Hi can anyone see what im doing wrong. Im using the one login for both user and admin and it is directing me to the admin page but when i enter a users name and password its saying username and password incorrect. Have messed with this for hours.
PHP FILE:
<?php
if(isset($_POST['Submit'])) //Check if the login form has been submitted
{
include ('dbconnection.php');
//Get the values from the new user form
$pw = md5($_POST['Password']); //Note use of MD5 hash function
$username = $_POST['UserName'];
//Set up and execute the INSERT query
$query = "SELECT * FROM users Where UserName = '$username' AND Password ='$pw' AND Role = 'User' ";
$result=mysql_query($query); //Get the query result
$num=mysql_numrows($result); //Get number of records returned
if ($num) //Logon is successful - redirect to restricted home page
{
session_start();
$_SESSION['UserId']=$username; //Save the username in a session variable
mysql_close($connection); //close database connection
header("Location: Index.php?Successful"); //display the restricted page
}
else //Logon has failed - reload the logon page
{
mysql_close($connection);//close database connection
header("Location: Emersrecipes.php?err"); //id user does not exist in db directs back to login page with an error
}
}
?>
<?php
if(isset($_POST['Submit'])) //Check if the login form has been submitted
{
include ('dbconnection.php');
//Get the values from the new user form
$pw = md5($_POST['Password']); //Note use of MD5 hash function
$username = $_POST['UserName'];
//Set up and execute the INSERT query
$query = "SELECT * FROM users Where UserName = '$username' AND Password ='$pw' AND Role = 'Administrator' ";
$result=mysql_query($query); //Get the query result
$num=mysql_numrows($result); //Get number of records returned
if ($num) //Logon is successful - redirect to restricted home page
{
session_start();
$_SESSION['UserId']=$username; //Save the username in a session variable
mysql_close($connection); //close database connection
header("Location: Admin\admin.php?Successful"); //display the restricted page
}
else //Logon has failed - reload the logon page
{
mysql_close($connection);//close database connection
header("Location: Emersrecipes.php?err"); //id user does not exist in db directs back to login page with an error
}
}
?>
HTML FORM
<div class = 'grd6'>
<article>
<p>Welcome today is <?php echo date ('M j, Y');?></P>
</article>
<form class = 'loginform' method="post" action="<?php echo $_SERVER['PHP_SELF'];?>" name="loginform">
<h2>User Login Form</h2>
Username:<input name="UserName" type="text" size="30" maxlength="30" placeholder='Enter Your Name' required/><br />
Password:<input name="Password" type="Password" placeholder= 'Enter your password' required size="30" maxlength="30" /><br /><p>
<input name="Submit" type="Submit" value="Login" />
<?php include ('php\Login.php')?>
</form>
</div>