PHP Login redirect help
- Thread starter Django x2
- Start date
Associate
- Joined
- 13 Aug 2005
- Posts
- 68
Yep agree with SMB30, post it up, must be a typo or summin somewhere.
Sorted, I manned up and started again as I really need to grasp this myself now.
Here's the code I'm using. Please let me know if it can be improved:
Here's the code I'm using. Please let me know if it can be improved:
PHP:
<?php
session_start();
require_once('includes/config.php');
if(isset($_POST['submitted'])) {
require_once('includes/classes/class.wc_validation.php');
$form = new wc_validation();
$form->Text($_POST['username'],'UserName',false,0,50);
$form->Text($_POST['password'],'Password',true);
if (!$form->hasErrors){
/* There are no issues with the form with regards to not being empty etc so now go through to processing the sql requests to check if user is on the system */
$sql = "SELECT * FROM users WHERE username = '" . $form->formData['UserName'] . "' ";
if (!$result = $db->Select($sql)){
/* it seems that username doesnt exist in the datbase so take them back to the login form letting them know this, by adding a error message to the from object we
currently have
and outputting it on the page */
$form->addError('UserName','The username you entered doesnt appear to exist in our system please double check you have entered it correctly and try again');
} else {
/* so the username exists lets now check that the password is correct */
$sql = "SELECT * FROM users WHERE username = '" . $form->formData['UserName'] . "' AND password = '" . md5($form->formData['Password']) . "' LIMIT 1";
if (!$result = $db->Select($sql)){
/* it seems that the username is incorrect so back to the login screen telling them that the password is incorrect
you can change the messages if you want to */
$form->addError('Password','The password doesnt match with the credentials we have on the system please try again');
} else {
/* they have used the correct details and now can be redirected to the appropriate areas if they are admin or not. */
if ($result[0]['admin'] == '0'){
#redirect to non admin page but first store info into a session
$_SESSION['user']['username'] = $result['username'];
$_SESSION['user']['level'] = $result['admin'];
header('Location: normal.php');
}else {
#redirect to admin page
$_SESSION['user']['username'] = $result['username'];
$_SESSION['user']['level'] = $result['admin'];
header('Location: admin.php');
}
}
}
}
}
?>
Last edited:
Yep, Both good suggestions, Reply with "Your username/password combination is incorrect" or similar.
Also, get into practice of exit; after a header();
I was taught it's good practice, and can stop scripts passing along incase of a server error. Other than that, indentation is good, keep up with the comments, you'll regret it if you dont.
S
Also, get into practice of exit; after a header();
I was taught it's good practice, and can stop scripts passing along incase of a server error. Other than that, indentation is good, keep up with the comments, you'll regret it if you dont.
S
