Link to home
Start Free TrialLog in
Avatar of brettsky07
brettsky07Flag for Canada

asked on

PHP Login User Redirect

Hi Experts. I’m sure this is a pretty simple fix but I can’t seem to figure it out. I currently have a login form working so that if you login it will echo ‘success’ (this was mainly for testing) and if you login with the username ‘admin’ it will redirect you to the ‘admin’ specific page… This is all working. The only issue is with my error checking and validation. If I login with a test username and password it will check to make sure they match and are correct than echo success. If I login with ‘admin’ as the username it will redirect the user to the admin page… regardless of what password they enter. Is there a way to make it so that it checks ‘admin’ for the correct password before redirecting? Any help would be greatly appreciated.
<?php
ob_start();
session_start();

$username = $_POST['username'];
$password = md5($_POST['password']);

if ($username&&$password)
{
	
	$connect = mysql_connect("xxx", "xxx", "xxx") or die("Connection Error!");
	mysql_select_db("xxx") or die("Couldn't find db");
	
	$query = mysql_query("SELECT * FROM users WHERE username='$username'");
	
	$numrows = mysql_num_rows($query);
	
	if ($numrows!=0)
	{
		while ($row = mysql_fetch_assoc($query))
{
	$dbusername = $row['username'];
	$dbpassword = $row['password'];
}

//check to see if they match
if($username==$dbusername&&$password==md5($dbpassword))
{
	echo "Success!";
	$_SESSION['username']=$username;
}
else
echo "<br>Password is incorrect.<br><a href='#'>Back</a><br>";

	}
	
	else
	die ("<br>That user doesn't exist.<br><a href='#'>Back</a><br>");
	
}
else
die("<br>Please enter username and password.<br><a href='#'>Back</a><br>");


//ADD USER REDIRECTS HERE

if ($username=="xxx")
{
header("Location: xxx/index.php");
}


?>

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of Dave Baldwin
Dave Baldwin
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of brettsky07

ASKER

wow. cant beleive I didnt try that. haha that worked just fine thanks!
thank you.