3 replies to this topic

[xle_camry]

Dear friends,

As I am new to PHP, this question may be very simple to you.

So, please be tolerant and help me.

This is my question:

1. I have table called "users" in my mysql database. Database called "people".
2. I have two users in my "users" table. They are:

a) username: admin
password: secret

b) username: user
password: access

3. I have 3 php files: login.php, admin.php, user.php

4. Firstly opens login.php and there asked to enter username and password.

5. So, how can I do the followings:

if administrator types its username and password correctly, it should enter admin.php

if user types its username and password correctly, it should enter user.php

if neither administrator nor user is right, it must be message in javascript: Check your username and password!

Any advices?

Thanks!

[logicPwn]

Ok to do this your going to need one page that has HTML form and one PHP processing page.

In your HTML page

<!DOCTYPE html>

<html>

    <head>

        <title></title>

        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    </head>

    <body>

        <h3>Login Example</h3>

        <form action="login.php" method="post">

            <input type="text" id="username" name="username" /><br />

            <input type="password" id="password" name="password" /><br />

            <input type="submit" value="Login">

        </form>

    </body>

</html>

and in login.php script

<?php

$user = array();

$user['username'] = $_POST['username']; //add extra checking

$user['password'] = $_POST['password']; //to make sure there not empty


// Connect to DB and select table

$con = mysql_connect("host", "username", "password");

if (!$con)

{

    die('Could not connect: ' . mysql_error());

}

mysql_select_db("people", $con);


// Run query to check if user exists

$result = mysql_query("SELECT * FROM users WHERE username='" . $user['username'] . "'");

if (!$result) {

    die("No user exists"); // switch to header("Location:url");

}

$userdata = mysql_fetch_row($result);


// Check password

if ($user['password'] == $userdata['password']) {

    //session or cookies

    header("Location:url");

}

else {

    header("Location:url"); // Password did not match one in DB

}

?>

This script that I made for you is very basic. You should always escape user inputted data before running queries.

Edited by logicPwn, 04 February 2012 - 04:26 PM.

[xle_camry]

You are inserting username and password into the table.
I dont want this.

I already have that username and password in my database.
I want that if username and password is correct, then that person can login into that page.

[logicPwn]

Your right. Here's the code for checking login data.

// Run query to check if user exists

$result = mysql_query("SELECT * FROM users WHERE username='" . $user['username'] . "'");

if (!$result) {

    die("No user exists"); // switch to header("Location:url");

}

$userdata = mysql_fetch_row($result);


// Check password

if ($user['password'] == $userdata['password']) {

    //session or cookies

    header("Location:url");

}

else {

    header("Location:url"); // Password did not match one in DB

}

Changed in the above post also so it's a full page example.