Small Problem regarding login script.

Hello all,

Just wondering if I could pick some brains, I'm currently learning PHP and have been messing around with a fun project, currently developing a simple login / register script.

The error that I keep getting is -

Parse error: syntax error, unexpected T_ELSE in /home/danhumph/public_html/smithy/login.php on line 27

Can't for the life of me work out what's missing in this code:

<?php 
//connect to db
$conn = mysql_connect("localhost", "blah", "blah") or die(mysql_error());
mysql_select_db("blah") or die(mysql_error());
 
//declares variable
$username=$_POST["username"]; 
$password = $_POST["password"];
 
$result = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '$isadmin'");
$isadmin = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '$isadmin'");
 
if (mysql_num_rows($result)==0) {
 
 
    echo "No matching rows from the database!"; }
 
 
while ($row = mysql_fetch_array($isadmin)){
 
if 
 
 ($row["isadmin"]==1);
    echo "You are logged in as administrator"  or die(mysql_error());
}
 
else 
 
    $_SESSION["gatekeeper"] = $username;
    header ("Location: index.php");
 
?>
 

Thanks in Advance,

Dan.

You have an "if" with no conditional statement and no opening curly brace. you also have no opening or closing curly braces for your else statement

That is unless "($row["isadmin"]==1);" is your if condition and if so you need to take out the semi colon after it. Judging by your code, I cannot decipher what you are trying to do starting from line 13. Can you please run through it and explain?

Well within my users database I've got 3 fields (username, password and isadmin)

Admin users are set to 1 and normal users are set to 0, I'm trying to figure out the best way for when an admin logs in has access to different hyperlinks to that of a normal user. The only way I could think of was using a while loop.

Added the braces and removed the ; and still get the same error

Parse error: syntax error, unexpected T_ELSE in /home/danhumph/public_html/smithy/login.php on line 30

<?php 
//connect to db
$conn = mysql_connect("localhost", "blah", "blah") or die(mysql_error());
mysql_select_db("blah") or die(mysql_error());

//declares variable
$username=$_POST["username"]; 
$password = $_POST["password"];

$result = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '$isadmin'");
$isadmin = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '$isadmin'");

{

if (mysql_num_rows($result)==0) 

 
	echo "No matching rows from the database!"; }


while ($row = mysql_fetch_array($isadmin)){

if 

 ($row["isadmin"]==1)
	echo "You are logged in as administrator"  or die(mysql_error());
}

{
else 

	$_SESSION["gatekeeper"] = $username;
	header ("Location: index.php");
}
?>

Well within my users database I've got 3 fields (username, password and isadmin)

Admin users are set to 1 and normal users are set to 0, I'm trying to figure out the best way for when an admin logs in has access to different hyperlinks to that of a normal user. The only way I could think of was using a while loop.

Added the braces and removed the ; and still get the same error

Parse error: syntax error, unexpected T_ELSE in /home/danhumph/public_html/smithy/login.php on line 30

<?php 
//connect to db
$conn = mysql_connect("localhost", "blah", "blah") or die(mysql_error());
mysql_select_db("blah") or die(mysql_error());

//declares variable
$username=$_POST["username"]; 
$password = $_POST["password"];

$result = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '$isadmin'");
$isadmin = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '$isadmin'");

{

if (mysql_num_rows($result)==0) 

 
	echo "No matching rows from the database!"; }


while ($row = mysql_fetch_array($isadmin)){

if 

 ($row["isadmin"]==1)
	echo "You are logged in as administrator"  or die(mysql_error());
}

{
else 

	$_SESSION["gatekeeper"] = $username;
	header ("Location: index.php");
}
?>

ok, try this and fill in the blanks:

<?php 
//connect to db
$conn = mysql_connect("localhost", "blah", "blah") or die(mysql_error());
mysql_select_db("blah") or die(mysql_error());

//declares variable
$username=$_POST["username"]; 
$password = $_POST["password"];

$result = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '$isadmin'");
$isadmin = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '$isadmin'");

if (mysql_num_rows($result)==0) 
{
	echo "No matching rows from the database!";
}
else
{
	while ($row = mysql_fetch_array($isadmin))
	{

		if ($row["isadmin"]==1)
		{ 
			echo "You are logged in as administrator";
		{
		else if($row["isadmin"]==0)
		{
			
