I am trying to figure out why the PHP will not check the database level and echo the proper message. Hopefully someone can help me figure this out.

<?php
  $connect = mysql_connect("localhost","goforgol_master","!rach22*") or die("Couldn't connect!");
  mysql_select_db("goforgol_phplogin") or die("Couldn't find database");

  session_start();

  $email = $_POST['email'];
  $password = $_POST['password'];
    
  if ($email&&$password)
    {
         
      $query = mysql_query("SELECT * FROM users WHERE email='$email'");
      $numrow = mysql_num_rows($query);
      
      if ($numrow!=0)
      {
        // code to login
        while ($row = mysql_fetch_assoc($query))
        {
        
          $dbemail = $row['email'];
          $dbpassword = $row['password'];
          $dbname = $row['name'];
          $dblevel = $row['level'];
        
        }
        if ($email==$dbemail&&md5($password)==$dbpassword)
        {
          if ($dblevel==0)
          {
          echo "You are logged in! <a href='http://www.wordpresswealth.com/index.php'>Click</a> here purchase a membership package";
          $_SESSION['email']=$email;
          session_destroy();
          }
          elseif ($dblevel==1)
          {
          echo "You are logged in! <a href='http://www.wordpresswealth.com/Member_Library_Trial.php'>Click</a> here to enter Member's Library";
          $_SESSION['email']=$email;
          }
          elseif ($dblevel==2)
          {
          echo "You are logged in! <a href='Member_Library.php'>Click</a> here to enter members page.";
          $_SESSION['email']=$email;
		  }
		  elseif ($dblevel==3)
		  {
		  echo "You are logged in! <a href='Member_Library_Gold.php'>Click</a> here to enter members page.";
          $_SESSION['email']=$email;
          }
        }
        else
          echo "Username or Password is incorrect";
      }
      else
        die('Username or Password is incorrect');
    }
  else
    die("Please enter a username and a password");

?>

Thanks in advance for any help.

Hi tstory28,

After a quick look through your code, I would like to suggest a few things:

- Put a new if statement around line 6 to 61, in which you check whether the email and password form variable are set (if (isset($_POST['email) && .....) and delete the if statement in line 10

- Line 7, 8 - Clean the form value first: $variable = htmlentities(addslashes($_POST['form_variable'])); - Line 26 - Add an echo in which you show all the variables from the database:

echo "dbemail=".$dbemail.", dbpassword=".$dbpassword.", dbname=".$dbname.", dblevel=".$dblevel;

If you did all those steps (especially the last one), you will find out why your code is not working (probably because dblevel is empty, but you'll see)

~G

commented: This helped me find my issue. +1

Now what is your output?

Alright. I just tested it. I got dblevel=nothing. When I look in the database, there are values in the level row. How would I fix that issue?

Umm, try this checklist:

A. Is "users" the correct table?
B. Is the name of the column that holds the level really "level", as you described on line 25?
C. You should have fixed it by now, if not, post a reply :)

~G

I did not realize that I named that row "Level" instead of "level". Once I changed that, it actually worked right.

Here is a script to log into MySQL database (screenshot attached) using email ID and password. Am using main_login.php to call the checklogin3.php. Cannot seem to make the checklogin3 code work:

<?php
ob_start();
$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password="March2010"; // Mysql password 
$db_name="login11"; // Database name 
$tbl_name="members"; // Table name

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword 
if(isset($_POST['email'])){

$email=$_POST['email']; 
$mypassword=$_POST['mypassword'];

}  

// To protect MySQL injection (more detail about MySQL injection)
$email = stripslashes($email);
$mypassword = stripslashes($mypassword);
$email = mysql_real_escape_string($email);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE email='$email' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $email and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}

ob_end_flush();
?>

I am a beginner in php. This is a sample code file. I know line in 36, I must use $_Session instead of $session_register, but I cannot seem to make that work either.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.