I am trying to write my first login script. I would appreciate any guidance. My table is setup as follows:
Users
id
fname
lname
dept
username
password
rights
What I want it to do is if the person login and his/her rights is USER once he authenticates he will be taken to the user folder.
Or rights is ADMIN then they will be taken to the admin folder.
If they are not in the db they will be taken back to login with a msg stating to contact the administrator.
Here's my authuser.php:
include("config.inc");
$db_name = "$dbase";
$table_name = "$tbl";
$connection = @mysql_connect("$host", "$dbuser", "$dbpass") or
die("Couldn't connect.");
$db = @mysql_select_db($db_name, $connection) or die("Couldn't select
database.");
$sql = "SELECT * FROM $table_name WHERE username = \"$username\" AND password = password(\"$password\")";
$result = @($sql, $connection) or die("Couldn't execute query.");
$num = mysql_numrows($result);
if ($rights == 'ADMIN') {
header("Location: admin/index.php");
} elseif ($rights == 'USER') {
header("Location: users/index.php");
} else {
echo 'You are not authorized. Please contact the administrator.';
header("Location: index.php");
exit;
Thanks For ANY Help.
}
