ok i had some problems before with imaging, but that is all solved. but now i need help with some user authentication. basically, when you add a user to my database, "busted" under table "user_info" , the following info is stored (and works, i checked)
user_realname
username
password
bus_number //the bus number each account is associated with
acct_type // can be driver, admin, or parent.
and what i'm trying to do is have the script check the username and password, which it does, and if they are wrong or not entered go back to the login screen, which it also does. but what i want to happen next is that if the account type is admin, it would redirect to /admin/adminhome.html, and the same goes for driver and parent, respectively. but using this code, if the username and password do match, it always redirects to admin/adminhome. so what am i doing wrong?
[php]
<?
//check if username and password were even entered
if ((!$_POST[username]) || (!$_POST[password])) {
header("Locatio n: show_login.html ");
exit;
}
$db_name = "busted";
$table_name = "user_info" ;
$con = @mysql_connect( "localhost" , "nathan", "*******")
or die(mysql_error ());
$db = @mysql_select_d b($db_name, $con) or die(mysql_error ());
$sql = "SELECT * FROM $table_name WHERE username = '$_POST[username]' AND password = '$_POST[password]'";
$result = @mysql_query($s ql, $con) or die(mysql_error ());
$num = mysql_num_rows( $result);
if ($num !=0) {
session_start() ;
WHILE($row = mysql_fetch_arr ay($result))
{
$_SESSION['username'] = $row[username];
$_SESSION['password'] = $row[password];
$_SESSION['user_realname'] = $row[user_realname];
$_SESSION['bus_number'] = $row[bus_number];
$_SESSION['acct_type'] = $row[acct_type];
}
//use statements below to test session vars.
//echo "hello, $_SESSION['username']! you entered $_SESSION['password'] as your password. Your real name is $_SESSION['user_realname'], and you are associated with bus number $_SESSION['bus_number'] with $_SESSION['acct_type'] as your account type.";
{
if ($_SESSION['acct_type'] = admin) {
header("locatio n: /admin/adminhome.html" );
exit;
}
elseif ($_SESSION['acct_type'] = parent) {
header("locatio n: /parent/parenthome.html ");
exit;
}
elseif ($_SESSION['acct_type'] = driver) {
header("locatio n: /driver/driverhome.html ");
exit;
}
else {
echo "Sorry, but it looks like you either didn't have your account created correctly, or some other techical difficulty is blocking your entrance to the system. Check with your administrator for assistance."; //note: admin email address as link?
}
}else {
header("locatio n: show_login.html ");
exit;
}
?>[/php]
user_realname
username
password
bus_number //the bus number each account is associated with
acct_type // can be driver, admin, or parent.
and what i'm trying to do is have the script check the username and password, which it does, and if they are wrong or not entered go back to the login screen, which it also does. but what i want to happen next is that if the account type is admin, it would redirect to /admin/adminhome.html, and the same goes for driver and parent, respectively. but using this code, if the username and password do match, it always redirects to admin/adminhome. so what am i doing wrong?
[php]
<?
//check if username and password were even entered
if ((!$_POST[username]) || (!$_POST[password])) {
header("Locatio n: show_login.html ");
exit;
}
$db_name = "busted";
$table_name = "user_info" ;
$con = @mysql_connect( "localhost" , "nathan", "*******")
or die(mysql_error ());
$db = @mysql_select_d b($db_name, $con) or die(mysql_error ());
$sql = "SELECT * FROM $table_name WHERE username = '$_POST[username]' AND password = '$_POST[password]'";
$result = @mysql_query($s ql, $con) or die(mysql_error ());
$num = mysql_num_rows( $result);
if ($num !=0) {
session_start() ;
WHILE($row = mysql_fetch_arr ay($result))
{
$_SESSION['username'] = $row[username];
$_SESSION['password'] = $row[password];
$_SESSION['user_realname'] = $row[user_realname];
$_SESSION['bus_number'] = $row[bus_number];
$_SESSION['acct_type'] = $row[acct_type];
}
//use statements below to test session vars.
//echo "hello, $_SESSION['username']! you entered $_SESSION['password'] as your password. Your real name is $_SESSION['user_realname'], and you are associated with bus number $_SESSION['bus_number'] with $_SESSION['acct_type'] as your account type.";
{
if ($_SESSION['acct_type'] = admin) {
header("locatio n: /admin/adminhome.html" );
exit;
}
elseif ($_SESSION['acct_type'] = parent) {
header("locatio n: /parent/parenthome.html ");
exit;
}
elseif ($_SESSION['acct_type'] = driver) {
header("locatio n: /driver/driverhome.html ");
exit;
}
else {
echo "Sorry, but it looks like you either didn't have your account created correctly, or some other techical difficulty is blocking your entrance to the system. Check with your administrator for assistance."; //note: admin email address as link?
}
}else {
header("locatio n: show_login.html ");
exit;
}
?>[/php]
Comment