True Peter. Also the other parts where you are doing comparison and not assignment.

On Wed, Apr 24, 2013 at 2:56 PM, Peter Karunyu <pkarunyu@gmail.com> wrote:

I suspect it's line 18 where you state thus:

if($numrows=1){

I reckon you wanted to say:

if($numrows == 1){

On Wed, Apr 24, 2013 at 2:46 PM, Victor Yegon <viktayeg@gmail.com> wrote:

How do you assign username an id??

On Wed, Apr 24, 2013 at 2:40 PM, Andrew Nduati <nduatiandrew@gmail.com> wrote:

Afternoon people, I urgently need someone to look at my code below and tell my why:

1. The wrong credentials allow one access.

2. Only the dealers page is opening even after selecting user or admin portals.

Looking forward to helpful feedback thanks.

THE CODE:

<?php

$portal=$_POST['portal']; 

$u_id=$_POST['uname'];

$pwd=$_POST['upass'];

//my sql part

$host="localhost";

$dbuser="root";

$dbpass="";

//connect to the database

$conn= mysql_connect($host,$dbuser,$dbpass) or exit("Connection Error".mysql_error());

mysql_select_db('cars') or exit("Database not found");

//The Query

$strSQL= "SELECT `u_name` from `users` where `u_name` = '.$u_id.' and `pass` = '.$pwd.' and `type` = '.$portal.'";   

$result=mysql_query($strSQL, $conn) or exit("sql Error:".mysql_error());

//logic test

$numrows=mysql_num_rows($result);

//error below here

if($numrows=1){

/*echo "success";

echo "Name:".$u_id."</br>";*/

 //user access

if ($portal="user"){

header("Location:upload.html");

}

else{

echo "login error";

return false;

}

//dealer access even with wrong credentials this is opened

if ($portal="dealer"){

header ("Location:select.html");

}

//administrator access

elseif ($portal="admin"){

header ("Location : login.html");

}

}

else{

echo" Login Failed";

echo "</br><a href='#' onclick='window.history.back();'>Click Here</a>";

}

?>

_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke

--

Regards,

Yegon Victor | Web Specialist/Internet Consultant |

_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke

--
Regards,

Peter Karunyu
-------------------

_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke

_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke