By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,304 Members | 1,254 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,304 IT Pros & Developers. It's quick & easy.

user authentication

P: 15
ok i had some problems before with imaging, but that is all solved. but now i need help with some user authentication. basically, when you add a user to my database, "busted" under table "user_info", the following info is stored (and works, i checked)
user_realname
username
password
bus_number //the bus number each account is associated with
acct_type // can be driver, admin, or parent.
and what i'm trying to do is have the script check the username and password, which it does, and if they are wrong or not entered go back to the login screen, which it also does. but what i want to happen next is that if the account type is admin, it would redirect to /admin/adminhome.html, and the same goes for driver and parent, respectively. but using this code, if the username and password do match, it always redirects to admin/adminhome. so what am i doing wrong?
[php]
<?
//check if username and password were even entered
if ((!$_POST[username]) || (!$_POST[password])) {
header("Location: show_login.html");
exit;
}
$db_name = "busted";
$table_name = "user_info";
$con = @mysql_connect("localhost", "nathan", "*******")
or die(mysql_error());
$db = @mysql_select_db($db_name, $con) or die(mysql_error());
$sql = "SELECT * FROM $table_name WHERE username = '$_POST[username]' AND password = '$_POST[password]'";
$result = @mysql_query($sql, $con) or die(mysql_error());
$num = mysql_num_rows($result);
if ($num !=0) {
session_start();

WHILE($row = mysql_fetch_array($result))
{
$_SESSION['username'] = $row[username];
$_SESSION['password'] = $row[password];
$_SESSION['user_realname'] = $row[user_realname];
$_SESSION['bus_number'] = $row[bus_number];
$_SESSION['acct_type'] = $row[acct_type];
}
//use statements below to test session vars.
//echo "hello, $_SESSION['username']! you entered $_SESSION['password'] as your password. Your real name is $_SESSION['user_realname'], and you are associated with bus number $_SESSION['bus_number'] with $_SESSION['acct_type'] as your account type.";

{
if ($_SESSION['acct_type'] = admin) {
header("location: /admin/adminhome.html");
exit;
}
elseif ($_SESSION['acct_type'] = parent) {
header("location: /parent/parenthome.html");
exit;
}
elseif ($_SESSION['acct_type'] = driver) {
header("location: /driver/driverhome.html");
exit;
}
else {
echo "Sorry, but it looks like you either didn't have your account created correctly, or some other techical difficulty is blocking your entrance to the system. Check with your administrator for assistance."; //note: admin email address as link?
}
}else {
header("location: show_login.html");
exit;
}
?>[/php]
Feb 24 '08 #1
Share this Question
Share on Google+
12 Replies


ronverdonk
Expert 2.5K+
P: 4,258
Please enclose any code within the proper code tags. See the Posting Guidelines on how to do that.

moderator
Feb 24 '08 #2

ronverdonk
Expert 2.5K+
P: 4,258
You either copied your code wrong or it is the error.
The if always uses == or === but not = cause that is an assigment.
in the if I assume admin is a char field, so put it between quotes. I.e. [php]if ($_SESSION['acct_type'] == 'admin') {
header("location: /admin/adminhome.html");
exit;
}
elseif ($_SESSION['acct_type'] == 'parent') {
header("location: /parent/parenthome.html");
exit;
}
elseif ($_SESSION['acct_type'] == 'driver') {
header("location: /driver/driverhome.html");
exit;
}
[/php]Ronald
Feb 24 '08 #3

P: 15
ok sorry i forgot about the code tags...
anyway, that was the problem and thank you for your time.
i do have one more question though:
is there a way (similar to below) that i could check the account type so the parents and drivers can't access the admin sub or each others? such as this
Expand|Select|Wrap|Line Numbers
  1.  
  2. {
  3. if ($_SESSION['acct_type'] == 'admin') {
  4. $_SESSION['admin_logged_in'] = "true";
  5. header("location: /admin/adminhome.html");
  6. exit; 
  7. else
  8. if ($_SESSION['acct_type'] == 'parent') {
  9. $_SESSION['parent_logged_in'] = "true";
  10. header("location: /parent/parenthome.html"); 
  11. exit;
  12. }
  13. elseif ($_SESSION['acct_type'] == 'driver') {
  14. $_SESSION['driver_logged_in'] = "true";
  15. header("location: /driver/driverhome.html"); 
  16. exit;
  17. }
  18. //else {echo "Sorry, but it looks like you either didn't have your account created correctly, or some other techical difficulty is blocking your entrance to the system. Check with your administrator for assistance."; //note: admin email address as link? 
  19. }
  20.  }else {
  21. header("location: show_login.html");
  22. exit;
  23. }
  24.  
and then have something to the effect of this at the beginning of each admin html file:

Expand|Select|Wrap|Line Numbers
  1. if ((!$_SESSION['admin_logged_in'])  || ($_SESSION['admin_logged_in'] != "true") {header("location: ../show_login.html") }
  2. [html goes here]
  3.  
Feb 24 '08 #4

ronverdonk
Expert 2.5K+
P: 4,258
Glad it worked. Yes you can use this statement (I changed it because there was an error in the one you showed):[php]if (!isset($_SESSION['admin_logged_in']) || ($_SESSION['admin_logged_in'] != "true")) {
header("location: ../show_login.html");
exit;
}[/php]Ronald
Feb 24 '08 #5

P: 15
the sad thing (or maybe its a good sign) is that i caught the isset thing literally 10 seconds before refreshing this page. i'm going to try that thanks for the help
Feb 24 '08 #6

ronverdonk
Expert 2.5K+
P: 4,258
At least you found it yourself. Good luck. See you around next time.

Ronald
Feb 24 '08 #7

P: 15
well, we lost. Sorry. but thanks for your help anyway.
Mar 4 '08 #8

ronverdonk
Expert 2.5K+
P: 4,258
..well, we lost..
What did you lose?

Ronald
Mar 4 '08 #9

P: 15
We won an event called spotlight on technology, which entered us into regional competition, so i definately put this site's logo on our display. but we got beat. and get this. by a random number generator. isn't that like 3 or 4 lines of code?
Mar 6 '08 #10

ronverdonk
Expert 2.5K+
P: 4,258
More or less. Sorry to hear you lost. But there's always next year.

Ronald
Mar 6 '08 #11

P: 15
well considering that was a high school competition i don't exactly have the same chances as i'm a senior, so... meh. i'm gonna keep developing the program and maybe market it soon, who knows.
Mar 6 '08 #12

ronverdonk
Expert 2.5K+
P: 4,258
Wish you good luck and see you next time here.

Ronald
Mar 6 '08 #13

Post your reply

Sign in to post your reply or Sign up for a free account.