if statement

6- Then you can echo out the variables to display what you need

Community
  • 1
  • 1
Small Legend
  • 733
  • 1
  • 6
  • 20