		}

		$_SESSION["gatekeeper"] = $username;
		header ("Location: index.php");
	}
}
?>

Sorry I'm a massive newbie, think I need more coffee aswell just cant work this out...feel like im hitting a brick wall

<?php 
//connect to db
$conn = mysql_connect("localhost", "blahn", "blah") or die(mysql_error());
mysql_select_db("gdh") or die(mysql_error());

//declares variable
$username=$_POST["username"]; 
$password = $_POST["password"];

$result = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '$isadmin'");
$isadmin = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '$isadmin'");

if (mysql_num_rows($result)==0) 
{
	echo "No matching rows from the database!";
}
else
{
	while ($row = mysql_fetch_array($isadmin)) 
	{

		if ($row["isadmin"]==1) 
		{ 
			echo "You are logged in as administrator";
		{
		else if($row["isadmin"]==0) {
		}
			echo "You are logged in as '$username'";
		}
		else {
		$_SESSION["gatekeeper"] = $username;
		header ("Location: index.php");
		}
	}
}

?>

Sorry I'm a massive newbie, think I need more coffee aswell just cant work this out...feel like im hitting a brick wall

<?php 
//connect to db
$conn = mysql_connect("localhost", "blahn", "blah") or die(mysql_error());
mysql_select_db("gdh") or die(mysql_error());

//declares variable
$username=$_POST["username"]; 
$password = $_POST["password"];

$result = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '$isadmin'");
$isadmin = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '$isadmin'");

if (mysql_num_rows($result)==0) 
{
	echo "No matching rows from the database!";
}
else
{
	while ($row = mysql_fetch_array($isadmin)) 
	{

		if ($row["isadmin"]==1) 
		{ 
			echo "You are logged in as administrator";
		{
		else if($row["isadmin"]==0) {
		}
			echo "You are logged in as '$username'";
		}
		else {
		$_SESSION["gatekeeper"] = $username;
		header ("Location: index.php");
		}
	}
}

?>

get rid of the closing curly brace on line 27, otherwise it looks ok to me.

EDIT:
actually, what you are saying here is:
if is admin then echo "you are logged in as admin"
or else if is not admin then echo "you are logged in as [username]"
else assign username to session and redirect.

This means that if the user is an admin, he will be notified or if the user is a standard user, he will be notified. if none of the previous situations apply, then assign username to session and redirect, meaning that admins and regular users will not get a session or be redirected but instead the will just be notified. I don't know if that is what you are trying to do but that is what this is set up to do.

Ah right.

Well what would be the easiest way to allow an Admin to have say (Add Events, Delete Events, and Logout) and a normal user to just have (Book Events, Search and Logout.

I was thinking of redirecting the Admin to say index.php and redirecting the user to home.php....

otherwise I was thinking of hiding certain links so the user couldn't see however i have no idea how to do this.

Ah right.

Well what would be the easiest way to allow an Admin to have say (Add Events, Delete Events, and Logout) and a normal user to just have (Book Events, Search and Logout.

I was thinking of redirecting the Admin to say index.php and redirecting the user to home.php....

otherwise I was thinking of hiding certain links so the user couldn't see however i have no idea how to do this.

This is the way I would do it from this point on.

I would change my code a little bit like this:

<?php 
//connect to db
$conn = mysql_connect("localhost", "blahn", "blah") or die(mysql_error());
mysql_select_db("gdh") or die(mysql_error());

//declares variable
$username=$_POST["username"]; 
$password = $_POST["password"];

$result = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '$isadmin'");
$isadmin = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '$isadmin'");

if (mysql_num_rows($result)==0) 
{
	echo "No matching rows from the database!";
}
else
{
	$row = mysql_fetch_assoc($isadmin);
	if(is_numeric($row["isadmin"]))
	{
		$_SESSION["isadmin"] = $row["isadmin"];
		$_SESSION["gatekeeper"] = $username;
		header ("Location: index.php");
	}
}
?>

I would also stick my logic in deciding if the user is an admin in a function so that way if you ever have to change that logic, you only have to do it in one location:

//this goes in an external php file that you will include in top of all files like this include("functions.php")

function isAdmin()
{
	if(!isset($_SESSION["isadmin"]) || trim($_SESSION["isadmin"]) != "1") return false; //kills the function at the first return statement

	return true;
}

then on index.php and any other file that you want to access this function you do the following

session_start();
include_once("functions.php");

