PHP conditions

Question

verbob 0 Junior Poster in Training

16 Years Ago

Below if part of my login script. I am trying to get it to redirect if the users account status is 'not verified' or 'suspended' (not verified is the field 'verified' = 0 and suspended is 'verified' = 2)

I'm sure it could be coded a little more eloquently, but this is what I have...anyone see why its not redirecting for non-verified/suspended users? (It does, however, redirect to the other pages(change.php and my.php) without a problem.)

$sql="SELECT * FROM users WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
$info = mysql_fetch_array($result, MYSQL_ASSOC);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
	if ($info['verified'] == 0) {
		$url = "notverified.php";
		$redirect = "other";
		} 
	if ($info['verified'] == 2){
		$url = "suspended.php";
		$redirect = "other";
		}
	if ($myusername == "10001" && !($redirect == "other"))
		{$url = "change.php";
		}
	if (!($myusername == "10001") && !($redirect == "other"))
		{$url = "my.php";
		}
	session_register("myusername");
	session_register("mypassword"); 
}else
	{$url = "login.php";}
echo("<script>
	<!--
	location.replace(\"".$url."\");
	-->
	</script>");

php

4 Contributors
9 Replies
183 Views
4 Days Discussion Span
Latest Post 16 Years Ago Latest Post by verbob

hielo 65 Veteran Poster

16 Years Ago

Try this:

$sql="SELECT * FROM users WHERE username='" . $myusername . "' and password='" . $mypassword . "'";
$result=mysql_query($sql);


$info = mysql_fetch_array($result, MYSQL_ASSOC);

// If result matched $myusername and $mypassword, table row must be 1 row
if(count($info)==1){
	if ((int)$info['verified'] == 0) {
		$url = "notverified.php";
		$redirect = "other";
		} 
	elseif ((int)$info['verified'] == 2){
		$url = "suspended.php";
		$redirect = "other";
		}
	elseif ($myusername == "10001" && !($redirect == "other"))
		{$url = "change.php";
		}
	elseif (!($myusername == "10001") && !($redirect == "other"))
		{$url = "my.php";
		}
	session_register("myusername");
	session_register("mypassword"); 
}else
	{$url = "login.php";}
echo("<script>
	<!--
	location.replace(\"".$url."\");
	-->
	</script>");

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

verbob 0 Junior Poster in Training · Answer 1 · 2007-12-23T01:31:42+00:00

I appreciate the input. Thanks.

Tried it and its a no-go though(it just redirects EVERY user back to the login screen).

In the original code, the records are being retrieved from the database properly as it redirects to the other 2 pages fine(registered user page and the admin page) meaning it validates the login successfuly.

I assume the glitch is somewhere in the "IF" statements...multiple If/Else's give me a headache LOL

verbob 0 Junior Poster in Training · Answer 2 · 2007-12-23T01:52:00+00:00

Hmmm...perhaps its easier to just put a small script at the beginning on the redirected page(s) to check the status of the verified field, then redirect from there...just wanted to avoid an extra call to the DB(and an extra redirect).

verbob 0 Junior Poster in Training · Answer 3 · 2007-12-23T02:05:14+00:00

AHA!

This worked though:

// username and password sent from signup form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

$sql="SELECT * FROM users WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
$redirect = "allowed";
$info = mysql_fetch_array($result, MYSQL_ASSOC);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
	switch ($info['verified']){
		case 0:
			$url = "notverified.php";
			$redirect = "not_allowed";
			break; 
		case 2:
			$url = "suspended.php";
			$redirect = "not_allowed";
			break;
		} 
	if ($redirect == "allowed"){
			switch ($myusername){
				case '10001':
					$url = "change.php";
					break; 
				default:
					$url = "my.php";
					break;
			}
		} 
	session_register("myusername");
	session_register("mypassword"); 
}
if (!($count==1)){
	$url = "login.php";}
echo("<script>
	<!--
	location.replace(\"".$url."\");
	-->
	</script>");

bill mac 0 Newbie Poster · Answer 4 · 2007-12-23T06:15:58+00:00

I realize this is marked as solved, but I'm guessing your problem with the original code comes from depending on values of undeclared variables.

(I.e., you need to define $redirect outside the scope of your IF statements. You seem to have accounted for this in your working code.)

verbob 0 Junior Poster in Training · Answer 5 · 2007-12-23T07:32:47+00:00

That is quite possible. Thanks for the input :)

Although I thought PHP(atleast in newer versions) allowed variables to be defined 'on-the-fly'. (as an example - $url variable is not previously defined)..or perhaps its just tempermental lol

bill mac 0 Newbie Poster · Answer 6 · 2007-12-23T07:56:44+00:00

Although I thought PHP(atleast in newer versions) allowed variables to be defined 'on-the-fly'. (as an example - $url variable is not previously defined)..or perhaps its just tempermental lol

Yes, this is the case.

However, you still need to be sure of a variable's scope. Since you are setting the value of $redirect inside an IF statement scope (i.e., between the curly braces {}), the third and fourth IF statement conditions will fail, as they are not in the same scope where $redirect is given a value.

If you define $redirect before the start of your group of IF statements, they will share the same scope, and your code will pass.

From orig. code:

if ($info['verified'] == 0) {
    $url = "notverified.php";
    $redirect = "other";
}
if ($info['verified'] == 2){
    $url = "suspended.php";
    $redirect = "other";
}
if ($myusername == "10001" && !($redirect == "other")){
    $url = "change.php"
}
if (!($myusername == "10001") && !($redirect == "other")){
    $url = "my.php";
}

Note: if ($myusername == "10001" && !($redirect == "other")) . Even though you are setting $redirect = "other" above, it is defined in a scope which is unaccessible at this point, and this line fails as a result. In other words, $redirect in this scope is undefined.

You can get PHP to tell you when you are using uninitialized variables.
http://ca3.php.net/error_reporting

Hope this clears it up.

dil2011 0 Newbie Poster · Answer 7 · 2007-12-27T00:16:36+00:00

hi dont really knw anything abt comps but if u could help me in simple words plz
i triend logging into punjabijanta and i got this

Notice: Undefined variable: sourcedir in /home/.tinkertoy/jatt4chat/punjabijanta.com/index.php on line 49

Warning: require_once(/QueryString.php) [function.require-once]: failed to open stream: No such file or directory in /home/.tinkertoy/jatt4chat/punjabijanta.com/index.php on line 49

Fatal error: require_once() [function.require]: Failed opening required '/QueryString.php' (include_path='.:/usr/local/php5/lib/php:/usr/local/lib/php') in /home/.tinkertoy/jatt4chat/punjabijanta.com/index.php on line 49

plz help

verbob 0 Junior Poster in Training · Answer 8 · 2007-12-27T06:30:07+00:00

Thanks Bill Mac. Actually, it does clear it up. :)