Login form help!!

guoxin · Joined: 11 Feb 2008 Posts: 7

Hi all,

I created a userlogin form where it will lead to either an administrator home page or user home page. In MySQL database, i create a table named "Login" where it contains the following:
CREATE TABLE Login (
access_level INT NOT NULL,
username VARCHAR(20) NOT NULL,
password VARCHAR(25) NOT NULL,
);

and i inserted the following values as well:

INSERT INTO Login VALUES (1, 'guoxin', 'guoxinphilips');

INSERT INTO Login VALUES (2, 'jason', 'jasonphilips');

where access_level 1 represents administrator and access_level 2 represents user and i execute the sql statement in a page called "authenticate.php" which will determine either if the user is an administrator or a user:

$sql ="SELECT * FROM $table_name WHERE username = '$_POST[username]' AND password = password('$_POST[password]') AND access_level = 1";

$result = @mysql_query($sql,$connection)or die(mysql_error());

//get the number of rows in the result set
$num = mysql_num_rows($result);

//print a message or redirect elsewhere,based on result
if ($num != 0) {
header("Location: http://www.bds-net.info/alanadmin_home.html");
exit;

} else {
header("Location: http://www.bds-net.info/alan/user-home.php");
exit;
}

but the result is it just go to the administrator home page regardless of the access_level 1 or 2. So is there anyone that can help me with this problem? Thanks folks

guoxin · Joined: 11 Feb 2008 Posts: 7

The problem had been solved Very Happy

lostboy · Joined: 02 May 2004 Posts: 5128 Location: toronto, canada

do a select for the name and password, then get the level and check it