login script help!

  • thomas_sum
  • Beginner
  • Beginner
  • thomas_sum
  • Posts: 44

Post 3+ Months Ago

i have written this login in script :
Code: [ Select ]
<?
$uid=$userid;
$pwd=$userpassword;
$db=mysql_connect("localhost","###","####");
mysql_select_db("user");
$query1="select * from staff where userid='$userid' and userpassword='$userpassword'";

$result1=mysql_query($query1);
$numrows=mysql_num_rows($result1);
if($numrows1>0)
{
    echo "<meta http-equiv='refresh' content='0;URL=search2.htm'>";
}
else
{
    echo "<b>Login failed. Please try again<br>";
    echo "<a href='login.htm'>Back To Login Page</a>";
}

$query2="select * from student where userid='$userid' and userpassword='$userpassword'";
$result2=mysql_query($query2);
$numrows2=mysql_num_rows($result2);
if($numrows2>0)
{
    echo "<meta http-equiv='refresh' content='0;URL=view2.htm'>";
}
else
{
    echo "<b>Login failed. Please try again<br>";
    echo "<a href='login.htm'>Back To Login Page</a>";
}
?>
  1. <?
  2. $uid=$userid;
  3. $pwd=$userpassword;
  4. $db=mysql_connect("localhost","###","####");
  5. mysql_select_db("user");
  6. $query1="select * from staff where userid='$userid' and userpassword='$userpassword'";
  7. $result1=mysql_query($query1);
  8. $numrows=mysql_num_rows($result1);
  9. if($numrows1>0)
  10. {
  11.     echo "<meta http-equiv='refresh' content='0;URL=search2.htm'>";
  12. }
  13. else
  14. {
  15.     echo "<b>Login failed. Please try again<br>";
  16.     echo "<a href='login.htm'>Back To Login Page</a>";
  17. }
  18. $query2="select * from student where userid='$userid' and userpassword='$userpassword'";
  19. $result2=mysql_query($query2);
  20. $numrows2=mysql_num_rows($result2);
  21. if($numrows2>0)
  22. {
  23.     echo "<meta http-equiv='refresh' content='0;URL=view2.htm'>";
  24. }
  25. else
  26. {
  27.     echo "<b>Login failed. Please try again<br>";
  28.     echo "<a href='login.htm'>Back To Login Page</a>";
  29. }
  30. ?>

the problem is that my query2 doesn't work when the password entered correctly, it still direct to the query1 page. Could someone help me!!!
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • _Leo_
  • Proficient
  • Proficient
  • User avatar
  • Posts: 279
  • Loc: Buenos Aires, Argentina

Post 3+ Months Ago

When the password is correct, you send
Code: [ Select ]
<meta http-equiv='refresh' content='0;URL=search2.htm'>
to the browser.

PHP flush the buffer during the script execution, then the browser gets the meta-refresh before the second query execution takes place. As the browser closes the connection to the server for the original script, the script is killed right there.

Try putting the meta-rerefresh condition once you have executed ALL queries for your DB.

You can make the whole work with a single query too.
  • thomas_sum
  • Beginner
  • Beginner
  • thomas_sum
  • Posts: 44

Post 3+ Months Ago

Try putting the meta-rerefresh condition once you have executed ALL queries for your DB? do u mean like this
Code: [ Select ]
<meta http-rerefresh='refresh' content='0;URL=search2.htm'>

or
Code: [ Select ]
<meta http-equiv='rerefresh' content='0;URL=search2.htm'>





Making the whole work in single query! what do u mean _leo_ and how is it going to be done?
  • _Leo_
  • Proficient
  • Proficient
  • User avatar
  • Posts: 279
  • Loc: Buenos Aires, Argentina

Post 3+ Months Ago

Let's start again.

1. In the script you posted, you need to make this change at least:

Code: [ Select ]
<?
$uid=$userid;
$pwd=$userpassword;
$db=mysql_connect("localhost","###","####");
mysql_select_db("user");

// Check the staff list first

$query1="select * from staff where userid='$userid' and userpassword='$userpassword'";

$result1=mysql_query($query1);
$numrows=mysql_num_rows($result1);
if($numrows1>0)
{
 $redir_url = 'search2.htm':
}
else
{
  echo "<b>Login failed. Please try again<br>";
  echo "<a href='login.htm'>Back To Login Page</a>";
}

// Check the student list in second place

$query2="select * from student where userid='$userid' and userpassword='$userpassword'";
$result2=mysql_query($query2);
$numrows2=mysql_num_rows($result2);
if($numrows2>0)
{
 $redir_url = 'view2.htm':
}
else
{
  echo "<b>Login failed. Please try again<br>";
  echo "<a href='login.htm'>Back To Login Page</a>";
}


