2 Replies - 14672 Views - Last Post: 21 May 2012 - 08:57 AM Rate Topic: -----

#1 nozon  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 3
  • Joined: 25-December 11

Admin and User Login

Posted 21 May 2012 - 08:13 AM

Good evening,

I am new in using Php code, and I have project for my college. My project is to design an e-commerce website, which is required from customers and admin to login to the website. There is only one login form that should be able customer and admin login from, I try too much to solve this problem, but all my solution does not work.
Could anyone guide me to find solution for this problem, In MySQL database I have two table, one for customer and one for Admin.
The code below describes the form:

<form action="Login.php" method="post">
<fieldset>
<p>&nbsp;</p>
<p>Username:
  <input type="text" name="username">
</p>
<p>&nbsp;</p>
<p><br>
  Password: <input type="password" name="password">
</p>
<p><br>
  <input type="submit" value="Login" />
</p>

<p><a href="Register.php">Register</a></p>

</legend>
</fieldset>
</form>


And this the code for the Login:

<?php 
session_start();
error_reporting(0);
$username = $_POST['username'];
$password = $_POST['password'];
//connect to the database 
	$connect = mysql_connect("localhost", "root","") or die("Cannot connect");
     mysql_select_db("poly_database") or die ("Could not find database"); 
	 //check to see if they match!



function clean($value) {

    if(get_magic_quotes_gpc()) $value = stripslashes($value);
    return trim(mysql_real_escape_string($value));
}

if($_POST['Login'] && $_POST['username'] && $_POST['password']) {

	 
	 if("$username = Admin_Name"){
	 $isadmin = mysql_query("SELECT Admin_Name FROM Admin WHERE Admin_Name = 'username'");
		 while ($row = mysql_fetch_assoc($isadmin)){
	
	      $dbusername = $row['Admin_Name'];
	      $dbpassword = $row ['Admin_Password'];
} 
         if ($username == $dbusername && md5($password) == $dbpassword){
		 
		echo "You are in,<a href='Admin.php'>Member Page</a>";
		 
	 } 
	 }
	 
	 else if ("$username = Customer_Name"){
	 $iscustomer = mysql_query("SELECT Customer_Name FROM Customer WHERE Customer_Name = 'username'");
		 while ($row = mysql_fetch_assoc($isadmin)){
	
	      $dbusername = $row['Customer_Name'];
	      $dbpassword = $row ['Customer_Password'];
 }
		if ($username == $dbusername && md5($password) == $dbpassword){		 
		 echo "You are in,<a href='member.php'>Member Page</a>";
		 
		}
	 
	 }

	 else 

echo"Incorrect password";
}
else
die ("The user does not exist");
	


?>


I looking forward for any help and Thank you in advance.

My regards

Is This A Good Question/Topic? 0
  • +

Replies To: Admin and User Login

#2 CTphpnwb  Icon User is online

  • D.I.C Lover
  • member icon

Reputation: 2927
  • View blog
  • Posts: 10,116
  • Joined: 08-August 08

Re: Admin and User Login

Posted 21 May 2012 - 08:27 AM

  • You should not copy from one variable to another (ie: $x = $_POST['x']). It's a waste of cycles and your grade should suffer from it.
  • You should not be using insecure mysql_* functions. Use prepared statements. This too should affect your grade.
  • Use proper indenting. Again, this should affect your grade.

Think of the user as an object. Objects have attributes, in this case the attribute you're interested in is the type of user they are. You might say:
if $user->type is admin then let them see/use the admin capabilities, otherwise if they're standard users then they should see fewer capabilities.
Was This Post Helpful? 0
  • +
  • -

#3 Atli  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3717
  • View blog
  • Posts: 5,979
  • Joined: 08-June 10

Re: Admin and User Login

Posted 21 May 2012 - 08:57 AM

View Postnozon, on 21 May 2012 - 03:13 PM, said:

In MySQL database I have two table, one for customer and one for Admin.

This is a rather flawed design. There really shouldn't be two tables. Just because your Users can be either Admins or Customers doesn't mean you should store them apart from each other. It simply means you need to include a field in a "User" table that defines which type of User the row is storing.

Doing it that way simplifies your login code. There would be no need to query two tables to see if the user exists in one of them, you'd just have to make one query.

Also, the md5() function is extremely outdated. The way you are using it (or rather, trying to use it), you may as well not bother. Instead, use the hash or hash_hmac functions with the SHA256 or SHA512 algorithms. (You'll have to increase the storage capacity of your password fields though.)


If you want to learn how to build a login system like that, I suggest you read this tutorial. It shows how to do exactly what you are trying to do (and more).
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1