PHP login will not check level row

Question

tstory28 0 Light Poster

13 Years Ago

I am trying to figure out why the PHP will not check the database level and echo the proper message. Hopefully someone can help me figure this out.

<?php
  $connect = mysql_connect("localhost","goforgol_master","!rach22*") or die("Couldn't connect!");
  mysql_select_db("goforgol_phplogin") or die("Couldn't find database");

  session_start();

  $email = $_POST['email'];
  $password = $_POST['password'];
    
  if ($email&&$password)
    {
         
      $query = mysql_query("SELECT * FROM users WHERE email='$email'");
      $numrow = mysql_num_rows($query);
      
      if ($numrow!=0)
      {
        // code to login
        while ($row = mysql_fetch_assoc($query))
        {
        
          $dbemail = $row['email'];
          $dbpassword = $row['password'];
          $dbname = $row['name'];
          $dblevel = $row['level'];
        
        }
        if ($email==$dbemail&&md5($password)==$dbpassword)
        {
          if ($dblevel==0)
          {
          echo "You are logged in! <a href='http://www.wordpresswealth.com/index.php'>Click</a> here purchase a membership package";
          $_SESSION['email']=$email;
          session_destroy();
          }
          elseif ($dblevel==1)
          {
          echo "You are logged in! <a href='http://www.wordpresswealth.com/Member_Library_Trial.php'>Click</a> here to enter Member's Library";
          $_SESSION['email']=$email;
          }
          elseif ($dblevel==2)
          {
          echo "You are logged in! <a href='Member_Library.php'>Click</a> here to enter members page.";
          $_SESSION['email']=$email;
		  }
		  elseif ($dblevel==3)
		  {
		  echo "You are logged in! <a href='Member_Library_Gold.php'>Click</a> here to enter members page.";
          $_SESSION['email']=$email;
          }
        }
        else
          echo "Username or Password is incorrect";
      }
      else
        die('Username or Password is incorrect');
    }
  else
    die("Please enter a username and a password");

?>

Thanks in advance for any help.

php

4 Contributors
6 Replies
247 Views
8 Months Discussion Span
Latest Post 12 Years Ago Latest Post by joydeepd

Graphix 68 ---

13 Years Ago

Hi tstory28,

After a quick look through your code, I would like to suggest a few things:

- Put a new if statement around line 6 to 61, in which you check whether the email and password form variable are set (if (isset($_POST['email) && .....) and delete the if statement in line 10

- Line 7, 8 - Clean the form value first: $variable = htmlentities(addslashes($_POST['form_variable'])); - Line 26 - Add an echo in which you show all the variables from the database:

echo "dbemail=".$dbemail.", dbpassword=".$dbpassword.", dbname=".$dbname.", dblevel=".$dblevel;

If you did all those steps (especially the last one), you will find out why your code is not working (probably because dblevel is empty, but you'll see)

~G

Edited 13 Years Ago by Graphix because: n/a

tstory28 commented: This helped me find my issue. +1

Graphix 68 ---

13 Years Ago

Umm, try this checklist:

A. Is "users" the correct table?
B. Is the name of the column that holds the level really "level", as you described on line 25?
C. You should have fixed it by now, if not, post a reply :)

~G

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

karthik_ppts 81 Posting Pro · Answer 1 · 2011-07-12T10:18:46+00:00

karthik_ppts 81 Posting Pro

13 Years Ago

Now what is your output?

tstory28 0 Light Poster · Answer 2 · 2011-07-13T19:11:42+00:00

Alright. I just tested it. I got dblevel=nothing. When I look in the database, there are values in the level row. How would I fix that issue?

tstory28 0 Light Poster · Answer 3 · 2011-07-14T01:20:09+00:00

I did not realize that I named that row "Level" instead of "level". Once I changed that, it actually worked right.

joydeepd 0 Newbie Poster · Answer 4 · 2012-03-18T23:36:34+00:00

Here is a script to log into MySQL database (screenshot attached) using email ID and password. Am using main_login.php to call the checklogin3.php. Cannot seem to make the checklogin3 code work:

<?php
ob_start();
$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password="March2010"; // Mysql password 
$db_name="login11"; // Database name 
$tbl_name="members"; // Table name

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword 
if(isset($_POST['email'])){

$email=$_POST['email']; 
$mypassword=$_POST['mypassword'];

}  

// To protect MySQL injection (more detail about MySQL injection)
$email = stripslashes($email);
$mypassword = stripslashes($mypassword);
$email = mysql_real_escape_string($email);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE email='$email' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $email and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}

ob_end_flush();
?>

I am a beginner in php. This is a sample code file. I know line in 36, I must use $_Session instead of $session_register, but I cannot seem to make that work either.