Home/ Questions/Q 8957777
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-15T15:04:10+00:00

What am I trying to do is setup different landing pages, after login, base

  • 0

What am I trying to do is setup different landing pages, after login, base on access level, I am talking about PHP and MySQL of course 🙂

I have a database with a users table, the users table have basically 3 fields:

user,pass,access

and I have 2 basics access level:

(1=user, 5=admin)

I found some examples online, even here, but for some reason I haven’t been able to make it work. here what I got:

login.php

<form id="form" name="form" method="POST" action="login_engine.php">
<p>Please enter your login information:</p>
<label>User</label><input type="text" name="Username" id="Username" />
<label>Password</label><input type="password" name="Password" id="Password" />
<input name="submit" type="submit" id="submit" value="Login">
</form>

and this is the engine:

<?php
include "connect.php";

// username and password sent from form
$MyUsername = $_POST['Username'];
$MyPassword = $_POST['Password'];


$sql="SELECT * FROM tbl_users WHERE user=$MyUsername and pass=$MyPassword";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count===1){
  // Register $myusername, $mypassword and redirect to file "home.php"
  session_register("user");
  session_register("pass");
  while($row = mysql_fetch_array($result))
  {
    if($row['access']=='5')
    {
      header("home1.php");
    }
    else
    {
      header("home2.php");
    }
  }
} else {
  echo "Invalid! Please try again PC.";
  echo "<br>";
  echo $_POST['Username'];
  echo "<br>";
  echo $MyUsername;
  echo "<br>";
  echo $_POST['Password'];
  echo "<br>";
  echo $MyPassword;
  echo "<br>";
  echo $sql;
  echo "<br>";
  echo $result;
  echo "<br>";
  echo $count;
}

//mysql_close();
?>

and this is the output:

Invalid! Please try again PC.
userdemo
userdemo
mypassword
mypassword
SELECT * FROM tbl_users WHERE user=userdemo and pass=mypassword

First sign that something is wrong is that the variables $result and $count are not being printed on the error message (I had then showing some message but I changed the code so much that I lost track of what I did to make then stop showing info, but i remember that $result was showing something like “… #4” and $count was showing “0”.)

I understand that something is wrong, because its going to the end of the PHP script: the last else, but the $sql seems right (i might be wrong here).

anyone have any idea what might be wrong here?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Your current code should always return the number of row count as 0; this is because all string inputs in an sql statement.
    Replace 

     
  $sql="SELECT * FROM tbl_users WHERE user=$MyUsername and pass=$MyPassword";

    with

     
  $sql="SELECT * FROM tbl_users WHERE user='$MyUsername' and pass='$MyPassword'";

    This solves part of your immediate problem, unless either the user or pass inputs has an apostrophe in it, in which case, we are back to square one.
    Using

     
   $MyUsername = mysql_real_escape_string($MyUsername);
   $MyPassword = mysql_real_escape_string($MyPassword);

    before my initial code should resolve that issue.
    This answers your question and resolves your current issue.

    Much More Importantly

    First, mysql has been depreciated; stop using it for new projects, and convert existing projects to either MySQLi or PDO.

    Second, that code is very much insecure; your data can be wiped due to SQL Injection. Use the suggested methods in the first point to make it more secure.

    Hope this helps……at all.

    • 0