Authorisation system

idnoble

Hello
I'm creating an authorisation system that checks username and password and also enforces access levels, but I also hit a parse error on the line where i specified a an html link, here's the error message:

Parse error: parse error, unexpected T_STRING in d:\phpweb\admin_system\adminlogin.php on line 19

and here's my php script:

<?php
if ($submit)
$session = mysql_connect("localhost", "Username", "Password");
mysql_select_db("xplosive") or die(mysql_error());
$sql =("
SELECT Auth
FROM Staff
WHERE Username = '{$POST [Username]}';
AND Password = '{$POST [Password]}');
$result = mysql_query($sql) or die
('hr />' .$sql.'<hr />'.mysql_error());
while ($row = mysql_fetch_array($result)) {
$auth = $row[auth]; }
if (!mysql_num_rows($result)) {
echo 'ACCESS DENIED: Invalid Login details';
}
if ($auth == '1') {
echo (<p> You are logged in with a level 1 authorisation <BR>
'<a href= "admin.php1">'Click here to continue </p>);
}
if ($auth == '2') {
echo 'You are logged in with a level 2 authorisation.<br/>
'<a href="admin.php2">Click here to continue</a>';
}
?>

can someone pls help me check it out

thanx!

planetsim

please use [php ][/php ] without spaces when posting code

<?php

if (isset($_POST['submit'])) {
  $session = mysql_connect("localhost", "Username", "Password");
  mysql_select_db("xplosive") or die(mysql_error());
  $sql = ("SELECT Auth FROM Staff 
		  WHERE Username = '".$_POST['Username']."' 
		  AND Password = '".$_POST['Password']."'"
		  );

  $result = mysql_query($sql)or die('<hr />' .$sql.'<hr />'.mysql_error());
  while ($row = mysql_fetch_array($result)) {
    $auth=$row['Auth']; 
  }

  if (!mysql_num_rows($result)) {
    echo 'ACCESS DENIED: Invalid Login details';
  }

  if ($auth=='1') {
	echo '<p>You are logged in with a level 1 authorisation <BR><a href="admin.php">Click here</a> to continue </p>';
  }

  if ($auth == '2') {
	echo 'You are logged in with a level 2 authorisation.<br/><a href="admin.php2">Click here to continue</a>';
  }
}
?>

idnoble

Hello,
thank you for the corrections in the code, i've made the changes and there's no more error, but each time I run it in my browser it always show part of my script and also shows the links to both access levels 1 and 2.

here's the output in the browser:

' .$sql.'

'.mysql_error()); while ($row = mysql_fetch_array($result)) { $auth=$row['Auth']; } if (!mysql_num_rows($result)) { echo 'ACCESS DENIED: Invalid Login details'; } if ($auth=='1') { echo '
You are logged in with a level 1 authorisation
Click here to continue

'; } if ($auth == '2') { echo '
You are logged in with a level 2 authorisation
Click here to continue

'; } } ?>

and here's the php script as it currently is:

<?php 

if($_POST['submit']) { 
  $session = mysql_connect("localhost", "Username", "Password"); 
  mysql_select_db("xplosive") or die(mysql_error()); 
  $sql = ("SELECT Auth FROM Staff 
          WHERE Username = '".$_POST['Username']."' 
          AND Password = '".$_POST['Password']."'" 
          ); 

  $result = mysql_query($sql)or die('<hr />' .$sql.'<hr />'.mysql_error()); 
  while ($row = mysql_fetch_array($result)) { 
    $auth=$row['Auth'];  

  } 

  if (!mysql_num_rows($result)) { 
    echo 'ACCESS DENIED: Invalid Login details'; 
  } 
  if ($auth=='1') { 
    echo '<p>You are logged in with a level 1 authorisation <BR><a href="admin.php">Click here</a> to continue </p>'; 
  } 

  if ($auth == '2') { 
    echo '<p>You are logged in with a level 2 authorisation <BR/><a href="admin.php">Click here</a> to continue</p>'; 
  } 
} 
?>

Thank you