//the logic for admin is here
if(isAdmin())
{
	//do this stuff if the user is an admin
}
else
{
	//do this stuff for everyone else
}

Okay thanks for your help I'll begin editing the index.php (logic)

I'll keep you posted on my progress, thanks once again.

also i would suggest to use something like this:

<?php
//connect to db
$conn = mysql_connect("localhost", "blahn", "blah") or die(mysql_error());
mysql_select_db("gdh") or die(mysql_error());
       
//declares variable
$username=$_POST["username"];
$password = md5($_POST["password"]);
       
$result = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '$isadmin'");

$isadmin = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '$isadmin'");
       
if (mysql_num_rows($result)==0)
{
echo "No matching rows from the database!";
}
else
{
$row = mysql_fetch_assoc($isadmin);
   if(is_numeric($row["isadmin"]))
   {
      $_SESSION["isadmin"] = $row["isadmin"];
      $_SESSION["gatekeeper"] = $username;
      header ("Location: index.php");
   }
}
?>

Notice the md5($_POST) to add extra security to the script. And for this solution you would need to store your md5 password hash on your database.

I was going to try a bit of sha1 encoding.

But for the mean time I don't want to complicate things I just wanna get it to work :p

Hey, I'm not sure if I'm going forwards or backwards here but i've managed to get it so if you log in as an admin it takes you to a different page than if you log in as a user. However if you don't enter anything in the fields it still logs you in as a user.

Also the index.php which I am redirecting for the admin and the main.php which is for the user. I cant seem to get the page to pick up my style.css and doesn't display background, images or layout at all. Also when you click a link instead of going to another page it just does the following (main.php/aboutus.php) and that directory obviously doesn't exist!!! help me spent all night on this!!

<?php 
//connect to db
$conn = mysql_connect("localhost", "blah", "blah") or die(mysql_error());
mysql_select_db("blah") or die(mysql_error());

//declares variable
$username=$_POST["username"]; 
$password = $_POST["password"];
$isadmin = $_POST["isadmin"];

  $r = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '$isadmin'");
  $q = mysql_query ("SELECT * FROM users WHERE isadmin = '$isadmin'");
  
  if(mysql_num_rows($r)==1){ 
     echo ("Hello, you are an admin. Click<a href=\"index.php/\"> here </a>");
	 
  }
  
   elseif(mysql_num_rows($q)==1){  
     echo "Hello Normal user.Click<a href=\"main.php/\"> here </a>"; 
   
   
	else (mysql_num_rows($r)==0)
	   echo "Please enter your username and password"; 
}
?>

Thanks again

try this and let me know:

<?php 
//connect to db
$conn = mysql_connect("localhost", "blah", "blah") or die(mysql_error());
mysql_select_db("blah") or die(mysql_error());

//declares variable
$username=$_POST["username"]; 
$password = $_POST["password"];
$isadmin = isset($_POST["isadmin"]) ? true : false;

$q = false;
if($isadmin){
     $q = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '1'");

    if(mysql_num_rows($q) > 0){
         //admin
         $_SESSION['logged'] = true; // maybe something like 
         $_SESSION['admin'] = true; //  this to keep track of your user
         

         header("Location: admin.php"); // redirect to admin page
    }
}
else{
    $q = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '0'");

    if(mysql_num_rows($q) > 0){
         //admin
         $_SESSION['logged'] = true; // maybe something like 
         $_SESSION['admin'] = false; //  this to keep track of your user
         

         header("Location: user.php"); // redirect to user page
    }
}

// if user is not an admin || user
header ("Location: login.php?e=Error"); // error page && try again
}
?>

I get the following error:

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

try this and let me know:

<?php 
//connect to db
$conn = mysql_connect("localhost", "blah", "blah") or die(mysql_error());
mysql_select_db("blah") or die(mysql_error());

//declares variable
$username=$_POST["username"]; 
$password = $_POST["password"];
$isadmin = isset($_POST["isadmin"]) ? true : false;

