Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- if(isset($_POST['submit']))
- {
- SignIn();
- }
- function SignIn()
- {
- session_start(); //starting the session for user profile page
- if(!empty($_POST['user'])) //checking the 'user' name which is from Sign-In, is it empty or have some text
- {
- $query = mysql_query ("SELECT * FROM websiteusers WHERE userName = '$_POST[user]' AND pass = '$_POST[pass]'") or die(" db not available" . mysql_error());
- $row = mysql_fetch_array($query) or die(mysql_error());
- if(!empty($row['userName']) and !empty($row['pass']) )
- {
- if ($row['usertype']=="admin")
- {
- session_start ();
- $_SESSION['name'] = $row['fullname'];
- $_SESSION['userID'] = $row['userID'];
- header("location:admin.php");
- }
- elseif ($row['usertype']=='designer')
- {
- session_start ();
- $_SESSION['name'] = $row['fullname'];
- $_SESSION['userID'] = $row['userID'];
- header("location:designer.php");
- }
- }
- else
- {
- echo "SORRY... YOU ENTERD WRONG ID AND PASSWORD... PLEASE RETRY...";
- }
- }
- }
- //I hope this die() here is only for testing purpose.
- //In a live version available to public, you should use some better way of
- //displaying errors such as exception handling
- $query = mysql_query ("SELECT * FROM websiteusers WHERE userName = '".mysql_real_escape_string($_POST[user])."' AND pass = '".mysql_real_escape_string($_POST[pass]."'") or die(" db not available" . mysql_error());
- if(mysql_num_rows($query)>0){ //this means username and password is found
- //the die() here is not needed, since a match is found, it will fetch it
- $row = mysql_fetch_array($query) or die(mysql_error());
- if ($row['usertype']=="admin")
- {
- session_start ();
- $_SESSION['name'] = $row['fullname'];
- $_SESSION['userID'] = $row['userID'];
- header("location:admin.php");
- }
- elseif ($row['usertype']=='designer')
- {
- session_start ();
- $_SESSION['name'] = $row['fullname'];
- $_SESSION['userID'] = $row['userID'];
- header("location:designer.php");
- }
- }
- else //no match for that username and password is found
- {
- echo "SORRY... YOU ENTERD WRONG ID AND PASSWORD... PLEASE RETRY...";
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement