0

I'm working on a login page by user level to separate the admin and user. but it didnt seems to work. it doesnt redirect and leave a blank page. I've tried remove the javascript part, but it doesnt change anything either.

index.php

<form class="login" action="login.php" method="post">
Username:<input type="text" name="username" id="username"/>
Password:<input type="password" name="password" id="password"/>
<input type="submit" value="login"/>
</form>

login.php

<?php 
    session_start();
    include('config.php');

    if(isset($_POST['submit'])) {

        $username = $_POST['username'];
        $password = $_POST['password'];

            $username = mysql_real_escape_string($username);    
            $password = mysql_real_escape_string($password);

            $sql = mysql_query("SELECT * FROM admin WHERE username='$username' AND password='$password'");
            $result = mysql_fetch_array($sql);

            $username=$result['username'];
    $adminID=$result['adminID'];
    $userLevel=$result['UserLevel'];

    $_SESSION['adminID']=$adminID;
    $_SESSION['userLevel']=$userLevel;
    $_SESSION['username']=$username;
    $_SESSION['password']=$password;

    if($userLevel == '1')
    {
     $sql = "UPDATE admin SET status = 'AKTIF' where username = '$username' ";
     $result = mysql_query($sql) or die('Cannot UPDATE.'.mysql_error());
    ?>

    <script type="text/javascript">
        alert("Welcome <?php echo "$username" ?> to Admin page! ");
    </script>

    <?php
        header('Location:admin.php');
        exit();
    }

    elseif($userLevel == '0')
    {
    $sql = "UPDATE admin SET status = 'AKTIF' where username = '$username' ";
    $result = mysql_query($sql) or die('Cannot UPDATE.'.mysql_error());
    ?>

    <script type="text/javascript">
        alert("Welcome <?php echo "$username" ?> to User page! ");
    </script>

    <?php
        header('Location: user.php');
        exit();
    }

    else
    {   
    ?>
       <script type="text/javascript">
        alert("Invalid Username or Password! ");
        //window.location.href = "index.php";
    </script>

    <?php
    }
}

?>

Syaa
  • 79
  • 2
  • 13
  • http://stackoverflow.com/questions/8130990/how-to-redirect-to-the-same-page-in-php <-- read this – Black Sheep Apr 07 '14 at 01:07
  • @aldanux but I'm not redirecting it to the same page? – Syaa Apr 07 '14 at 01:11
  • sorry.. read this --> http://stackoverflow.com/questions/768431/how-to-make-a-redirect-in-php <-- thats what you need – Black Sheep Apr 07 '14 at 01:12
  • @aldanux ah I forgot to mention, but I've tried using `header` too. but no luck as well. – Syaa Apr 07 '14 at 01:18
  • 1
    Don't mess up page logic and representation, it looks horrible and is breeding ground for mistakes and errors. Use MySQL PDO and bind values to queries, to make it more secure. Use session based "flash messages", do not create meta tags like that: if login is successful, store new message in session and redirect user to login sucessfull page and in HTML, output all session messages and clear them. Plaintext passwords? Use crypt()! And why store password in session? You need only user ID. – Deele Apr 07 '14 at 01:19
  • Is this legacy code>? – Ryan Apr 07 '14 at 01:29
  • 1
    @Deele: No, not [`crypt`](https://www.php.net/crypt)! [`password_hash`](https://www.php.net/password_hash) (possibly using [a shim](https://github.com/ircmaxell/password_compat) if your version of PHP doesn't have it natively)! – icktoofay Apr 07 '14 at 01:40
  • your code is not dynamic because javascript is client language and php is server language. I m not sure this code is it having some problem but the way you use I think have problem when you write php code inside javascript. Try to avoid this kind of method you using and try to put javascript inside php code rather than php code inside javascript. – user3454436 Apr 07 '14 at 02:37

2 Answers2

1

Use PHP Header:

for userLevel1:
header("Location: admin.php");

for userLevel2:
header("Location: user.php");

Name in your submit so it will enter your PHP code block:

<input type="submit" name="submit" value="login"/>
kimbarcelona
  • 1,136
  • 2
  • 8
  • 19
0

try the following code and replace into your code. see whether can work or not. you try on the first if condition first and see on the result. if cannot work tell me what problem you face.

<?php
    if($userLevel == '1')
                 $sql = "UPDATE admin SET status = 'AKTIF' where username = '$username' ";
                 $result = mysql_query($sql) or die('Cannot UPDATE.'.mysql_error());
    ?>
    <script>
                var a = alert("Welcome <?php echo "$username" ?> to Admin page! ");
    if (a === true){
    window.location.href="admin.php";
    }
    else{
    window.location.href="admin.php";
    }
</script>
    <?php
                }
user3454436
  • 231
  • 1
  • 4
  • 15
  • just replace the code like what i did. I forget to put and I have update my code. just copy 1 time and replace it to your code – user3454436 Apr 07 '14 at 02:47
  • This is poor coding standard. Why use client side code if it can be done with server-side – kimbarcelona Apr 07 '14 at 02:55
  • do you have any good example to provide. forgive my stupidness code but i just want to help him. please help him to work on it. thanks. – user3454436 Apr 07 '14 at 02:58