Thanks a lot for ur reply, i am struggling very much from this issue,
but still i have doubt, and i.e not cleared, below i sending my script please
have a look, I will explain the script logic how the control is going.
once user enters username and password, then that values will compare with the database tables, if username is valid then it will create one session variable,
once session variable is set then that page is redirecting to index.php
index.php contains and header.php and footer.php
so, my question is where i have to put header information(i.e. redirection page).
-
<?php
-
session_start();
-
-
include_once("functions.php");
-
$cxn = connect_to_db("vars.php");
-
?>
-
<html>
-
<head>
-
<script language='javascript'>
-
function load() {
-
var formObj = document.loginFrm.username;
-
formObj.focus();
-
}
-
</script>
-
<title>Phoenix HR Solutions Login page</title>
-
<link rel="stylesheet" href="style.css">
-
</head>
-
<body background=back.gif onload='load();'>
-
<?php
-
#echo date("d/m/Y");
-
function confirmUser($username,$password)
-
{
-
-
#$query = "Select username, password from Users where username='$username' and password='$password'";
-
-
$query = "Select Name, Confm_Passwd from Recruiter_Profile where Name='$username' and Confm_Passwd ='$password'";
-
-
-
#echo $query;
-
-
$result = mysql_query($query) or die("Cannot execute the query");
-
#echo $result;
-
$row = mysql_num_rows($result);
-
-
#echo $row;
-
if(mysql_num_rows($result) != 1)
-
-
return false; // 1 username exists
-
-
else
-
-
return true;
-
-
}
-
?>
-
<table bgcolor="#EDEDED" align="center" width=800 height=600 border=0 >
-
<tr width=100% height=5% cellpadding=0><td colspan=8 background="sidebar.gif" width=10% height=5% class="ttitle"><div id="tttitle1"><img src="logo1.gif" ></img></div><div> PHOENIX HR SOLUTIONS </div> </td>
-
</tr>
-
-
<tr><td>
-
<table border='0' height=20% cellspacing="8" cellpadding="8" align=center background=sidebar.gif class="MenuTable">
-
<form method='post' name='loginFrm' action='login.php'>
-
<br><br><br><br></br>
-
<tr><td colspan=2 align=center class='field' style="font-family:verdana; font-size:12pt;">LOGIN</td></tr>
-
<tr>
-
<td class="Elementname"><b>User name</b></td><td><input type='text' size='20' name='username'></td></tr>
-
<tr>
-
<td class="Elementname"><b>Password</b></td><td><input type='password' size='21' name='pass'></td><br />
-
-
<tr class=element><td colspan="2" align="center"> <input type='submit' name='submit' value=' login '> </td>
-
</tr>
-
</form>
-
</td>
-
</tr>
-
<?php
-
$username = $_POST['username'];
-
$password = $_POST['pass'];
-
$submit = $_POST['submit'];
-
-
#echo ($username);
-
$crypt_pwd=md5($password);
-
#echo ($crypt_pwd);
-
-
if(!empty($submit)){
-
-
if (!empty($username) && !empty($password)) {
-
-
#$cxn = mysql_connect("localhost","root","mysql");
-
-
#$db = mysql_select_db("phoenixhrdb",$cxn);
-
-
$auth = confirmUser($username,$crypt_pwd);
-
-
#echo "\n$auth";
-
-
if ($auth == "true") {
-
-
$_SESSION['valid_user'] = $username;
-
# Write query ( select MAX(login_time) from logintimestamp where username='$username';
-
#write the result into $lastlogin
-
# insert into logintimestamp values ($username, now(), NULL);
-
# :wq
-
-
$time_query = "select MAX(logintime) from Logintimestamp where Username='$username'";
-
#echo $time_query;
-
$time_result = mysql_query($time_query,$cxn);
-
$time_row = mysql_fetch_array($time_result);
-
$lastlogin = $time_row['MAX(logintime)'];
-
#echo $lastlogin;
-
$_SESSION['login'] = $lastlogin;
-
-
$insert_query = "INSERT INTO Logintimestamp values ('$username',now(),'NULL')";
-
# echo $insert_query;
-
$insert_result = mysql_query($insert_query,$cxn);
-
-
# }
-
if(true){
-
$adminquery ="select Name from Recruiter_Profile where Team_Selection='Superuser' or Team_Selection='Management' or Team_selection='Manager'";
-
$adminresult = mysql_query($adminquery) or die("Could not connect to database".mysql_error($cxn));
-
#echo $adminresult;
-
-
while($adminrow = mysql_fetch_array($adminresult)){
-
#echo $adminrow;
-
$adminteam[]=$adminrow['Name'];
-
}
-
foreach($adminteam as $admin){
-
# echo "<br>$admin";
-
#echo $username;
-
if($admin==$username){
-
# echo $admin;
-
header("Location:index.php");
-
exit;
-
}
-
else if($admin !=$username){
-
header("Location:indexcontinue.php");
-
exit;
-
}
-
}}
-
}
-
else {
-
-
echo ("<tr><td colspan='2'><b align='center'>Username or Password doesn't exist</b></td></tr>");
-
}
-
-
}
-
-
-
else {
-
-
-
echo ("<tr><td colspan='2'><b>Please Enter user name and Password</b></td></tr>");
-
}
-
-
}
-
?>
-
</table>
-
</td></tr>
-
<tr height=15><td align=center background="sidebar.gif" colspan=8 cellpadding=0 cellspacing=0 class=footertxt>copyright2007 @ phoenixhrsolutions</td></tr>
-
</table>
-
</body>
-
</html>
-
121
