Code Forums - View Single Post

BUFFY · 05-02-2005, 05:32 AM

Hi, I have followed sde's login script with a couple of changes. The main difference is that I 1st want my script to check a tutor database, then if the username & password is not there, check the student database....

Reason tutor will be directed to a different page or have different access rights....

Heres my login.php code

PHP Code:


			
if ($_REQUEST['DoLogin']=='yes')

  {

  include 'login.inc.php';

  }

?>



Form accepting username and password goes here... 

eg.

<form action="login.php?DoLogin=yes" method="post" name="logindetails" 



<?PHP

exit;

    }   

  }       

?>

So because no variables are set the form appears, the user enters their details and they are processed by login.inc.php:

PHP Code:


			
<?PHP 

// start session

session_start();



// convert username and password from _POST or _SESSION

if($_POST["username"])

{

  $username=$_POST["username"];

  $password=$_POST["password"];  

}

elseif($_SESSION["username"])

{

  $username=$_SESSION["username"];

  $password=$_SESSION["password"];

} 



// start and register session variables

session_register("username");

session_register("password");



//Connect to database include file

include 'connect.inc';



echo "User: $username<hr>";



// query for a user/pass match 

$result=mysql_query("SELECT * FROM tutor

  WHERE username='" . $username . "' and password='" . $password . "'"); 



$row=mysql_fetch_array($result);

$num=mysql_num_rows($result);



// print login form and exit if failed.

if($num < 1){

  session_destroy();

  echo "You are not authenticated.  Please login.<br><br>";

  exit;

} 



if (mysql_num_rows($result)>0) 

   {

    // We have a tutor

    $fullname=$row['firstname'] .' ' . $row['lastname'];

    echo("Hello tutor: $fullname<p>");

    if ($row['password']=$password) 

     {

         //Tutor is authenticated

     echo("Tutor you have logged in correctly");

     } else { echo ("try again");}     

     

   } else {

   

         // Check for student

        $result=mysql_query("SELECT * FROM student 

    WHERE username='" . $username . "' and password='" . $password . "'");



    $row=mysql_fetch_array($result);

    

    if ($row['username']=$username) 

          {

          // Confirm

       $fullname=$row['firstname'] . ' ' . $row['lastname'];

       echo("Hello Student: $fullname<p>");

       if ($row['password']=$password) 

            {

             // Student is authenticated

         echo("Student you have logged in correctly");

            } else { echo ("try again");}    

           }

         }



$loggedin=true;



?>

The tutor section works but a student login just returns the unauthorised access message.

Help is appreciated, have searched the net for logging onto one table then checking another with nothing.

05-02-2005, 05:32 AM	#1 (permalink)
BUFFY Registered User Join Date: May 2005 Posts: 29	Login Script against two tables Hi, I have followed sde's login script with a couple of changes. The main difference is that I 1st want my script to check a tutor database, then if the username & password is not there, check the student database.... Reason tutor will be directed to a different page or have different access rights.... Heres my login.php code PHP Code: `if ($_REQUEST['DoLogin']=='yes') { include 'login.inc.php'; } ?> Form accepting username and password goes here... eg. <form action="login.php?DoLogin=yes" method="post" name="logindetails" <?PHP exit; } } ?>` So because no variables are set the form appears, the user enters their details and they are processed by login.inc.php: PHP Code: <?PHP // start session session_start(); // convert username and password from _POST or _SESSION if($_POST["username"]) { $username=$_POST["username"]; $password=$_POST["password"]; } elseif($_SESSION["username"]) { $username=$_SESSION["username"]; $password=$_SESSION["password"]; } // start and register session variables session_register("username"); session_register("password"); //Connect to database include file include 'connect.inc'; echo "User: $username<hr>"; // query for a user/pass match $result=mysql_query("SELECT * FROM tutor WHERE username='" . $username . "' and password='" . $password . "'"); $row=mysql_fetch_array($result); $num=mysql_num_rows($result); // print login form and exit if failed. if($num < 1){ session_destroy(); echo "You are not authenticated. Please login.<br><br>"; exit; } if (mysql_num_rows($result)>0) { // We have a tutor $fullname=$row['firstname'] .' ' . $row['lastname']; echo("Hello tutor: $fullname<p>"); if ($row['password']=$password) { //Tutor is authenticated echo("Tutor you have logged in correctly"); } else { echo ("try again");} } else { // Check for student $result=mysql_query("SELECT * FROM student WHERE username='" . $username . "' and password='" . $password . "'"); $row=mysql_fetch_array($result); if ($row['username']=$username) { // Confirm $fullname=$row['firstname'] . ' ' . $row['lastname']; echo("Hello Student: $fullname<p>"); if ($row['password']=$password) { // Student is authenticated echo("Student you have logged in correctly"); } else { echo ("try again");} } } $loggedin=true; ?> The tutor section works but a student login just returns the unauthorised access message. Help is appreciated, have searched the net for logging onto one table then checking another with nothing. Last edited by BUFFY; 05-03-2005 at 01:08 AM.