-2

I'm trying to check if the one who logged in is user or admin, I created a column in my DB named 'pin' and put the value whether 0 or 1. if the pin in 0 so the logged in is an admin and user otherwise. here is my code but it didn't work with me, please help, I'm totally beginner 

$query = mysql_query("SELECT ID, password FROM facultymember ".
    "WHERE password='$password' AND ID='$ID'", $connection);
$query2 = mysql_query("SELECT pin FROM facultymember ".
    "WHERE password='$password' AND ID='$ID'", $connection);
$row2 = mysql_fetch_assoc($query2);
$check = $row2['pin'];
$rows = mysql_num_rows($query);
if ($rows == 1 && $check == 1) {
    $_SESSION['login_user']=$ID; // Initializing Session
    header("location: homeFM.php"); // Redirecting To Other Page

}
else if($rows == 1 && $check == 0) {
    $_SESSION['login_user']=$ID; // Initializing Session
    header("location: homeA.php"); // Redirecting To Other Page
} else {
    $error = "Username or Password is invalid";
}
mysql_close($connection); // Closing Connection
}
alexander.polomodov
  • 5,396
  • 14
  • 39
  • 46
Afnan Humdan
  • 195
  • 3
  • 12
  • 2
    *"but it didn't work with me"* - Meaning? – Funk Forty Niner Mar 10 '16 at 17:14
  • the page of homeFM.php opens on each situation, for admin and user – Afnan Humdan Mar 10 '16 at 17:17
  • 1
    Why don't you query for the `pin` with the first query? Why run a completely different one? – Jon Mar 10 '16 at 17:22
  • is it wrong to do this? – Afnan Humdan Mar 10 '16 at 17:23
  • You don't need to select the `ID, password` you already have that because they are the variables. Passwords should be hashed, hopefully these values have been sanatized. – chris85 Mar 10 '16 at 17:27
  • [Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Jay Blanchard Mar 10 '16 at 20:12
  • Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Mar 10 '16 at 20:13

2 Answers2

1

Ok, so i rewrote what you have to try and make sense of it for you, with comments.

$query = mysql_query("SELECT ID, password, pin FROM facultymember ".
    "WHERE password='$password' AND ID='$ID'", $connection);

$row = mysql_fetch_assoc($query);

if(false != $row){ // user info exists/correct
    $_SESSION['login_user'] = $row['ID'];
    if('1' == $row['pin']) { //not admin    
        header("location: homeFM.php"); // Redirecting To Other Page
        die;
    } else { //admin
        header("location: homeA.php"); // Redirecting To Other Page
        die;
    }
} else { //login doesn't exist
    $error = "Username or Password is invalid";
}

mysql_close($connection); // Closing Connection

And that should work for you, hopefully the comments explain it. If it doesn't work, let me know, but it should according to the info you provided.

That being said....

I hope that your passwords are hashed, the input is sanitized, and that you look in to using PDO or MySQLi classes instead of the old deprecated mysql_ functions.

As a side note session_start(); is needed to start a session, not just assigning a variable within the super-global.

Jon
  • 4,746
  • 2
  • 24
  • 37
0
Error: There is 1 more closing curly braces '}' found

I'm guessing it is the last curly brace that needs removing 

$query = mysql_query("SELECT ID, password FROM facultymember  WHERE password='".$password."' AND ID=".$ID, $connection);

$query2 = mysql_query("SELECT pin FROM facultymember WHERE password='".$password."' AND ID=".$ID, $connection);

Your querys had weird concatenation

Adam Hull
  • 214
  • 1
  • 8