Hello all,

Working on a webapp for my work and I have to send people from certain departments to pages that correspond to the department only. I have a standard login page with a dynamic drop down menu to select the department. None of the options in the drop down menu call to a database, rather it just reads the array embedded within. Upon hitting the login button it calls to a validation script which is where I would like the redirect to happen. Here is the login page.

HTML Code:

<table width="40%"  border="0" align="center" cellpadding="0" cellspacing="0">
  <tr>
    <td><div align="center"><img src="images/logomain.jpg" width="327" height="59"></div></td>
  </tr>
  <tr>
    <td><form action="validate.php" method="post" name="login" id="login">
      <table width="40%"  border="0" align="center" cellpadding="0" cellspacing="0">
        <tr>
          <td width="50%" class="style5">Username</td>
          <td width="50%"><input name="user_name" type="text" id="user_name"></td>
        </tr>
        <tr>
          <td class="style5">Password</td>
          <td><input name="password" type="password" id="password"></td>
        </tr>
        <tr>
          <td><div align="left"><span class="style5">Position</span></div></td>
          <td>

now onto the dynamic drop down

PHP Code:

<?
$category = array(
1=> "Agent",
2=> "Property Mgmt.",
3=> "Principal Broker",
4=> "General Admin",
5=> "System Admin",
);
$category = str_replace(" ", "&nbsp;", $category);

echo '<SELECT name=category>';
foreach ($category as $key => $value)
{
echo '<OPTION value='.$value.'> '.$value.'';
}
echo '</select>';

?>

onto the rest of the form

HTML Code:

&nbsp;</td>
        </tr>
        <tr>
          <td colspan="2"><div align="center">
            <input type="submit" name="Submit" value="Login">
          </div></td>
        </tr>
      </table>
    </form></td>
  </tr>
  <tr>
    <td>&nbsp;</td>
  </tr>
  <tr>
    <td>&nbsp;</td>
  </tr>
</table>

and there we have it.

Now in the validate.php file I already have an include command to establish the database connection from a file called dbconnect.php located in a seperate directory for the whole app to call to when needed, so thats squared away. The table that stores the user and pass is simply called "users", with "id", "user_name", and "password" fields. I do a

PHP Code:

<?php
    include 'globals/dbconnect.php';
    
    mysql_query = 'SELECT * FROM users';    
?>

while in validate.php, but now what????

PHP Code:

$process_login = "SELECT * FROM USERS WHERE user_name='$user_name' AND password='$password'";
$login_result = mysql_query($process_login);
IF(mysql_num_rows($login_result) == 1){
header("location: pageafterlogin.htm"); exit;
}  
else {
echo "login failed";
exit; 


so by what you wrote here that will be able to differentiate the option chose from the dynamic drop down menu on the login page?

For example, if person chooses "Agent" from the drop down, they will be sent to agent.html? If person is "System Admin" they will be directed to admin.html?

hmm you might want to secure the page after the login too

PHP Code:

session_start();
 $process_login = "SELECT * FROM USERS WHERE user_name='$user_name' AND password='$password'";
$login_result = mysql_query($process_login);
IF(mysql_num_rows($login_result) == 1){
$_SESSION['logged_in'] = TRUE;
$_SESSION['user_name'] = $user_name;
$_SESSION['password'] = $password;
header("location: pageafterlogin.htm"); exit;
}  
else {
echo "login failed";
exit; 


The code above will create a number of sessions. Now if you dont need very tight security you can just add this to the protected page:

PHP Code:

session_start();
if(!$valid_user) { header("location: index.php");
} 


For more tighter security you can create a page that checks the database on a row with the information provided in the sessions (username&password) to see or that user really does exist

so how would the validate.php look in its entirety? I'm still pretty new to php but a quick learner

Quote:

Originally Posted by aesop

so by what you wrote here that will be able to differentiate the option chose from the dynamic drop down menu on the login page?

For example, if person chooses "Agent" from the drop down, they will be sent to agent.html? If person is "System Admin" they will be directed to admin.html?

no it will not, however you can fix this by putting the name of the page as name in the array e.g

PHP Code:

$categorypage = array(

1=> "agent.htm",
2=> "Propertymgmt.htm",
3=> "PrincipalBroker.htm",
4=> "GeneralAdmin.htm",
5=> "SystemAdmin.htm",
); 
$category = array(
1=> "Agent",
2=> "Property Mgmt.",
3=> "Principal Broker",
4=> "General Admin",
5=> "System Admin",
); 


then your dropdown:

PHP Code:

$category = str_replace(" ", " ", $category);

echo '<SELECT name=category>';
$i = 1;
while($i < 6) {
{
echo '<OPTION value='.$categorypage[$i].'> '.$category[$i].'';
$i++;
}
echo '</select>'; 


then on the validate page the full code would be:

PHP Code:

 session_start();
$process_login = "SELECT * FROM USERS WHERE user_name='$user_name' AND password='$password'";
$login_result = mysql_query($process_login);
IF(mysql_num_rows($login_result) == 1){
$_SESSION['logged_in'] = TRUE;
$_SESSION['user_name'] = $user_name;
$_SESSION['password'] = $password;
header("location: $category"); exit;
}  
else {
echo "login failed";
exit; 


if you PM me a MSN adress i can tell you in person works alot better in my experience

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:\Program Files\Apache Group\Apache2\htdocs\from scratch\validate.php on line 6
login failed

line 6 is

IF(mysql_num_rows($login_result) == 1){

ok, will pm you

wont let me, not enough posts

my msn messenger is evilmidgets at hotmail dot com

change:

PHP Code:

$login_result = mysql_query($process_login); 


to:

PHP Code:

$login_result = mysql_query($process_login) or die(mysql_error()); 


PHP Code:

session_start();
if(!$valid_user) { header("location: index.php");
}