$q = false;
if($isadmin){
     $q = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '1'");

    if(mysql_num_rows($q) > 0){
         //admin
         $_SESSION['logged'] = true; // maybe something like 
         $_SESSION['admin'] = true; //  this to keep track of your user
         

         header("Location: admin.php"); // redirect to admin page
    }
}
else{
    $q = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '0'");

    if(mysql_num_rows($q) > 0){
         //admin
         $_SESSION['logged'] = true; // maybe something like 
         $_SESSION['admin'] = false; //  this to keep track of your user
         

         header("Location: user.php"); // redirect to user page
    }
}

// if user is not an admin || user
header ("Location: login.php?e=Error"); // error page && try again
}
?>

There may be a couple of reasons why this is happening. First, the script will continue to run even if you send a header redirect to the browser so you should always put an exit(); right after every header redirect, that is unless you intend for the script to continue running. I don't think that is the reason though as much as the extra closing curly brace at the end of the script. It is quite possible that php is not parsing it correctly because of this and is sending some strange header redirect to he browser rather than what is intended. Try removing that last closing curly brace and test it again.

I'm sorry, i didn't tested the script i just wrote it for you online... but try what OS_dev posted... that should work.

I removed the curly brace and got the redirect error, if I add the curly brace then I get this error.

Parse error: syntax error, unexpected '}' in login.php on line 39

did you tried like this:

<?php
//connect to db
$conn = mysql_connect("localhost", "blah", "blah") or die(mysql_error());
mysql_select_db("blah") or die(mysql_error());

//declares variable
$username=$_POST["username"];
$password = $_POST["password"];
$isadmin = isset($_POST["isadmin"]) ? true : false;

$q = false;
if($isadmin){
     $q = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '1'");

    if(mysql_num_rows($q) > 0){
         //admin
         $_SESSION['logged'] = true; // maybe something like
         $_SESSION['admin'] = true; //  this to keep track of your user


         header("Location: admin.php"); // redirect to admin page
         exit();
    }
}
else{
    $q = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '0'");

    if(mysql_num_rows($q) > 0){
         //user
         $_SESSION['logged'] = true; // maybe something like
         $_SESSION['admin'] = false; //  this to keep track of your user


         header("Location: user.php"); // redirect to user page
         exit();
    }
}

// if user is not an admin || user
header ("Location: login.php?e=Error"); // error page && try again
exit();
?>

i just tested that code and works fine...

Just tried the code and It's doing something strange.

it allows me to log in as an admin however takes me to the main.php (which should be the user page)

Also if I leave the fields blank or enter a normal username and password it crashes and says the following error:

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

I'm guessing its just constantly reading the Else rather than the if statement?

Any ideas?

could you plz post your login.php, main.php, admin.php and form so that i can check them ??

Sure

login.php

<?php
//connect to db
$conn = mysql_connect("localhost", "", "") or die(mysql_error());
mysql_select_db("") or die(mysql_error());

//declares variable
$username=$_POST["username"];
$password = $_POST["password"];
$isadmin = isset($_POST["isadmin"]) ? true : false;

$q = false;
if($isadmin){
     $q = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '1'");

    if(mysql_num_rows($q) > 0){
         //user
         $_SESSION['logged'] = true; // maybe something like
         $_SESSION['admin'] = true; //  this to keep track of your user


         header("Location: main.php"); // redirect to admin page
         exit();
    }
}
else{
    $q = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '0'");

    if(mysql_num_rows($q) > 0){
         //admin
         $_SESSION['logged'] = true; // maybe something like
         $_SESSION['admin'] = false; //  this to keep track of your user


         header("Location: index.php"); // redirect to user page
         exit();
    }
}

// if user is not an admin || user
header ("Location: login.php?e=Error"); // error page && try again
exit();
?>

main.php

<?php

session_start();

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"   
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">  
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">  
<head>  
    <title>The Smithy</title>  
    <link rel="stylesheet" href="style.css" type="text/css" media="screen" />  
</head>  
  
  
<body>  

<div id="outside_container"> 
    <div id="container">  
 <!-- start header -->
<div id="header">
	<div id="logo">
		<h1>the smithy</</a></h1>
		<p></p>
	</div>      
 <ul id="menu">  
            <li><a href="index.php">Home</a></li>  
            <li><a href="about.html">About</a></li>  
            <li><a href="comedy.html">Comedy </a></li>
			<li><a href="music.html">Music </a></li>
            <li><a href="club.html">Club Events </a></li>  
           
