Hi Phil thanks for taking the time to reply back.
allow me to share my code (still learning so be gentle.)
I register 2 session vars from 2 input boxes. I then select * from the user
table where the to variables match (username and password) if they match I
want to register the auth_level field for that user as a session var - if
they don't match I unregister the session vars and put a failed screen up.
I have "almost" got there, to test it I print the $user_auth_level variable,
so far it is coming up blank.
Hope you can help.
<?php
include("../dbconnect.php");
// Start Sessions if called from another scripts
session_start();
// Checks to see if session value login_sername is set
if (!isset($login_username)) {
// If login_username is not set call up the HTML form to allow users to
login
?>
<HTML>
<HEAD>
<META NAME="GENERATOR" Content="vi">
<META NAME="Author" Content="Matthew Darcy">
<TITLE>BathJobs.com User Login</TITLE>
</HEAD>
<BODY BGCOLOR=#ffffff LINK=#000000 ALINK=#000000 VLINK=#000000>
<FONT FACE=Arial Size=4 Color=black>
<P> <FORM METHOD="post" ACTION="<?=$PHP_SELF?>">
<CENTER>
<TABLE BGCOLOR=#191970 BORDERCOLOR=#191970 BORDER=1 CELLSPACING="0"
WIDTH=60 HEIGHT=30>
<TR BGOLOR=#ff9900>
<TD BGCOLOR=#ff9900><FONT FACE=arial SIZE=4
COLOR=#191970><CENTER>Login</CENTER></FONT> </TD>
</TR>
<TR>
<TD>
<TABLE BGCOLOR=#191970 BORDER=0 CELLSPACING="0" >
<TR BGCOLOR=#191970>
<TD BGCOLOR=#191970 width=30 height=30 > <B><FONT
color=#ff9900>UserName</FONT> </B> </TD>
<TD BGCOLOR=#191970 width=30 height=30 ><INPUT NAME="login_username"
SIZE=8 MAXLENGTH=8> </TD>
</TR>
<TR>
<TD BGCOLOR=#191970 width=30 height=30 > <B><FONT
color=#ff9900>Password
</FONT> </B> </TD>
<TD BGCOLOR=#191970 width=30 height=30 ><INPUT NAME="login_password"
SIZE=8 MAXLENGTH=8 TYPE="password"> </TD>
</TR>
</TABLE>
</TD>
</TABLE>
<BR>
<INPUT TYPE="hidden" NAME="user_login_submit_button" VALUE="submit_login" >
<INPUT TYPE="submit" NAME="submit_login_details" VALUE="Login">
<BR>
</FORM>
<P> </P></CENTER></FORM></FONT>
</BODY>
</HTML>
<?php
// Data collection of username and password is now complete from the form.
End the data capture function.
exit;
}
// Register session variables login_username and login_password no matter if
they are correct or not.
session_register("login_username");
session_register("login_password");
//sets and runs SQL statement that brings back all info on user which
matches username and password.
$sql_authorisation = "SELECT * FROM account_details WHERE
account_name='$login_username' AND
account_password=PASSWORD('$login_password')";
$sql_authorisation_result = mysql_query($sql_authorisation);
// if there is 1 row returned then this is a sucessfull login. Else there is
an error with the variables set in the login process
// checks to see if the SQL statments is able to be executed - ie a
connection to the database.
if (!$sql_authorisation_result) {
error("A Database Error Occurred while trying to authorise login details");
}
// If there are no matching results then there is a login_name,
pasword_name, or non registered user error.
// If this is the case then unreister the seesion variables for username and
password as they are wrong.
if (mysql_num_rows($sql_authorisation_result) == 0) {
session_unregister("login_username");
session_unregister("login_password");
?>
<HTML>
<HEAD>
<TITLE> Access Denied </TITLE>
</HEAD>
<BODY BGCOLOR=white>
<H1> Access Denied </H1>
<P> Your user ID and Password could not be verified. This could be an
incorrect username or password, or you are not a registered user on this
site. Try logging in again checking your details, or enter the signup
process to join bathjobs.com</P>
<P> <A HREF=user_auth.php><CENTER> Click to try again </CENTER></A> </P>
</BODY>
</HTML>
<?php
exit;
}
else {
$admin_level_var=mysql_query($mysql_authorisation);
?>
<HTML>
<HEAD></HEAD>
<BODY BGCOLOR=black>
<FONT FACE=arial COLOR=white SIZE=3>
<H1> Access Granted </H1>
Welcome you are fully logged into BathJobs.com
Your auth level is <? print $admin_level_var["admin_admin_level"]?>
</BODY>
</HTML>
<?php
exit;
}
?>
// Script end
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
