Hello
Before I show you my code I would just like to put forward to whoever is willing to help me, and I have spent the last 2 days looking at hundreds of different login scripts and my head is hurting as the more I look at them the more I get confused.
I have a basic login script which checks the password against my database my database has a table called 'clergyid' and has the fields 'id' 'username' 'password' & 'userlevel'
What i am requesting help with is:
1) I need help encrypting the username and password, has anyone got any suggestings on the best way to do this?
2) I need two user levels 'admin' and 'normaluser' and I need them to be redirected to different pages on login depending on their user level.
Here is my code for Login.php:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Liberal Catholic Apostolic Church</title>
<LINK href="login.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="container">
<div id="header">
<table width="980px">
<tr>
<td align="left"><img src="images/logo.jpg" width="100px" height="100px"></td>
<td><h1>LCAC Web Portal</h1></td>
</tr>
</table>
</div>
<div id="content">
<center>
<img src="images/lcaclogo.gif" with="150px" height="150px">
<b><h2>Login</h2></p>
<form action="logincheck.php" method="get">
<label class="label" for="username">Username</label><br>
<input class="input" name="username" type="text"><br>
<label class="label" for="password">Password</label><br>
<input class="input" name="password" type="password"><br>
<input class="submit" name="submit" type="submit" value="LOGIN"><br>
</form>
</center>
</div>
<div id="footer">Copyright © LCAC, 2011</div>
</div>
</body>
</html>
Here is my logincheck.php:
<?php
session_start();
require "connect.php";
$username = $_GET['username'];
$password = $_GET['password'];
$query = "select * from clergyid where Username ='".$username."' and Password ='".$password."'";
$result = mysql_query($query, $connection)
or die ("Unable to perform query<br>$query");
$row = mysql_fetch_array($result);
if ($row != null) {
$_SESSION['username'] = $row['username'];
$_SESSION['password']= $row['password'];
header ("Location: index.php");
exit();
}
else{
$message = "Invalid username or password please try again!";
header ("Location: login.php? message=$message");
exit();
}
?>
Here is my connect.php:
<?php
$db_host = "";
$db_name = "";
$db_username = "";
$db_password = "";
$connection = mysql_connect ($db_host, $db_username, $db_password)
or die ("MySQL Error: ".mysql_error());
mysql_select_db($db_name, $connection)
or die ("MySQL Error: ".mysql_error());
?>
And Finally here is my first restricted page:
<?php
session_start();
if(isset($_SESSION['username']) == false){
header("Location: login.php");
exit();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Liberal Catholic Apostolic Church</title>
<LINK href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="container">
<div id="header">
<table width="980px">
<tr>
<td align="left"><img src="images/logo.gif" width="100px" height="100px"></td>
<td><h1>Liberal Catholic Apostolic Church</h1></td>
</tr>
</table>
</div>
<div id="navigation"><ul><li>Home</li></ul></div>
<div id="content-container">
<div id="section-navigation">
<ul>
<li><a href="index.html">LCAC Restricted Section - Login </a></li>
</ul>
</div>
<div id="content">
<h1>Clergy Only Restricted Access - Page 1</h1>
</div>
<div id="footer">Copyright © LCAC, 2011</div>
</div>
</body>
</html>
I really hope someone can help me as I am pulling my hair out!
Any questions then please reply to this thread
Thanks from a man in desperate need