-5

I am just trying to write login system for an php app. I need to user log type by type (Admin/User dashboard), i don´t see any reason why this shouldn´t work. I will be really glad if someone help me. Thanks you so much. The problem is, that when u try to log in, with proper username and password, even if its correct, it just throw out "Wrong username or pw...."

<?php  
session_start();
$host="127.0.0.1"; // Host name 
$username="root"; // Mysql username 
$password=""; // Mysql password 
$db_name="rocketevents"; // Database name 
$tbl_name="users"; // Table name 


mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");


$myusername=$_POST['myusername']; 
$mypassword=($_POST['mypassword']);
$type=''; 


$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql = "SELECT * FROM $tbl_name WHERE `Username`= '$myusername' and `Password`= '$mypassword' and `Type`= '$type'";
$result = mysql_query($sql);
$array = mysql_fetch_array($result);
$_SESSION['myusername']=$array['myusername'];
$_SESSION['mypassword']=$array['mypassword'];
$user_type = $array['Type'];

$count=mysql_num_rows($result);


if (empty($_POST['myusername']) or (empty($_POST['mypassword']))){
echo"Please fill in your username or password";
echo"<br>Please try to <a href='index.php'>Log in </a> again";
} else {
if ($count == 1) {

$_SESSION ['myusername'] = $myusername;
$_SESSION ['mypassword'] = $mypassword;

if ($user_type == "Admin") {
    header ( "location: admin.php" );
} else if ($array ["type"] == "User") {
    header ( "location: user.php" );
} else if ($array ["type"] == "Visitor") {
    header ( "location: visitor.php" );
}
}
 else {
 include("index.php");
    echo"Wrong user or password";
    echo"<br>Please try to <a href='index.php'>Log in</a> again or go to <a        href='sign.php'>registration</a> page";
}
}
?>
S.Fešar
  • 1
  • 2
  • 1
    `mysql_*` is deprecated, try using `mysqli_* OR PDO` – Nehal May 23 '16 at 09:28
  • Questions seeking debugging help (_"why isn't this code working?"_) must include the desired behavior, a specific problem or error and the shortest code necessary to reproduce it in the question itself. Questions without a clear problem statement are not useful to other readers. See: [How to create a Minimal, Complete, and Verifiable example.](http://stackoverflow.com/help/mcve) – Epodax May 23 '16 at 09:30
  • Sorry, I am newbie in coding in PHP.. I will probably write whole new code, because i can´t find the issue.. and it´s hard for me to "repair" it. – S.Fešar May 23 '16 at 09:37
  • user type $type=''; empty then why redirect user based on user type ? – JYoThI May 23 '16 at 09:52
  • try my answers it may be helpful @S.Fešar – JYoThI May 23 '16 at 10:07

2 Answers2

1

your code lots flaw and mysql_* is deprecated, try using mysqli_* OR PDO

try this 

<?php  
 session_start();
//db connection
global $conn;
$servername = "127.0.0.1";  //host name

$username = "root"; //username

$password = "password"; //password

$mysql_database = "rocketevents"; //database name



//mysqli prepared statement 

  $conn = mysqli_connect($servername, $username, $password) or die("Connection failed: " . mysqli_connect_error());

  mysqli_select_db($conn,$mysql_database) or die("Opps some thing went wrong");



 if (empty($_POST['myusername']) || (empty($_POST['mypassword'])))
  {
      echo"Please fill in your username or password";
      echo"<br>Please try to <a href='index.php'>Log in </a> again";
  } 
 else 
 {
      function test_input($data) 
             {
                  $data = trim($data);
                  $data = stripslashes($data);
                  $data = htmlspecialchars($data);
                  mysql_real_escape_string($data);
                  return $data;
            }    

   $myusername=test_input($_POST['myusername']); 
   $mypassword=test_input($_POST['mypassword']);

   $type='Admin'; //here you have set $_POST value of type 

   $tbl_name="users"; // Table name 


    $stmt = $conn->prepare("SELECT * FROM $tbl_name WHERE Username= and Password= and Type=? ");

            $stmt->bind_param('sss',$myusername,$mypassword,$type);

            $stmt->execute();
            $result=$stmt->get_result();
            $value=$result->fetch_assoc();

            $row_count= $stmt->affected_rows;

            $stmt->close();
             $conn->close();


if ($row_count > 0) 
{
     //session setup 
     $_SESSION['myusername']=$value['Username'];
     $_SESSION['mypassword']=$value['Password'];
     $_SESSION['myusertype']=$value['Type'];

    if ( $_SESSION['myusertype'] == "Admin") 
    {
        header ( "location: admin.php" );
    } 
    else if ( $_SESSION['myusertype'] == "User") 
    {
        header ( "location: user.php" );
    } 
    else ( $_SESSION['myusertype'] == "Visitor") 
    {
        header ( "location: visitor.php" );
    }
}
 else 
 {

    include("index.php");
    echo"Wrong user or password";
    echo"<br>Please try to <a href='index.php'>Log in</a> again or go to <a        href='sign.php'>registration</a> page";
}
}
?>
JYoThI
  • 11,977
  • 1
  • 11
  • 26
0

You are trying to access the columns of your result set by names that you did not specify in the query.

$array = mysql_fetch_array($result);
$_SESSION['myusername']=$array['myusername'];
$_SESSION['mypassword']=$array['mypassword'];

the result will not contain any columns named myusername or mypassword. Use var_dump($array); to investigate what your query is actually returning.

Jonas Köritz
  • 2,606
  • 21
  • 33