help completing this code
this is my checkuser.php page! I have a login.php page which has a textbox with username and password fields on it. Is this correct?
PHP Code:
<?PHP
mysql_connect (localhost, username, password);
mysql_select_db (Table);
$result = mysql_query ("select username, password, access_level from Members where username = $username");
if(($username==$mysql_username) && $password ==$mysql_password) {
setcookie("access_level",$mysql_access_level,time() + 3600);
header("Location: page.php"); }
else { header("Location: login.php"); }
let me know if it has any problems
Re: help completing this code
Quote:
Originally posted by kiwis
this is my checkuser.php page! I have a login.php page which has a textbox with username and password fields on it. Is this correct?
PHP Code:
<?PHP
mysql_connect (localhost, username, password);
mysql_select_db (Table);
$result = mysql_query ("select username, password, access_level from Members where username = $username");
if(($username==$mysql_username) && $password ==$mysql_password) {
setcookie("access_level",$mysql_access_level,time() + 3600);
header("Location: page.php"); }
else { header("Location: login.php"); }
let me know if it has any problems
Quite a few.
1) You're not using superglobals.
2) You're not surrounding text with quotes in the query.
3) Where does $_mysql_username come from?
4) You need to do a mysql_fetch_array() to get the record.
PHP Code:
mysql_connect (localhost, username, password);
mysql_select_db (Table);
$users = mysql_query ("select username, password, access_level from Members where username = '" . $_POST['username'] ."' AND password = '" . $_POST['password'] . "'");
if ($user = mysql_fetch_array($users)) {
setcookie("access_level",$mysql_access_level,time() + 3600);
header("Location: page.php");
} else {
header("Location: login.php");
}
Also note that I put password checking in the query as well. This will remove the need for an extra if-statement later.