        </ul> 
                 <ul id="submenu">  
            <li><a href="bookings.html">My Bookings</a></li> 
			<li><a href=".html">Link</a></li>
            <li><a href="logout.php">Logout</a></li>  
           
        </ul> 
                 </ul>  
                
             </div>  
              <form id="searchform" method="get" action="searchresults.php">
						<div>
							
							<input type="text" name="name" id="s" size="15" value="" />
							<input type="submit" value="Search!" />
						</div>
					</form>
					
					<div class="column1">   
                 <h2>Welcome to the Smithy!</h2>
                <p>The Smithy is a Local venue which provides the community with some of the greatest events from Music to Comedy we have it all! So come on down!.		   </p>
			
			</div> 
					
             <div style="clear:both"></div>  
               
         </div>  
            
          
             
    </div>  
</div>  
</body>
</html>

index.php

<?php

session_start();

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"   
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">  
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">  
<head>  
    <title>The Smithy</title>  
    <link rel="stylesheet" href="style.css" type="text/css" media="screen" />  
</head>  
  
<body>  
<div id="outside_container"> 
    <div id="container">  
 <!-- start header -->
<div id="header">
	<div id="logo">
		<h1>the smithy</</a></h1>
		<p></p>
	</div>      
 <ul id="menu">  
            <li><a href="index.php">Home</a></li>  
            <li><a href="about.html">About</a></li>  
            <li><a href="comedy.html">Comedy </a></li>
			<li><a href="music.html">Music </a></li>
            <li><a href="club.html">Club Events </a></li>  
           
        </ul> 
                 <ul id="submenu">  
            <li><a href="event.html">Add Event</a></li> 
            <li><a href="logout.php">Logout</a></li>  
           
        </ul> 
                 </ul>  
                
             </div>  
              <form id="searchform" method="get" action="searchresults.php">
						<div>
							
							<input type="text" name="name" id="s" size="15" value="" />
							<input type="submit" value="Search!" />
						</div>
					</form>
					
					<div class="column1">   
                 <h2>Welcome to the Smithy!</h2>
                <p>The Smithy is a Local venue which provides the community with some of the greatest events from Music to Comedy we have it all! So come on down!.		   </p>
			
			</div> 
					
             <div style="clear:both"></div>  
               
         </div>  
            
          
             
    </div>  
</div>  
</body>
</html>

Sure

login.php

<?php
//connect to db
$conn = mysql_connect("localhost", "", "") or die(mysql_error());
mysql_select_db("") or die(mysql_error());

//declares variable
$username=$_POST["username"];
$password = $_POST["password"];
$isadmin = isset($_POST["isadmin"]) ? true : false;

$q = false;
if($isadmin){
     $q = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '1'");

    if(mysql_num_rows($q) > 0){
         //user
         $_SESSION['logged'] = true; // maybe something like
         $_SESSION['admin'] = true; //  this to keep track of your user


         header("Location: main.php"); // redirect to admin page
         exit();
    }
}
else{
    $q = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '0'");

    if(mysql_num_rows($q) > 0){
         //admin
         $_SESSION['logged'] = true; // maybe something like
         $_SESSION['admin'] = false; //  this to keep track of your user


         header("Location: index.php"); // redirect to user page
         exit();
    }
}

// if user is not an admin || user
header ("Location: login.php?e=Error"); // error page && try again
exit();
?>

main.php

<?php

session_start();

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"   
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">  
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">  
<head>  
    <title>The Smithy</title>  
    <link rel="stylesheet" href="style.css" type="text/css" media="screen" />  
</head>  
  
  
<body>  

<div id="outside_container"> 
    <div id="container">  
 <!-- start header -->
<div id="header">
	<div id="logo">
		<h1>the smithy</</a></h1>
		<p></p>
	</div>      
 <ul id="menu">  
            <li><a href="index.php">Home</a></li>  
            <li><a href="about.html">About</a></li>  
            <li><a href="comedy.html">Comedy </a></li>
			<li><a href="music.html">Music </a></li>
            <li><a href="club.html">Club Events </a></li>  
           
        </ul> 
                 <ul id="submenu">  
            <li><a href="bookings.html">My Bookings</a></li> 
			<li><a href=".html">Link</a></li>
            <li><a href="logout.php">Logout</a></li>  
           
