• SQL login check help

    Nina Member

    I have a website that has a simple login page, I use this to check the login

    $sql="SELECT * FROM members WHERE uid =8 and username='$myusername' and password='$encrypted_mypassword'";
    

    I would like it to be able to have more than 1 uid that it accepts. How can I add some kind of “uid=8 OR 9” so that it works? I have not been able to find a working way.

    Thanks if you can help.

    actually I just tried this and it seems to work

    $sql="SELECT * FROM members WHERE (uid ='8' and username='$myusername' and password='$encrypted_mypassword') OR (uid ='9' and username='$myusername' and password='$encrypted_mypassword')";
    

    So I guess that’s all, or does anyone have any comments on this?

    Another issue I have been thinking about. How can I make it load a different page depending on which user logs in?

    At the end I have now this

    if($count==1){
    // Register $myusername, $mypassword and redirect to file "secret.php"
    session_register("myusername");
    session_register("mypassword");
    header("location:secret.php");
    }
    else {
       
    echo "

    "; echo "
    "; echo "
    "; echo "
    "; echo "Wrong Username or Password"; echo "
    "; echo "Back

    "; }

    How could I do some kind of :

    If $myusername= Joe... it goes to secret.php
    If $myusername= John, it goes to secret2.php
    

    ??

  • Adelaid Member

    Judging by what you said and the code you can literally just do

    if ($myusername == "Joe") { do something }
    

    If you wanted to do it based on usergroup or something then you’d need to execute a separate query, check then redirect accordingly.

  • Abhey Member

    why you need to match the UID? If it is because you only want a certain UID to have access to an admin control panel then I understand but if you are wanting to check the username then you can do what Barto suggested.

    So you could have your SQL check that the username and password info is correct and if it is correct check whether it is a certain username.

  • SapnaVishwas Member

    check for UID is I noticed if I had it just look if the username and passwords matched, it accepted any username and password from the userlist, so a user I had made for another page could also login here, I wanted to prevent different usernames to login to the “secret” pages. When it checks the UID, then I make sure only the specific user can log in.

    Probably there would also be another way, this is just what worked for me first.

  • Amit Member

    Instead of using UID’s for that, why not create usergroups which have certain permissions?

Viewing 4 reply threads
  • You must be logged in to reply to this topic.