Multiple user profiles

Sinz · October 27, 2011, 8:29am

Hi there, below is the code I use to let users login to their control panel, however I would like there to be two different tables one for users and the other for employers.

How can I modify the code below to let users login to either the users profile or the employers profile ?

I’m Ok with probably using a check box and let users click off to where they want to login too or let the script direct them according to their username or password.

thanks!


<?php
if(isset($_POST['login']))
{
	$uname=$_POST['username'];
	$upass=$_POST['password'];
	$querylogin=mysql_query("select * from userdata where username='$uname' and password='$upass'");
	if(!$querylogin)
	{
		echo "Query Failed";
	}
	else
	{
		if(mysql_num_rows($querylogin) == 1)
		{
			$row=mysql_fetch_array($querylogin);
			$status=$row['user_status'];
			$activestatus=$row['status'];
			$userid=$row['user_id'];
			if($status == 1 && $activestatus== "Active" )
			{
				$_SESSION['user_name']=$uname;
				$_SESSION['user_pass']=$upass;
				$_SESSION['sess_adminid1']=$userid;
				$_SESSION['sess_adminusername1']=$uname;
				//echo "<meta http-equiv='refresh' content='0; URL=userprofile.php'>";
				?>
				<script language="javascript">
				document.location.href='<?php echo SERVER_URL;?>user/';
				</script>
			<?php 
			}
			else
			{
				echo "<div align=\\"center\\" style=\\"font-family:Verdana, Arial, Helvetica;font-size:12px;font-weight:900; background-color:#EF8E8E; padding:5px;\\">Your Account is not activated.Check your Inbox</div>";
			}
		}
		else
		{
			echo "<div align=\\"center\\" style=\\"font-family:Verdana, Arial, Helvetica;font-size:12px;font-weight:900; background-color:#EF8E8E; padding:5px;\\">Username or Password Invalid</div>";
		}
	}
}
?>
    
        <!------------>
        <?php
        if ((isset($_SESSION['user_name']) && $_SESSION['user_pass'] != "") || (isset($_SESSION['admin_upass']) && $_SESSION['admin_upass']!= ""))
{  
	
}
else
{
?>
	  <div id="signup-form-form">
                <form method="post" action="" name="login_form">
                    <table class="nom">
                        <tr>
                            <td><label for="inp-user">Username:</label></td>
                            <td colspan="2"><input type="text" name="username" id="username" style="margin:3px 0;" size="39" /></td>
                        </tr>
                        <tr>
                            <td><label for="inp-pass">Password:</label></td>
                            <td colspan="2"><input type="password" name="password" id="password" style="margin:3px 0;" size="39" /></td>
                        </tr>
                        <tr>
                            <td></td>
                            <td class="smaller"><input type="checkbox" name="" id="inp-remember" /> <label for="inp-remember" title="Remember me for 14 days" class="help">Remember</label></td>
                            <td class="t-right"> <input type="submit" name="login" value="Login" style="margin-top:2px;" /></td>
                        </tr>
                    </table>
                </form>
				
				
	
	
            </div>  <!-- /signup-form-form -->
            <div id="signup-form-bottom">
                <p class="ico-send nom"><a href="">Forgot your password?</a></p>
            </div> <!-- /signup-form-bottom -->
			
        </div> <!-- /signup-form -->
	 	  <?php } ?>   <?php ?> 
	   </div> <!-- /top -->

Cups · October 27, 2011, 10:08am

Some observations.


if(isset($_POST['login']))

I don’t like using this test because depending on the browser, if the user just fills in your form and hits enter a submit button called “login” may not be passed to your form handler.

Another thing: Fail early.

Do you have some rules about what a username should consist of?

Say it is supposed to be between 4 and 12 chars - letters or numbers only with no spaces.

Then you check for username being submitted and check it fits the pattern, if not show the login form


<?php
// filter against expectations
if( !isset($_POST['username']) || preg_match('#^[a-z]{4,12}$#i', $input) === 0){
show_form();
}

// how long should passwords be?  (or maybe you have similar rules you can apply?)

if( !isset($_POST['password']) || strlen($_POST['password'] > 10 || ){
show_form();
}

....

// pseudocode-ish

//BUT you still need to protect your database
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);

now get status from database { 

// stick with one name username, 
// don't change it to uname, there is no point
// html form <-> PHP <--> Mysql

"select status from users where username = $username and password = $password" ;

on fail:
show_form();

}
on success : {
now set their session
now relocate to their start page
...
}

// wrap your html form in a function for now **

function show_form(){

echo your form out here;

}

** show_form(); could also do this if you wanted:


show_form(){

include 'header.php';
include 'login_form.php';
include 'footer.php';
exit();
}

Some ideas, HTH - mock it up, play with it, ask questions.