Wrox Programmer Forums
Go Back   Wrox Programmer Forums > PHP/MySQL > Beginning PHP
|
Beginning PHP Beginning-level PHP discussions. More advanced coders should post to the Pro PHP forum.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Beginning PHP section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old July 2nd, 2015, 04:25 PM
Registered User
 
Join Date: Oct 2014
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default Conditional Statement Problem

All:

My conditional statement isn't working properly and I could really use a second set of eyes on this. Basically I have a log in

page. When people log in their user name and password is compared to a db table. Both are verified by a row count, if there's 0

rows produced by the query they are redirected to log in page with an error message. If the count is >= 1 then the script is

supposed to get their role from the same table containing user name and password. Then there are a series of conditional statements

such that if their role is just "user" they are directed to a page for just a user. If their role is not "user" (i.e. Approver or

Administrator), they are redirected to a different page with more functionality. However, my conditional statement is evaluating

every log in as "not a user" so that users are being directed to the page with more functionality that I don't want them to be able

to access.

I'm not quite a beginner anymore but not quite a intermediate either. Also, my organization uses an older version of php so I still

have to use mysql_query versus mysqli_query. I've tried using mysqli and I get an undefined function error. Additionally, this

little app I'm building is on a closed network and will only be used by a very, very small number of people who haven't the slightest

clue how to hack a site so I'm more focused on getting the functionality I need versus guarding against cyber attack.

If you can help and live in the northern virginia area I'll buy you a banana split if you can help me figure this out.

Thanks!


Here is my code.



Code:
<?php
session_start();
ob_start();

/*Receives user input username and password from log-in script and assigns to variables*/
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

/*SQL injection countermeasures*/
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);


$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql = "SELECT * FROM members WHERE username='$myusername' AND password='$mypassword'";
$result = mysql_query($sql);

/*Next, count the number of rows generated by the query.  If 1 or more, then username and password are confirmed.  If 0, then the 

user entered an invalid username/password combination and is redirected to a error message log-in page.*/

$count=mysql_num_rows($result);

/*If result matched $username and $mypassword, table row must be 1 or more rows.  Then getting the user role from the query, cycle 

through the conditional statements in order to direct the user to the proper page and register the user name as a session variable.  

This is where the conditional statement is evaluating everyone as "not a user" and sending them to the page with the higher 

functionality that I don't want them to see*/

if ($count>=1 && $result['role'] == 'User')

    {
      $_SESSION['myusername']=$myusername;
      header("location:NonApproverPlanSelect.php");
    }

elseif ($count>=1 && $result['role'] != 'User')

    {
      $_SESSION['myusername']=$myusername;
      header("location:ApproverPlanSelect.php");
    }

else

    {
      header("location:bad_login.php");  
    }  

ob_end_flush();

?>





Similar Threads
Thread Thread Starter Forum Replies Last Post
IF statement in conditional formatting rmccafferty Excel VBA 1 May 9th, 2011 11:10 PM
XPath multiple conditional statement geek.shrek XSLT 2 January 5th, 2010 07:53 PM
Need help with conditional sql statement MarkGT Classic ASP Basics 11 May 6th, 2008 08:41 PM
Conditional IF statement iloveoatmeal Classic ASP Basics 5 July 20th, 2005 08:33 PM
conditional statement based on attribute value dancbishop XSLT 2 November 7th, 2003 12:50 PM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.