0

What is the problem with following code? Please help me out.

I want to match admin-id and password from the database along with login-id and password of the normal users and further want to transfer the control to the respective forms.

When I run this code it gives following errors:

Notice: Undefined variable: userstatus in C:\xampp\htdocs\xampp\Test\HRMS\extract.php on line 25

Notice: Undefined variable: usertype in C:\xampp\htdocs\xampp\Test\HRMS\extract.php on line 30

$query1="select user_type,user_staus from `user_info` where name='$username' and  
password='$password'";
$fetched=mysql_query($query1);

while($record=mysql_fetch_assoc($fetched))
{
    while(each($record))
    { 
        $usertype=$record["user_type"];
        $userstatus=$record["user_staus"];
    }//closing of 1st while loop
}//closing of 2nd while loop

if($userstatus==1) //if is logged in already
{
    echo "Please login after some time";
    exit();
}

if($usertype == 0) // if user is not an admin
{
    $query1="select * from `user_info` where name='$username' and  password='$password'";
    $result = mysql_query($query1);
    if(mysql_num_rows($result) == 1) 
    {
        header("Location: user_form.php");
    }
}
else if($usertype == 1) //if the user is a normal user
{
    header("Location: admin_form.php");
}
else 
{
    echo "please register to login";
}

Can someone help me find the problem?

Improve this question
2
  • php notices are not errors. your problems are elsewhere. Commented Jan 12, 2012 at 5:57
  • 1
    Regardless of the other problems in the OP's code, Notices are indeed important to resolve. Today's notices are tomorrow's nightmares. Commented Jan 12, 2012 at 6:00

2 Answers 2

Reset to default
1

There are many problems with your code, main reason you receiving an error is because $usertype and $userstatus are not predefined and not validated.
But in my opinion it is not a main issue with your code.

There are few questions that I would like to ask you:

  • Why creating two loops if you need to fetch a single row?
  • Why querying database twice if you already know the answer?
  • Are you escaping $username and $password for bad characters using mysql_real_escape_string method?

here is an example how this code should look like:

$query1 = "SELECT user_type,user_staus FROM `user_info` WHERE name='{$username}' AND password='{$password}' LIMIT 1";

$fetched = mysql_query($query1);

//check if record exists otherwise you would receive another notice that can 
//break redirect functionality
if (mysql_num_rows($fetched))
{
    $record = mysql_fetch_assoc($fetched);

    // make sure that value is integer
    if ((int)$record["user_staus"])
    {
        exit("Please login after some time");
    }
    else
    {
        $url = (bool)$record["user_type"] ? 'admin_form.php' : 'user_form.php';

        header("Location: {$url}");

        exit(0);
    }

}
else
{
    echo "please register to login";
}

UPDATE
As suggested by nikc.org, removed 3rd level if nesting and replaced with ternary comparison

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

Why the 3-level deep nesting of ifs? The innermost could be merged with its "parent" to produce a if...elseif...else. (Also casting to an int when you really want a bool is ugly IMO, but that's just me.)
Thanks a lot for quick attention. actually administrator has explicitly set the usertype which is 1 for admin and 0 for normal user. User status is meant for login status which is updates when a person logs in and updated once again to normal status when he logs out. Thanks...
@nikc.org I understand that it's not a perfectly minimized code and it can be optimised further, like using ternary comparison to avoid nesting, however I left a code more simple to separate logic.
@Nazariy: If I do not create 2 while loops then table informations will not be stored in an array. I want to check whether the person trying to log in is normal user or admin. If he is normal user then it has to match with 0 (user-type) else 1(admin-type). m checking user status in the very beginning only to find out whether he has already logged in some where else. Still this code is not working. Do you have some other way or can we modify the same code to work accordingly? Thanks in advance.
@ShashiRoy What do you mean if user is logged in somewhere else? Supplied code have identical functionality as your but minimized.
|
0

you have overlooked the scope rules ( since you have not shown full code)

while($record=mysql_fetch_assoc($fetched))
{
    while(each($record))
    { 
        $usertype=$record["user_type"];
        $userstatus=$record["user_staus"];
    }//closing of 1st while loop

}//closing of 2nd while loop

Here $usertype and $userstatus are declared inside inner while loops { } . ie, their scope resorts to that { } . as soon as code comes out of it the $userstatus and $usertype dies and so further accessing is not possible .

you must declare there variables ut side in global area first .

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.