Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > PHP/MySQL > Beginning PHP
Password Reminder
Register
Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
Beginning PHP Beginning-level PHP discussions. More advanced coders should post to the Pro PHP forum.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Beginning PHP section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developersí questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Display Modes
  #1 (permalink)  
Old July 2nd, 2015, 04:25 PM
Registered User
Points: 10, Level: 1
Points: 10, Level: 1 Points: 10, Level: 1 Points: 10, Level: 1
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Oct 2014
Location: Alexandria, VA
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default Conditional Statement Problem

All:

My conditional statement isn't working properly and I could really use a second set of eyes on this. Basically I have a log in

page. When people log in their user name and password is compared to a db table. Both are verified by a row count, if there's 0

rows produced by the query they are redirected to log in page with an error message. If the count is >= 1 then the script is

supposed to get their role from the same table containing user name and password. Then there are a series of conditional statements

such that if their role is just "user" they are directed to a page for just a user. If their role is not "user" (i.e. Approver or

Administrator), they are redirected to a different page with more functionality. However, my conditional statement is evaluating

every log in as "not a user" so that users are being directed to the page with more functionality that I don't want them to be able

to access.

I'm not quite a beginner anymore but not quite a intermediate either. Also, my organization uses an older version of php so I still

have to use mysql_query versus mysqli_query. I've tried using mysqli and I get an undefined function error. Additionally, this

little app I'm building is on a closed network and will only be used by a very, very small number of people who haven't the slightest

clue how to hack a site so I'm more focused on getting the functionality I need versus guarding against cyber attack.

If you can help and live in the northern virginia area I'll buy you a banana split if you can help me figure this out.

Thanks!


Here is my code.



Code:
<?php
session_start();
ob_start();

/*Receives user input username and password from log-in script and assigns to variables*/
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

/*SQL injection countermeasures*/
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);


$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql = "SELECT * FROM members WHERE username='$myusername' AND password='$mypassword'";
$result = mysql_query($sql);

/*Next, count the number of rows generated by the query.  If 1 or more, then username and password are confirmed.  If 0, then the 

user entered an invalid username/password combination and is redirected to a error message log-in page.*/

$count=mysql_num_rows($result);

/*If result matched $username and $mypassword, table row must be 1 or more rows.  Then getting the user role from the query, cycle 

through the conditional statements in order to direct the user to the proper page and register the user name as a session variable.  

This is where the conditional statement is evaluating everyone as "not a user" and sending them to the page with the higher 

functionality that I don't want them to see*/

if ($count>=1 && $result['role'] == 'User')

    {
      $_SESSION['myusername']=$myusername;
      header("location:NonApproverPlanSelect.php");
    }

elseif ($count>=1 && $result['role'] != 'User')

    {
      $_SESSION['myusername']=$myusername;
      header("location:ApproverPlanSelect.php");
    }

else

    {
      header("location:bad_login.php");  
    }  

ob_end_flush();

?>
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
IF statement in conditional formatting rmccafferty Excel VBA 1 May 9th, 2011 11:10 PM
XPath multiple conditional statement geek.shrek XSLT 2 January 5th, 2010 06:53 PM
Need help with conditional sql statement MarkGT Classic ASP Basics 11 May 6th, 2008 08:41 PM
Conditional IF statement iloveoatmeal Classic ASP Basics 5 July 20th, 2005 08:33 PM
conditional statement based on attribute value dancbishop XSLT 2 November 7th, 2003 11:50 AM



All times are GMT -4. The time now is 01:56 AM.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.