PHP Login Page help

Soldato
Joined
30 Nov 2006
Posts
3,174
Hi Guys, I'm having some trouble with a login page I'm trying to make. What I have is a mysql DB which stores usernames/passwords from a registration page I have made. This DB automatically sets a field called 'AdminLevel' to 0. What I want to do is have it so that users with level 0 go to one page, level 3 another, and level 5 another. What I have currently is

Code:
?php 
// Connects to your Database 
mysql_connect("localhost", "stuff", "stuff") or die(mysql_error()); 
mysql_select_db("stuff") or die(mysql_error()); 

//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site']))

//if there is, it logs you in and directes you to the members page
{ 
$username = $_COOKIE['ID_my_site']; 
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check )) 
{
if ($pass != $info['password']) 
{
}
else
{
header("Location: members.php");

}
}
}

//if the login form is submitted
if (isset($_POST['submit'])) { // if form has been submitted

// makes sure they filled it in
if(!$_POST['username'] | !$_POST['pass']) {
die('You did not fill in a required field.');
}
// checks it against the database

if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>');
}
while($info = mysql_fetch_array( $check )) 
{
$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);

//gives error if the password is wrong
if ($_POST['pass'] != $info['password']) {
die('Incorrect password, please try again.');
}
else 
{ 

// if login is ok then we add a cookie 
$_POST['username'] = stripslashes($_POST['username']); 
$hour = time() + 3600; 
setcookie(ID_my_site, $_POST['username'], $hour); 
setcookie(Key_my_site, $_POST['pass'], $hour); 
setcookie(Admin_my_site, $_POST['AdminLevel'], $hour);

[COLOR="red"]if ($_POST['AdminLevel'] == 0)
{
header("Location: register.php");
}
else
{
if ($_POST['AdminLevel'] == 3)
{
header("Location: members.php");
}
else
{
if ($_POST['AdminLevel']==5)
{
header("Location: members1.php");
}
else
{
header("Location: members.php");
}
}
} 
} 
} 
}[/COLOR]
else 
{ 

// if they are not logged in 
?> 
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> 
<table border="0"> 
<tr><td colspan=2><h1>Login</h1></td></tr> 
<tr><td>Username:</td><td> 
<input type="text" name="username" maxlength="40"> 
</td></tr> 
<tr><td>Password:</td><td> 
<input type="password" name="pass" maxlength="50"> 
</td></tr> 
<tr><td colspan="2" align="right"> 
<input type="submit" name="submit" value="Login"> 
</td></tr> 
</table> 
</form> 
<?php 
} 

?>

At the moment this isn't working. It appears to be skipping the if ($_POST['AdminLevel'] == 0) etc clauses and running the final else instead. I'm probably doing this a bad way, but if someone could help me get this working I'd really appreciate it.

The main bit I'm having problems with is in red.
 
It's hard to tell from that code, but if 'AdminLevel' is a field in the database, why are you using $_POST['AdminLevel'] instead of $info['AdminLevel'] since you're using $info as the database information array.

Also, do you mean it's skipping to the final else as in, the redirect to members.php, or it's showing the form again?
 
Back
Top Bottom