// Now we have searched the user in both tables, and we will send him to where he belongs....
// Redir user to... $redir_url
echo "<meta http-equiv='refresh' content='0;URL=".$redir_url."'>";
?>
  1. <?
  2. $uid=$userid;
  3. $pwd=$userpassword;
  4. $db=mysql_connect("localhost","###","####");
  5. mysql_select_db("user");
  6. // Check the staff list first
  7. $query1="select * from staff where userid='$userid' and userpassword='$userpassword'";
  8. $result1=mysql_query($query1);
  9. $numrows=mysql_num_rows($result1);
  10. if($numrows1>0)
  11. {
  12.  $redir_url = 'search2.htm':
  13. }
  14. else
  15. {
  16.   echo "<b>Login failed. Please try again<br>";
  17.   echo "<a href='login.htm'>Back To Login Page</a>";
  18. }
  19. // Check the student list in second place
  20. $query2="select * from student where userid='$userid' and userpassword='$userpassword'";
  21. $result2=mysql_query($query2);
  22. $numrows2=mysql_num_rows($result2);
  23. if($numrows2>0)
  24. {
  25.  $redir_url = 'view2.htm':
  26. }
  27. else
  28. {
  29.   echo "<b>Login failed. Please try again<br>";
  30.   echo "<a href='login.htm'>Back To Login Page</a>";
  31. }
  32. // Now we have searched the user in both tables, and we will send him to where he belongs....
  33. // Redir user to... $redir_url
  34. echo "<meta http-equiv='refresh' content='0;URL=".$redir_url."'>";
  35. ?>


This way you will look for the user in both tables, but this is not a real solution.

First of all, you should (probably) make all students and staff belong to one table and use a 'type' column to divide them. What if a userid and password combination is present in both tables (ie: john / doe). Is it a staff or a student?

I don't know what you are doing, but I guess you should use a single table for login.

userid varchar()
password varchar()
usertype int() // Where 1=student, 2=staff, 3=...
status int() // Where 0=disabled, 1=enabled

Code: [ Select ]
SELECT * FROM users WHERE userid='$userid' AND password='$password' AND status=1


Then, all you have to do is ask for the usertype value in the row you have found for knowing where this user should go.

Code: [ Select ]
<?
// Connect MySQL
$db = mysql_connect("localhost","###","####");
mysql_select_db("user");

// Check the user list
$query="SELECT * FROM users WHERE userid='$userid' AND password='$password' AND status=1'";

$result = mysql_query($query);
if (mysql_num_rows($result) > 0) {

 $obj = mysql_fetch_object($result);

 if ($obj->usertype == 2)
  $redir_url = 'search2.htm':
 if ($obj->usertype == 1)
  $redir_url = 'view2.htm':

 echo "<meta http-equiv='refresh' content='0;URL=".$redir_url."'>";
}
else
{
  echo "<b>Login failed. Please try again<br>";
  echo "<a href='login.htm'>Back To Login Page</a>";
}
?>
  1. <?
  2. // Connect MySQL
  3. $db = mysql_connect("localhost","###","####");
  4. mysql_select_db("user");
  5. // Check the user list
  6. $query="SELECT * FROM users WHERE userid='$userid' AND password='$password' AND status=1'";
  7. $result = mysql_query($query);
  8. if (mysql_num_rows($result) > 0) {
  9.  $obj = mysql_fetch_object($result);
  10.  if ($obj->usertype == 2)
  11.   $redir_url = 'search2.htm':
  12.  if ($obj->usertype == 1)
  13.   $redir_url = 'view2.htm':
  14.  echo "<meta http-equiv='refresh' content='0;URL=".$redir_url."'>";
  15. }
  16. else
  17. {
  18.   echo "<b>Login failed. Please try again<br>";
  19.   echo "<a href='login.htm'>Back To Login Page</a>";
  20. }
  21. ?>
  • Scorpius
  • Proficient
  • Proficient
  • User avatar
  • Posts: 401
  • Loc: Scorpion Hole

Post 3+ Months Ago

Well from what I see your passwords stay unencrypted, and you should probably do that just for the sake of the users. Also if you trying to like integrate this into a forum or some other type of script, they probably do you encryption. Just use something like:
Code: [ Select ]
$password2 = md5($password);
SELECT * FROM users WHERE userid='$userid' AND password='$password2' AND status=1
  1. $password2 = md5($password);
  2. SELECT * FROM users WHERE userid='$userid' AND password='$password2' AND status=1

Post Information

  • Total Posts in this topic: 5 posts
  • Users browsing this forum: No registered users and 132 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
cron
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.