Login script

Discussion in 'PHP' started by wortmann, Apr 5, 2012.

0
  1. #1
    I'm trying to have the following to work:Login in using a table with login names, pw and authority. Either they are a user and they have a n(no) or they are an administrator and they will have a y(yes) as input for the authorisation(admin_priv).When they have the authorisation i like them to go to a certain page ad_menu.php but when they do not have the authorisation i'd like them to go to a different page: user.php. and when the login fails they go to failed_login.phphere is the code:if (isset($_POST['username'])) { $loginUsername=$_POST['username']; $password=$_POST['pwd']; $MM_fldUserAuthorization = "admin_priv"; $MM_redirectLoginSuccess = "../ad_menu.php"; $MM_redirectLoginFailed = "failed_login.php"; $MM_redirecttoReferrer = false; mysql_select_db($database_loginAdmin, $loginAdmin);What am i doing wrong?Can i redirect to the ad_menu.php page and then have a look at the priveledges and redirect to user.php (all on the ad_menu.php page) or can i add code here in login.php page that if the login is valid but the authorisation is n (user level) it redirects to a different page. Please help and give me the solution plus code hint.thanks
     
    wortmann, Apr 5, 2012 IP
  2. SoftCloud

    SoftCloud Well-Known Member

    Messages:
    1,060
    Likes Received:
    28
    Best Answers:
    2
    Trophy Points:
    120
    #2
    The code that you supplied isn't enough to continue with the logging in. All that's doing is making sure something is wrote in the username box and then turning the values sent from the form into varible's. You will need more coding than that.

    Also use the [code][/code] tags when posting code. It makes it more easier to read. :)
    if (isset($_POST['username'])) {
	$loginUsername=$_POST['username'];
	$password=$_POST['pwd'];
	$MM_fldUserAuthorization = "admin_priv";
	$MM_redirectLoginSuccess = "../ad_menu.php";
	$MM_redirectLoginFailed = "failed_login.php";
	$MM_redirecttoReferrer = false;

mysql_select_db($database_loginAdmin, $loginAdmin);
    Code (markup):
     
    SoftCloud, Apr 5, 2012 IP
  3. mrandre

    mrandre Peon

    Messages:
    15
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #3
    either way, set a session variable when the user log in, then you can kick out anywhere later based on the level of the user..
     
    mrandre, Apr 6, 2012 IP
  4. mallorcahp

    mallorcahp Peon

    Messages:
    141
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #4
    Make sure you don't leave yourself open to SQL injection, use : mysql_real_escape_string() on variables.
     
    mallorcahp, Apr 6, 2012 IP
  5. Artuurs

    Artuurs Peon

    Messages:
    24
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #5
    Your code is wrong , there is more SQL injections!
     
    Artuurs, Apr 7, 2012 IP
  6. SoftCloud

    SoftCloud Well-Known Member

    Messages:
    1,060
    Likes Received:
    28
    Best Answers:
    2
    Trophy Points:
    120
    #6
    Please note the code I posted above is just the original thread posters code, but in "code" tags. It's not a solution!
     
    SoftCloud, Apr 7, 2012 IP
  7. vnrock

    vnrock Peon

    Messages:
    7
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #7
    thank you for sharing this important posting..
     
    vnrock, Apr 7, 2012 IP