CODEWITHSUNDEEP
phpmysqlhtml
Sasuke Scend
Sasuke Scend

Reputation: 111

Specific user type in MySQL and PHP

I have 3 files for connection.php. work.php login.php these are the codes that I use to be able to identify the users type or the type of administrator in the database.

I use MySQL since it is required in the coding/dev process,

The problem that I am encountering is that I am unable to detect the user type. Can you please suggest what could be the possible to identify the user types.

enter image description here login.php

<?php
// Try and connect to the database
include('connection.php');
$selected = mysql_select_db("wildlife",$conn)
  or die("Could not select ");

   //$myusername =    mysql_real_escape_string($conn,$_POST['username']);
   //$mypassword = mysql_real_escape_string($conn,$_POST['password']); 
    if(isset($_POST['user']) && isset($_POST['pass'])){
            $user = $_POST['user'];
            $pass = $_POST['pass'];
            //$type = $_POST['type'];

            // $query = mysql_query("SELECT * FROM wrd_users WHERE emp_username='$user' and  emp_password='$pass'      
            //and  emp_type = '1'");


            $query = mysql_query("SELECT * FROM wrd_users WHERE emp_username='$user' and  emp_password='$pass' ");

            if(mysql_num_rows($query) > 0 ) 
            { 
                //check if there is already an entry for that username
                echo "<br>DETECTED Username AND PASS already exists!";
                $query = mysql_query("SELECT emp_type FROM wrd_users WHERE emp_type = '1' ");
                if(mysql_num_rows($query) > 0 ) 
                    { 
                    //check if there is already an entry for that username
                        echo "<br>KING1";

                    }
                else
                    {

                        echo "<br>QUEEN1";
                    }

                $query = mysql_query("SELECT emp_type FROM wrd_users WHERE emp_type = '2' ");
                if(mysql_num_rows($query) > 0 ) 
                    { 
                    //check if there is already an entry for that username
                        echo "<br>KING2";

                    }
                else
                    {

                        echo "<br>QUEEN";
                    }
            }
            else
            {

                //header("location:index.php");
                echo(" No User Found");
                //header('work.php');
            }
    }
    mysql_close();
?>

connection.php

<?php
$conn = mysql_connect('localhost', 'root', '', 'wildlife');

    if (!$conn) 
    {
        die('Connect Error: ' . mysql_errno());
    }
    else
    {
        echo ("connected from connection.php");
    }
?>

work.php

<?php
include('login.php');
?>

<html>
<head><title>INDETIFY THE USER TYPE</title>
</head>
<body>
<form action="login.php" method="post"> <!-- Sign In Process -->
Username: <input type="text" name="user" id="emp_username"style="width:150">
<br />
Password: <input type="password" name="pass" id="emp_password"style="width:153">
<br />
<br />
<input type="submit" value="submit">
</form>
</body>
</html>

as a result the when **super , super ** is entered

enter image description here

Upvotes: 0

Views: 986

Answers (2)

UeliDeSchwert
UeliDeSchwert

Reputation: 1156

First: Don't use mysql_* functions anymore. Related question: Why shouldn't I use mysql_* functions in PHP? Instead use mysqli_* functions or PDO database extension to connect to a MySQL-Database.

Second: Your implementation is wrong. Your functions mysql_num_rows will always return exactly one row, because all you said in the query was "give me all rows where emp_type is 1" (or 2). But this will always return one row, because you have that row with emp_type 1. Edit your query like this:

$result = mysql_query("SELECT emp_type FROM wrd_users WHERE emp_username = '$user'");

After that, you can read what's in the emp_type record of your result.

An even better method would be to escape your entered information to prevent sql-injection:

$result = mysql_query("SELECT emp_type FROM wrd_users WHERE emp_username = '".mysql_real_escape_string($user)."'");

But remember not to use mysql_* anymore!

Upvotes: 1

Rax Shah
Rax Shah

Reputation: 531

Try this code

$query = mysql_query("SELECT * 
                      FROM wrd_users 
                      WHERE emp_username='$user' 
                        and  emp_password='$pass' ");

if(mysql_num_rows($query) > 0 ) 
{ 
    //check if there is already an entry for that username

    $row=mysql_fetch_array($query);

    if($row['emp_type']=='1')
    {
        echo "<br>KING1";
    }

    if($row['emp_type']=='2')
    {
        echo "<br>KING2";
    }                      
}
else
{

    //header("location:index.php");
    echo(" No User Found");
    //header('work.php');
}

Upvotes: 0

Related Questions