0

I've gone through the similar questions and I think I've implemented all the ideas. I have two forms on the login page, one for admins login and one for employees login

The first form has a button name="login"

the second form has a button name "login2"

The login for admins is working perfectly. this is the code for it

 if (isset($_POST['login']))

    { $username = mysqli_real_escape_string($con,$_POST['username']);
      $pwd      = md5($_POST['password']);

      if (isset($username) == true && isset($pwd) == true){

         $login = login($username, $pwd);

        var_dump($login);
        if($login != null) {

            $_SESSION ['user_id']  = $login ['buss_id'];
            $_SESSION ['usernameholder'] = $login ['username'];
            ob_start();

            if ($login['level'] =='1')
                {?> 
                <script>
                        window.location.href = "sadmin/index.php";
                    </script> <?php   } 
                    else if($login['level'] =='2') { ?>
                    <script>
                        window.location.href = "user_admin/index.php";
                    </script>

                    <?php } else if($login['level'] =='3') { ?>
                    <script>
                        window.location.href = "reps/index.php";
                    </script>
                    <?php
                    } /* end of login levels. */


        } /* /if $login !=null */
      } /* /if $login = login */
      } /* / if isset el $_POST */

and the function login is this 

    function login($username, $password)
{   $db_host="localhost";
    $db_username="root";
    $db_password="";
    $db_name="dbname";
    $con=mysqli_connect($db_host, $db_username,$db_password, $db_name);

    $qry = "SELECT * FROM `businesses` WHERE `username` = '$username' AND `password` = '$password' AND `active` = 1 LIMIT 1";
    $sql = mysqli_query($con,$qry);
    while($row = mysqli_fetch_array($sql))
    {
        return $row;
    } }

What I did was to simply copy paste the login code and make the names like this $username2

$pwd2 etc...

and changed the query in the function to this 

$qry2 = "SELECT * FROM `employees` WHERE `username` = '$username2' AND `password` = '$password2' AND `active` = 1 LIMIT 1";

As you might have noticed I did var_dump($login) and so I did var_dump($login2) and that keeps returning a NULL value. What's wrong with my code please?!!!

I'm gonna add the login2 code for whoever wanna have a look at it

if (isset($_POST['login2']))

    { $username2 = mysqli_real_escape_string($con,$_POST['username2']);
      $pwd2      = md5($_POST['password2']);

      if (isset($username2) == true && isset($pwd2) == true){

         $login2 = login_employee($username2, $pwd2);

        var_dump($login2);
        if($login2 != null) {

            $_SESSION ['works_for']  = $login2 ['buss_id_fk'];
            $_SESSION ['emp_id'] = $login2 ['emp_id'];
            $_SESSION ['user_name'] = $login2 ['username'];
            ob_start();

            if ($login_employee['level'] =='1')
                {?> 
                <script>
                        window.location.href = "sadmin/index.php";
                    </script> <?php   } 
                    else if($login_employee['level'] =='2') { ?>
                    <script>
                        window.location.href = "user_admin/index.php";
                    </script>

                    <?php } else if($login_employee['level'] =='3') { ?>
                    <script>
                        window.location.href = "reps/index.php";
                    </script>
                    <?php
                    } /* end of login levels. */


        } /* /if $login !=null */
      } /* /if $login = login */
     } /* / if isset el $_POST */

And this is the function login_employee code

function login_employee($username2, $password2)
{   $db_host="localhost";
    $db_username="root";
    $db_password="";
    $db_name="leadapp";
    $con=mysqli_connect($db_host, $db_username,$db_password, $db_name);

    $qry2 = "SELECT * FROM `employees` WHERE `username` = '$username2' AND `password` = '$password2' AND `active` = 1 LIMIT 1";
    $sql2 = mysqli_query($con,$qry2);
    while($row2 = mysqli_fetch_array($sql2))
    {
        return $row2;
    } }

    ?>

And just for the sake of clearance i'm adding a screenshot not the code, of my forms. enter image description here

Improve this question
4
  • do you rename function login($username, $password)... ? Commented Mar 2, 2017 at 21:39
  • Yes I made it login_employee($username2, $password2) Commented Mar 2, 2017 at 21:40
  • hard to guess, better show non working code Commented Mar 2, 2017 at 21:42
  • Done I just added the non working function's code. Commented Mar 2, 2017 at 21:45

1 Answer 1

Reset to default
1

let's get some debag of login_employee function 

 function login_employee($username2, $password2)
{   $db_host="localhost";
    $db_username="root";
    $db_password="";
    $db_name="leadapp";
    $con=mysqli_connect($db_host, $db_username,$db_password, $db_name);
    var_dump($username2);  var_dump($password2); 
    $qry2 = "SELECT * FROM `employees` WHERE `username` = '$username2' AND `password` = '$password2' AND `active` = 1 LIMIT 1";
    $sql2 = mysqli_query($con,$qry2);
    var_dump(mysqli_fetch_array($sql2));
    while($row2 = mysqli_fetch_array($sql2))
    {
        return $row2;
    } }

    ?>

so first two var dumps you get name and password, after that check if this value really in db employees

if var_dump(mysqli_fetch_array($sql2)); do not return your db row - it's mean you have null because there is no match row in database

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

that's what's driving me crazy, it returns NULL. The table does exist, just like the table that holds the admins. It's the same code, same database, only different tables, and the two tables do exist. the admins are in table businesses. gyazo.com/ebe0c65d4b8b77304d39d61b6460e456
do var_dump($qry2) paste here pls and result copy in query in phpmyadmin
Ok now we're getting somewhere, this is what I get. string(126) "SELECT * FROM employees WHERE username = 'tr' AND password = 'c4ca4238a0b923820dcc509a6f75849b' AND active = 1 LIMIT 1" It's selecting the correct hashed password but adding 9b at the end, any idea why?
Ok apparently md5 uses 32 character input and the table's password field was set to 30 characters. So it was causing problems. I set it to 50 characters and it's fixed. Thanks a lot man, your suggestion opened my eyes!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.