On Wed, Apr 24, 2013 at 3:15 PM, Peter Karunyu <pkarunyu@gmail.com> wrote:

@Nduati, try the code below, but, like Kairu said, there were other places where you are using = instead of ==.

<?php
$portal=$_POST['portal'];

$u_id=$_POST['uname'];
$pwd=$_POST['upass'];

//my sql part
$host="localhost";
$dbuser="root";

$dbpass="";

//connect to the database
$conn = mysql_connect($host,$dbuser,$dbpass) or exit("Connection Error".mysql_error());
mysql_select_db('cars') or exit("Database not found");

//The Query
$strSQL = "SELECT `u_name` from `users` where `u_name` = '.$u_id.' and `pass` = '.$pwd.' and `type` = '.$portal.'";

$result = mysql_query($strSQL, $conn) or exit("sql Error:".mysql_error());

//logic test

$numrows = mysql_num_rows($result);

//error below here

if($numrows == 1){
//user access
if ($portal == "user"){

header("Location:upload.html");
}
elseif ($portal == "dealer"){

header ("Location:select.html");
}
elseif ($portal == "admin"){

header ("Location : login.html");
}
else {

echo "login error";
return false;
}

}
else{
echo" Login Failed";
echo "</br><a href='#' onclick='window.history.back();'>Click Here</a>";

}
?>

On Wed, Apr 24, 2013 at 3:12 PM, Andrew Nduati <nduatiandrew@gmail.com> wrote:

@Zack tried it and the error I have gotten is: "Parse error: syntax error, unexpected T_ELSEIF.... on line 30"

@Yoni. Please explain. Have not come across such before.

On Wed, Apr 24, 2013 at 3:06 PM, Andrew Nduati <nduatiandrew@gmail.com> wrote:

@Victor from my understanding, $u_id is just a variable. Correct me if i am wrong but I think I can call it anything as long as I am consistent with its use.

@Peter and Kennedy I had been using that and all I got was a blank page although the address bar showed it had moved to my php file.

On Wed, Apr 24, 2013 at 2:59 PM, Kennedy Kairu Kariuki <kkairu@gmail.com> wrote:

True Peter. Also the other parts where you are doing comparison and not assignment.

On Wed, Apr 24, 2013 at 2:56 PM, Peter Karunyu <pkarunyu@gmail.com> wrote:

I suspect it's line 18 where you state thus:

if($numrows=1){

I reckon you wanted to say:

if($numrows == 1){

On Wed, Apr 24, 2013 at 2:46 PM, Victor Yegon <viktayeg@gmail.com> wrote:

How do you assign username an id??

On Wed, Apr 24, 2013 at 2:40 PM, Andrew Nduati <nduatiandrew@gmail.com> wrote:

Afternoon people, I urgently need someone to look at my code below and tell my why:
1. The wrong credentials allow one access.

2. Only the dealers page is opening even after selecting user or admin portals.

Looking forward to helpful feedback thanks.
THE CODE:
<?php
$portal=$_POST['portal'];
$u_id=$_POST['uname'];
$pwd=$_POST['upass'];
//my sql part
$host="localhost";
$dbuser="root";
$dbpass="";
//connect to the database
$conn= mysql_connect($host,$dbuser,$dbpass) or exit("Connection Error".mysql_error());

mysql_select_db('cars') or exit("Database not found");
//The Query
$strSQL= "SELECT `u_name` from `users` where `u_name` = '.$u_id.' and `pass` = '.$pwd.' and `type` = '.$portal.'";

$result=mysql_query($strSQL, $conn) or exit("sql Error:".mysql_error());
//logic test
$numrows=mysql_num_rows($result);
//error below here
if($numrows=1){
/*echo "success";

echo "Name:".$u_id."</br>";*/
//user access
if ($portal="user"){
header("Location:upload.html");
}
else{
echo "login error";

return false;
}
//dealer access even with wrong credentials this is opened
if ($portal="dealer"){
header ("Location:select.html");
}
//administrator access

elseif ($portal="admin"){
header ("Location : login.html");
}
}
else{
echo" Login Failed";
echo "</br><a href='#' onclick='window.history.back();'>Click Here</a>";

}
?>

_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke

--
Regards,

Yegon Victor | Web Specialist/Internet Consultant |

_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke

--
Regards,
Peter Karunyu
-------------------

_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke

_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke

_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke

--
Regards,
Peter Karunyu
-------------------

--
Regards,
Peter Karunyu
-------------------