User/Admin Log-In form Php, MySQL -


I am doing this project and I find it difficult to find the right answer to my question. I have googled for the answer, but none of them worked, I also tried to change the code, but still it is not working properly I am planning my project. A user / administrator will enter a log-in form and then it will redirect whether the input is for administrator or general user.

I have created a table named, a table with the name. In the information table, there is a user name (varchar), password (varchar) and admin_level (int).

Here is my html and php script: 

  & lt; Form method = 'post' action = 'login.php' & gt; & Lt; Div id = 'userlogin' & gt; User Login & lt; / Div & gt; Username & lt; Input type = text name = username & gt; & Lt; / Br & gt; Password & lt; Input type = password name = password & gt; & Lt; / Br & gt; & Lt; Input type = submit name = submit value = 'log in' & gt; & Lt; / Div & gt; & Lt ;? Php if (isset ($ _ POST ['submit'])) {$ a = $ _POST ['username']; $ B = $ _POST ['password']; ("Dbconnect.php"); $ Sql ​​= "SELECT *" where the user name '$ a' and password '$ b' and 'admin_level 1'; $ result = mysql_query ($ SQL); $ count = mysql_num_rows ($ result); $ rows = Mysql_fetch_array ($ result); if ($ count == 1) {if ($ rows ['admin_level'] == 1) {header ("location: adminPage.php");} Other {header ("Location: userPage .php ");}} Else {print" & lt; Font color = red> username / password combination error & lt; / Font> ";}}

  1. Do not use mysql_ * function As you are learning from the beginning, this is the best time to avoid mysql _ * tasks PDO or Instead, start with mysqli _

  2. to match the username / password, like , its Instead, use $ sql = "SELECT *" instead of the user name '$ a' and the password '$ b' and 'admin_level' instead of = . Like '1 ;; Get data from the table from the , $ sql = "SELECT *", since at least 1 row, from where the user name = '$ a' and password = '$ b' " ;

  3. Therefore, instead of them, 

      $ count = mysql_num_rows ($ result); $ Rows = mysql_fetch_array ($ result); If ($ count == 1) {if ($ rows ['admin_level'] == 1) {header ("location: adminPage.php"); } Other {header ("location: userPage.php"); }}

    4. , 

      if (mysql_num_rows ($ result)> 0) {$ rows = mysql_fetch_array ($ Result); If ($ rows ['admin_level'] == 1) {header ("location: admin page."); } Other {header ("location: userPage.php"); }}

Comments

Post a Comment