        </ul> 
                 </ul>  
                
             </div>  
              <form id="searchform" method="get" action="searchresults.php">
						<div>
							
							<input type="text" name="name" id="s" size="15" value="" />
							<input type="submit" value="Search!" />
						</div>
					</form>
					
					<div class="column1">   
                 <h2>Welcome to the Smithy!</h2>
                <p>The Smithy is a Local venue which provides the community with some of the greatest events from Music to Comedy we have it all! So come on down!.		   </p>
			
			</div> 
					
             <div style="clear:both"></div>  
               
         </div>  
            
          
             
    </div>  
</div>  
</body>
</html>

index.php

<?php

session_start();

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"   
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">  
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">  
<head>  
    <title>The Smithy</title>  
    <link rel="stylesheet" href="style.css" type="text/css" media="screen" />  
</head>  
  
<body>  
<div id="outside_container"> 
    <div id="container">  
 <!-- start header -->
<div id="header">
	<div id="logo">
		<h1>the smithy</</a></h1>
		<p></p>
	</div>      
 <ul id="menu">  
            <li><a href="index.php">Home</a></li>  
            <li><a href="about.html">About</a></li>  
            <li><a href="comedy.html">Comedy </a></li>
			<li><a href="music.html">Music </a></li>
            <li><a href="club.html">Club Events </a></li>  
           
        </ul> 
                 <ul id="submenu">  
            <li><a href="event.html">Add Event</a></li> 
            <li><a href="logout.php">Logout</a></li>  
           
        </ul> 
                 </ul>  
                
             </div>  
              <form id="searchform" method="get" action="searchresults.php">
						<div>
							
							<input type="text" name="name" id="s" size="15" value="" />
							<input type="submit" value="Search!" />
						</div>
					</form>
					
					<div class="column1">   
                 <h2>Welcome to the Smithy!</h2>
                <p>The Smithy is a Local venue which provides the community with some of the greatest events from Music to Comedy we have it all! So come on down!.		   </p>
			
			</div> 
					
             <div style="clear:both"></div>  
               
         </div>  
            
          
             
    </div>  
</div>  
</body>
</html>

I would imagine that login.php is designed for a form that would look something like this:

<form action="login.php" method="post">
Username: <input type="text" name="username" /><br />
Password: <input type="password" name="password" /><br />
Log in as Admin: <input type="checkbox" name="isadmin" value="true" /><br />
<input type="submit" name="btnSubmit" value="Log In" />
</form>

I am just not seeing it. I see a search form submit on both main.php and index.php but I am not seeing a login form. Can you post that?

ok sure

account.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"   
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">  
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">  
<head>  
    <title>The Smithy</title>  
    <link rel="stylesheet" href="style.css" type="text/css" media="screen" />  
</head>  
  
<body>  
<div id="outside_container"> 
    <div id="container">  
 <!-- start header -->
<div id="header">
	<div id="logo">
		<h1>the smithy</</a></h1>
		<p></p>
	</div>      
 <ul id="menu">  
            <li><a href="index.html">Home</a></li>  
                       
        </ul> 

<html>
<head>
<title>Login</title>
</head>
<body>

<form id="account" method="post" action="login.php">
<h1>Log in....</h1>
<label for="username">Username:</label>
<input name="username" id="username"/>
<br/>

<label for="password">Password:</label>
<input name="password" id="password" type="password"/>
<br/>
<input type="reset"  value="Clear">
<input type="submit" value="Login" />


<h2>New Customers</h2>

<h3><a href="reg.php">Sign up here!</a> </h3>
</form>
              
    </div>  
</div>  
</body>
</html>

ok sure

account.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"   
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">  
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">  
<head>  
    <title>The Smithy</title>  
    <link rel="stylesheet" href="style.css" type="text/css" media="screen" />  
</head>  
  
<body>  
<div id="outside_container"> 
    <div id="container">  
 <!-- start header -->
<div id="header">
	<div id="logo">
		<h1>the smithy</</a></h1>
		<p></p>
	</div>      
 <ul id="menu">  
            <li><a href="index.html">Home</a></li>  
                       
