[msvp4u]

i have a table named loginuser
its field names are
1.usrid
2.fname
3.lname
4.usrname
5.pass
6.conf pass


My main_login .php code is as follows

<html>
<body>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="check_login.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Login Name</td>
<td width="6">:</td>
<td width="294"><input name="loginname" type="text" id="loginname"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="password" type="password" id="password"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
</body>
</html>

my check_login.php looks like this

<?php
$host="localhost"; // Host name
$username=""; // Mysql username
$userpassword=""; // Mysql password
$db_name="test"; // Database name
$tbl_name="loginuser"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$userpassword")or die("Cannot connect to the Data Base");
mysql_select_db("$db_name")or die("Cannot select DB");

// username and password sent from form
$loginname=$_POST['loginname'];
$password=$_POST['password'];
$enpassword=md5($password);

// To protect MySQL injection
$loginname = stripslashes($loginname);
$password = stripslashes($password);
$loginname = mysql_real_escape_string($loginname);
$password = mysql_real_escape_string($password);
//echo "$loginname";
//echo "$password";
//$sql="SELECT * FROM $tbl_name WHERE usrname ='$username' and pass='$pass'";
//$result=mysql_query($sql)or die(mysql_error());

$sql="SELECT usrid FROM loginuser WHERE usrname = '$username' AND pass ='$enpassword';";
$result=mysql_query($sql)or die(mysql_error());


// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

//while ($row = mysql_fetch_array($result)) {
//$count=mysql_num_rows($result);
// $username = $row["username"];
//echo "$username";
//}
//echo "$count";
// If result matched $loginname and $password, table row must be 1 row

if($count==1){

// Register $loginname, $password and redirect to file "login_success.php"
session_register("txtLoginName");
session_register("txtPassWord");
header("location:./menu.php");
}
else {
echo "Wrong Username or Password";
}
?>

in the menu.php i have to display different screens to admin and users how could i do it??

[MitkOK]

Hi, pal.

I see that you you're usign very weird logic or may be I just don't get it.

You have form with fields for username and password, when they're entered in check_login.php you select usrid for this username and password. Why is that ?

I want to ask you if usrid is unique ?

And how exactly do you make the difference between admin and user ?

[msvp4u]

[quote]

my table description is as follows

CREATE TABLE loginuser(
usrid MEDIUMINT(10) NOT NULL AUTO_INCREMENT,
fname CHAR(50) NOT NULL,
lname CHAR(50) NOT NULL,
usrname VARCHAR(20) NOT NULL,
pass VARCHAR(32) BINARY NOT NULL,
confpass VARCHAR(32) BINARY NOT NULL,
PRIMARY KEY(usrid)
);


i want to use sessions and by using it i should be able to login as admin and user

let me know if i should change my table, if so detail me of how it should be changed

this is where i m erring. help me out to solve this

[MitkOK]

If I understand you right, you could add filed 'admin' for example and whene registering user/admin this field should be 1 or 0 for example.
Then when you/somene else login yiu'll check if 'admin' field is 1 or 0 and decide what file to redirect.

[msvp4u]

Quote

[msvp4u]

should i insert a column in my table named <i>admin mediumint(1) not null,</i>

[MitkOK]

Dude, I strongly recommend you once again to read some tutorials or books and then ask questions.

I 'm repeating myself

1. You add 'admin' field to your database table

2. Registration: Add chebox f.e "Admin", if this box is checked -> you write 1 into field for this user

3. Authentication : When you/someone login check if admin field is 1.

This post has been edited by MitkOK: 24 July 2008 - 04:05 PM

[msvp4u]

thanks dude i dont mind in you asking me to read tutorials i am still a learner. I will do the necessary changes and keep you posted