Hi

I just wanted some advice regarding my login script.

Example:
I have 2 types of user "Student" and "staff"

I would like both types of users which are in different tables to log into one login form, at the moment I have 2 separate scripts.

The general assumptions apply students shouldn't be able to access lecturers stuff and vice versa where relevant.

Everything is OK if I have to login forms but i would like to have it in one.

Language PHP SQL

Thanks in advance

<?php
	    session_start();
		error_reporting(E_ALL ^ E_NOTICE);
        // dBase file
        include "dbconfig.php";

        if ($_GET["op"] == "login")
  {
  if (!$_POST["studnum"] || !$_POST["pass1"])
        {
         Header("Location:memauthfail.html");
        }
		
  // Create query
  $pw=$_POST["pass1"];
  //$hash=md5($pw);
  	$q1 = "SELECT * FROM `student` "
        ."WHERE `stud_num`='".$_POST["studnum"]."' "
        ."AND `s_pass`='".($pw)."' "
        ."LIMIT 1";

	$q2 = "SELECT * FROM `dbusers` "
        ."WHERE `stud_id`='".$_POST["studnum"]."' "
        ."AND `pass`='".($pw)."' "
        ."LIMIT 1";
 
  $r1 = mysql_query($q1);
  $r2 = mysql_query($q2);
  if ( mysql_fetch_array($r1) )
        {
        // Login good, create session variables
        $_SESSION["valid_user"] = $_POST["studnum"];

        // Redirect to member page
	   Header("Location:search.php");
       
		return;
        }else 
		if( mysql_fetch_array($r2))
		{
	   $_SESSION["valid_user"] = $_POST["studnum"];
              // Redirect to member page
      Header("Location: ../StudentProfile/StudentProfile.php");
		return;

  
		}
  else
        {
        // Login not successful
       Header("Location:memauthfail.html");
        }
  }
  ?>

[Try the code i show i use in on my login page when prof and student login it determine which page it will show]

Member Avatar for Zagga

Hi joban.ali,

when the user logs in (in the login page), store a $_SESSION variable to say whether thay are staff or student.

session_start();

if ($member == "staff"{
	$_SESSION['staff'] = "yes";
}
else{
	$_SESSION['student'] = "yes";
}

at the top of every page that is "staff only" add

session_start();
if (!isset($_SESSION['staff'])){
	header("location:login.php");
	exit();
}

and at the top of every "student only" page add

session_start();
if (!isset($_SESSION['student'])){
	header("location:login.php");
	exit();
}

This will check if the relevant $_SESSION variable has been set, and if not will redirect to login.php


Hope this helps.
Zagga

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.