        </ul> 

<html>
<head>
<title>Login</title>
</head>
<body>

<form id="account" method="post" action="login.php">
<h1>Log in....</h1>
<label for="username">Username:</label>
<input name="username" id="username"/>
<br/>

<label for="password">Password:</label>
<input name="password" id="password" type="password"/>
<br/>
<input type="reset"  value="Clear">
<input type="submit" value="Login" />


<h2>New Customers</h2>

<h3><a href="reg.php">Sign up here!</a> </h3>
</form>
              
    </div>  
</div>  
</body>
</html>

Now lets do some debugging. Replace your login.php script with the following and then post your output. I have added an array that gets data assigned to it at every stage of your script from simple flag points to collecting your sql queries. The first thing that you want to do is look at those queries. Are they what you expected them to look like? Are your queries returning the correct number of rows? Is the script taking the flow that you want it to take? What about your post data, is all the post data there that you think should be there. Is anything being posted over funny? Are your sessions being assigned correctly? Are they all there? These are some of the answers you need so run this login.php script and post your results so that we can also analyze them as well.

<?php
$scriptStatus = array(); //this is where we are going to collect flagpoints

//connect to db
$conn = mysql_connect("localhost", "", "") or die(mysql_error());
mysql_select_db("") or die(mysql_error());

if($conn) $scriptStatus[] = "db connection fine";

//declares variable
$username=$_POST["username"];
$password = $_POST["password"];
$isadmin = isset($_POST["isadmin"]) ? true : false;



$q = false;
if($isadmin){
	$scriptStatus[] = "is admin start";
     $q = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '1'");
	$scriptStatus[] = "SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '1'";
    if(mysql_num_rows($q) > 0){
		$scriptStatus[] = "query returned " . mysql_num_rows($q) . " rows";
         //user
         $_SESSION['logged'] = true; // maybe something like
         $_SESSION['admin'] = true; //  this to keep track of your user


         //header("Location: main.php"); // redirect to admin page
         //exit();
    }
}
else{
	$scriptStatus[] = "is not admin start";
    $q = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '0'");
	$scriptStatus[] = "SELECT * FROM users WHERE username = '$username' AND password = '$password' AND isadmin = '0'";
	
    if(mysql_num_rows($q) > 0){
		$scriptStatus[] = "query returned " . mysql_num_rows($q) . " rows";
         //admin
         $_SESSION['logged'] = true; // maybe something like
         $_SESSION['admin'] = false; //  this to keep track of your user


         //header("Location: index.php"); // redirect to user page
         //exit();
    }
}

// if user is not an admin || user
//header ("Location: login.php?e=Error"); // error page && try again
//exit();

echo "script status array<br />";
echo "<pre>";
print_r($scriptStatus);
echo "<pre>";
echo "session data<br />";
echo "<pre>";
print_r($_SESSION);
echo "<pre>";
echo "post data<br />";
echo "<pre>";
print_r($_POST);
echo "<pre>";
?>

Might be overly complex os_dev. I've got some easy login script. uses includes -etc..
less variables. Session should always be at the top - no whitespace.
thought some 'if isset and so on could smooth things up'
Nice work though. I'll be coming back to this one :^)

Might be overly complex os_dev. I've got some easy login script. uses includes -etc..
less variables. Session should always be at the top - no whitespace.
Nice work. :^)

Hey, its not my script. I gave him my suggestion a while back but dan4domination's trying it his own way. I am just working with what is being posted. I don't know if dan4domination will want a pre-written solution or if the whole point of the exercise is to just learn how it works but certainly, post what you got.

here it is

script status array

Array
(
    [0] => db connection fine
    [1] => is not admin start
    [2] => SELECT * FROM users WHERE username = 'admin' AND password = 'admin' AND isadmin = '0'
    [3] => query returned 1 rows
)

session data

Array
(
    [logged] => 1
    [admin] => 
)

post data

Array
(
    [username] => admin
    [password] => admin
)

and for a normal user

script status array

Array
(
    [0] => db connection fine
    [1] => is not admin start
    [2] => SELECT * FROM users WHERE username = 'Dan' AND password = 'Dan' AND isadmin = '0'
)

session data

post data

Array
(
    [username] => Dan
    [password] => Dan
)

I appreciate all your help by the way, I'm just trying to keep it as simple as possible :)

thank you!

Hmm o good if your interested?