I suspect it's line 18 where you state thus:

if($numrows=1){

I reckon you wanted to say:

if($numrows == 1){


On Wed, Apr 24, 2013 at 2:46 PM, Victor Yegon <viktayeg@gmail.com> wrote:
How do you assign username an id??


On Wed, Apr 24, 2013 at 2:40 PM, Andrew Nduati <nduatiandrew@gmail.com> wrote:
Afternoon people, I urgently need someone to look at my code below and tell my why:
1. The wrong credentials allow one access.
2. Only the dealers page is opening even after selecting user or admin portals.
Looking forward to helpful feedback thanks.
THE CODE:
<?php
$portal=$_POST['portal']; 
$u_id=$_POST['uname'];
$pwd=$_POST['upass'];
//my sql part
$host="localhost";
$dbuser="root";
$dbpass="";
//connect to the database
$conn= mysql_connect($host,$dbuser,$dbpass) or exit("Connection Error".mysql_error());
mysql_select_db('cars') or exit("Database not found");
//The Query
$strSQL= "SELECT `u_name` from `users` where `u_name` = '.$u_id.' and `pass` = '.$pwd.' and `type` = '.$portal.'";   
$result=mysql_query($strSQL, $conn) or exit("sql Error:".mysql_error());
//logic test
$numrows=mysql_num_rows($result);
//error below here
if($numrows=1){
/*echo "success";
echo "Name:".$u_id."</br>";*/
 //user access
if ($portal="user"){
header("Location:upload.html");
}
else{
echo "login error";
return false;
}
//dealer access even with wrong credentials this is opened
if ($portal="dealer"){
header ("Location:select.html");
}
//administrator access
elseif ($portal="admin"){
header ("Location : login.html");
}
}
else{
echo" Login Failed";
echo "</br><a href='#' onclick='window.history.back();'>Click Here</a>";
}
?>

_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke



--
Regards,

Yegon Victor | Web Specialist/Internet Consultant |



_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke



--
Regards,
Peter Karunyu
-------------------