Need Help... Anyone have any ideas?

Zack

Hey. I'm designing/coding the website for my school's theater program and I've been asked to have diferent sections for diferent user types.

Well I'm having trouble logging them in.

The form looks like this:


<form action="process_login.php" method="get">
<table width="100%" border="0" cellspacing="0" cellpadding="3">
  <tr>
    <td><center><input type="text" name="userLogin" value="Login Name" size="24"></center></td>
  </tr>
  <tr>
    <td><center><input type="password" name="userPassword" value="Password" size="24"></center></td>
  </tr>
  <tr>
    <td><center><select name="userGroup">
                <option></option>
                <option value="student">Current Student</option>
				<option value="officer">Current Officer</option>
				<option value="srManager">Current Sr. Manager</option>
				<option value="staff">Current Staff</option>
				<option value="alumni">Alumni</option>
				<option value="parents">Parent</option>
				<option value="fan">Fan</option>
            </select></center></td>
  </tr>
  <tr>
    <td><center><input type="submit" name="submit" value="Login">&nbsp;&nbsp;<input type="reset" name="reset" value="Reset Form"></center></td>
  </tr>
</table>
	</form>

and "process_login.php" looks like this:


<?php


require ('includes/config.php');


if (empty($userLogin))
  {
     print "You forgot to type your login name in the form. Please go back and correct the mistake.";
  }
elseif (empty($userPassword))
  {
     print "You forgot to type your password in the form. Please go back and correct the mistake.";
  }
elseif (empty($userGroup))
  {
     print "You forgot to specify your group in the form. Please go back and correct the mistake.";
  }
else
  {


if ($db_connect == TRUE)
  {



if ($userGroup === student)
  {
     $student_login = mysql_query("SELECT userPassword FROM usersStudent WHERE userLogin === $userLogin");

 if ($student_login == TRUE)
   {
      header("Location: student_admin.php?userLogin");
   }
 else
   {
      print "You could not be logged in, please try again. If you have not yet registered, please do so.";
   }
  }
elseif ($userGroup === officer)
  {
     $officer_login = mysql_query("SELECT userPassword FROM usersOfficer WHERE $userLogin === userLogin");

 if ($officer_login == TRUE)
   {
      header("Location: officer_admin.php?userLogin");
   }
 else
   {
      print "You could not be logged in, please try again. If you have not yet registered, please do so.";
   }
  }
elseif ($userGroup === srManager)
  {
     $srManager_login = mysql_query("SELECT userPassword FROM usersSrManager WHERE $userLogin === userLogin");

 if ($srManager_login == TRUE)
   {
      header("Location: srmanager_admin.php?userLogin");
   }
 else
   {
      print "You could not be logged in, please try again. If you have not yet registered, please do so.";
   }
  }
elseif ($userGroup === staff)
  {
     $staff_login = mysql_query("SELECT userPassword FROM usersStaff WHERE $userLogin === userLogin");

 if ($staff_login == TRUE)
   {
      header("Location: staff_admin.php?userLogin");
   }
 else
   {
      print "You could not be logged in, please try again. If you have not yet registered, please do so.";
   }
  }
elseif ($userGroup === alumni)
  {
     $alumni_login = mysql_query("SELECT userPassword FROM usersAlumni WHERE $userLogin === userLogin");

 if ($alumni_login == TRUE)
   {
      header("Location: alumni_admin.php?userLogin");
   }
 else
   {
      print "You could not be logged in, please try again. If you have not yet registered, please do so.";
   }
  }
elseif ($userGroup === parents)
  {
     $parent_login = mysql_query("SELECT userPassword FROM usersParent WHERE $userLogin === userLogin");

 if ($parent_login == TRUE)
   {
      header("Location: parent_admin.php?userLogin");
   }
 else
   {
      print "You could not be logged in, please try again. If you have not yet registered, please do so.";
   }
  }
elseif ($userGroup === fan)
  {
     $fan_login = mysql_query("SELECT userPassword FROM usersFan WHERE $userLogin === userLogin");

 if ($fan_login == TRUE)
   {
      header("Location: fan_admin.php?userLogin");
   }
 else
   {
      print "You could not be logged in, please try again. If you have not yet registered, please do so.";
   }
  }
else
  {
     print "You could not be logged in, please try again. If you have not yet registered, please do so.";
  }

  }
else
  {
     print "Sorry, the server could not log you in. The database maybe down. Please try again and if the problem is persistant, then please contact the webmaster.";
  }

mysql_close($db_connect);
  }


?>

The first few "if statements" work. It makes sure that I have included everything into the form for login. The problem is... it won't log me in. It always prints: "You could not be logged in, please try again. If you have not yet registered, please do so."

Do you guys have any ideas? The login info that I am using is in a table called 'usersStudent', so my login should work with the first option.

Thanks!

barand

if ($userGroup === student)
  {
     $student_login = mysql_query("SELECT userPassword FROM usersStudent WHERE userLogin === $userLogin");

 if ($student_login == TRUE)
   {
      header("Location: student_admin.php?userLogin");
   }
 else
   {
      print "You could not be logged in, please try again. If you have not yet registered, please do so.";
   }
  }

$userlogin is a string value therefor needs '...' around it
Use the syntax ...WHERE fieldname = '$avaraible' (ie single =, and not variable = fieldname
$student_login will be true so long as query is valid, even if no results returned
Use if (mysql_num_rows($student_login) > 0) instead
header location should be "Location: student_admin.php?userLogin=$userLogin"
[/list=1]

hth

Zack

thanks, i'll try it now.

Zack

thanks a lot man! it worked... now I have to figure out how to give each user their own personal admin section so they change only their own info...

i know its by the "$userLogin" variable, but I don't know where its needed...

barand

Just allow them to change those records with their userLogin id.

Zack

what do you mean?

barand

I admit I don't the data you are holding but suppose you have a table called student_profile with details of individual student's interests, email address, cellphone number etc.

Each record would also contain the student userLogin as an id.

The record with each student's login id would be the only one they could change, even though all studentsmay be able to view the details in this case.

Zack

yes, i understand this... what i meant by not knowing how to do it was in the code... how to specify using the variable "userLogin"...

barand

Try here

Zack

that link didnt really help, but thanks anyway...

what i meant was:

i want them to only be able to view the page if they have logged in correctly... if they havent logged in correctly or are trying to access the page without logging in, it will tell them to log in and if they have logged in correctly, then it will set a cookie.

i think i can figure that out.

what i dont know how to do is make sure that they are only editing thier own data... would i use the'SELECT FROM WHERE ***' like in the login form?

barand

would i use the'SELECT FROM WHERE ***' like in the login form?QUOTE]

Yes. You don't need a separate section for every user as you mentioned earlier. Use the data to control the access.