|
|
|
#1
06-29-2009, 06:30 AM
|
|||
|
|||
Login page with different levels
It is I your mortal servant hoping you might impart some of your wisdom on my puny brain. I want to create a login page that sends people to different pages depending on their level. I have a database with username, password and level in it. In level i have level 1, level 2 and level 3. Now if a username that is in the database is level 1 i want it to send me to page 1 if it is level 2 i want it to send me to page 2. I have no idea how to accomplish this since i don't want to force people to type in their level with the username and password. I want the code to basically see what the username is and if it does exist in the database it should check on what level the username is. I tried doing this with cases but couldn't get it to work Here is my code related to the whole thing. These are just the forms from where it takes the username and password <td width="100" class="left"><form id="form2" name="form2" method="post" action="login.php"> Username</td> <td><input name="username" type="text" id="username" size="15" /></td> </tr> <tr> <td width="100" class="left"> Password</td> <td><input name="password" type="password" id="password" size="15" /></td> </tr> <tr> <td width="100"> </td> <td><input type="submit" name="Submit" value="Login" /></td> </tr></table></td> And this is my php code for connecting to the database and checking if the username and password typed in the page above exists in the database and here i attempt to use cases but i fail. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title></title></head> <body> <?php extract( $_POST ); $conn = mysql_connect("localhost", "root", "pokemon"); mysql_select_db("dino", $conn); if(!$conn) { echo "Can not connect to the database"; } $result = mysql_query("select * from login where username ='".$_POST['username']."' and password ='".$_POST['password']."' and Nivo='".$_POST['Nivo']."'"); $c=0; while ($row = mysql_fetch_array($result)){ $c++; } if($c>0) { switch($result){ case "1": header("Location: home.html"); break; case "2": header("Location: tenderi.php"); break; case "3": header("Location: komitenti.php"); break; } } if($c==0){ header("Location: restricted.php"); } mysql_close($conn); ?> </body> </html> Thanks in advace from a mere mortal
__________________
Life\'s a bitch.... ...and i\'m its Pimp 
|
|
#2
07-01-2009, 06:59 AM
|
|||
|
|||
|
I don't know PHP too well, but a couple of things jump out at me in line...
Code:
$result = mysql_query("select * from login
where username ='".$_POST['username']."'
and password ='".$_POST['password']."'
and Nivo='".$_POST['Nivo']."'");
You my need an extra line to get the userlevel value from the row, or perhaps try select userlevel from ... (2) I can't see from the form HTML where the value of 'Nivo' is being set - a wrong default or missing value *might* mean the returned recordset is empty? Just a couple of thoughts... Hope they help... PQ.
|
|
#3
07-02-2009, 05:01 PM
|
|||
|
|||
|
And hackers will easily attack your site using SQL injections. Make sure you escape those strings
__________________
|
|
#4
07-09-2009, 02:11 PM
|
|||
|
|||
|
Thanks for the reply's i managed to make this work, and this is for a school project so security is not a primary issue.
I have another problem now that to me seems easy but i can't seem to make it work so maybe you can help. Since i don't want to explain my whole code i'll just give an example: I have two tables table A, table B table A has employee ID and employee sales and buying customer table B has average employee sales and employee ID now what i want to do is input in the average employee sales the average of all the sales that employee has made which is calculated from table A So the code should be something like this SELECT AVG(A.average_employee_sales) FROM A, B WHERE A.employee_ID=B.employee_ID now for this to work it would have to loop constantly or just run constantly so that when a new sale is made it is updated again and i don't know how to accomplish this. So if you have any ideas i would greatly appreciate it. Thanks in advance.
__________________
Life\'s a bitch.... ...and i\'m its Pimp
|
|
#5
07-10-2009, 04:10 PM
|
|||
|
|||
|
Quote:
Table A has the sales made to each customer per employee_id. Table B has each employee_id listed only once together with an average sales figure. Presumably when a new sale is made a new entry is added to table A - an extra row with the sales info - or maybe the value against an existing customer is updated. What you need to do is run a SELECT AVG() for the relevant employee_id against Table A, and then UPDATE the corresponding value in Table B with the new average for that employee. Try thinking along the lines of: Code:
UPDATE B
SET average_employee_sales =
(SELECT AVG(A.average_employee_sales)
FROM A
WHERE A.employee_ID = <relevant_id>
)
WHERE B.employee_ID = <relevant_id>
relevant_id should be the employee_id who made the sale! Without all the code details form you it's difficult to be too specific with the answer - but I hope that helps point you in the right direction. PQ.
|
 |
|
|
|||
|
|||
|
|
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
