Hello all!
Back in thread434-775341 I was shown how to organise my code more efficiently, this helped a lot, however I am now having trouble reorganising another page to look similar to this one. I want the error messages to display when the user enters the information in incorrectly but its not and when the last page was re-oragnsed it worked. This page has two logins:
1) for a staff member who enters the StaffID and password,
2) For an administrator who just enters a password
The information they enter is matched with the info in the DB and if they match they both get access to their OWN pages else an error SHOULD appear, this error is not appearing and I am unsure how to reorganise the code so it works, tried and failed many times, anyone any ideas? Cheers all! code is as follows:
<?php require_once('../../Connections/MARTIN.php'); ?>
<?php
$colname_URLStaffID = "1";
if (isset($HTTP_GET_VARS['StaffID'])) {
$colname_URLStaffID = (get_magic_quotes_gpc()) ? $HTTP_GET_VARS['StaffID'] : addslashes($HTTP_GET_VARS['StaffID']);
}
mysql_select_db($database_MARTIN, $MARTIN);
$query_URLStaffID = sprintf("SELECT * FROM staffinfo WHERE StaffID = '%s'", $colname_URLStaffID);
$URLStaffID = mysql_query($query_URLStaffID, $MARTIN) or die(mysql_error());
$row_URLStaffID = mysql_fetch_assoc($URLStaffID);
$totalRows_URLStaffID = mysql_num_rows($URLStaffID);
//Staff Log In Section
$sql = "SELECT StaffID, SPassword FROM staffinfo
WHERE StaffID='$StaffID'
AND Spassword='$StaffPassword'";
$result = mysql_query($sql)
or die("Couldn't execute query."
;
$num = mysql_num_rows($result);
if ($num == 1)
header("location: Logged In/WelcomeStaffPage.php?StaffID=".$HTTP_POST_VARS['StaffID'].""
//Administrator Log In Section
$sql = "SELECT AdminPassword FROM administrator
WHERE AdminPassword='$AdminPassword'";
$result = mysql_query($sql)
or die("Couldn't execute query."
$num = mysql_num_rows($result);
if ($num == 1)
header("location: Logged In/WelcomeAdminPage.php"
else
$message = "<i>The details you have entered are incorrect";
?>
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<p align="center"><img name="Sites20Title20Border" src="../Sites%20Title%20Border.gif" width="799" height="89" border="0" alt="">
</p>
<p> </p>
<p align="center"><font color="#000000" size="5">Staff<strong> </strong></font>-
<em>Please enter your username and password</em></p>
<form name="form1" method="post" action="">
<div align="center">Staff ID:
<input name="StaffID" type="text" id="StaffID2">
Password:
<input name="StaffPassword" type="password" id="StaffPassword3">
<input type="submit" name="Submit2" value="Submit">
</div>
</form>
<p> </p>
<p align="center"><font color="#000000" size="5">Administrator</font><strong>
</strong>-<em> Please enter your administrator password</em></p>
<form name="form2" method="post" action="">
<div align="center">
<p align="center">Asministrator Password:
<input name="AdminPassword" type="password" id="AdminPassword">
<input type="submit" name="Submit" value="Submit">
</p>
</div>
</form>
<p> </p>
<p> </p>
<p align="center"><a href="../HomePage.php" target="_top">Return to previous page</a></p>
</body>
</html>
<?php
mysql_free_result($URLStaffID);
?>
Back in thread434-775341 I was shown how to organise my code more efficiently, this helped a lot, however I am now having trouble reorganising another page to look similar to this one. I want the error messages to display when the user enters the information in incorrectly but its not and when the last page was re-oragnsed it worked. This page has two logins:
1) for a staff member who enters the StaffID and password,
2) For an administrator who just enters a password
The information they enter is matched with the info in the DB and if they match they both get access to their OWN pages else an error SHOULD appear, this error is not appearing and I am unsure how to reorganise the code so it works, tried and failed many times, anyone any ideas? Cheers all! code is as follows:
<?php require_once('../../Connections/MARTIN.php'); ?>
<?php
$colname_URLStaffID = "1";
if (isset($HTTP_GET_VARS['StaffID'])) {
$colname_URLStaffID = (get_magic_quotes_gpc()) ? $HTTP_GET_VARS['StaffID'] : addslashes($HTTP_GET_VARS['StaffID']);
}
mysql_select_db($database_MARTIN, $MARTIN);
$query_URLStaffID = sprintf("SELECT * FROM staffinfo WHERE StaffID = '%s'", $colname_URLStaffID);
$URLStaffID = mysql_query($query_URLStaffID, $MARTIN) or die(mysql_error());
$row_URLStaffID = mysql_fetch_assoc($URLStaffID);
$totalRows_URLStaffID = mysql_num_rows($URLStaffID);
//Staff Log In Section
$sql = "SELECT StaffID, SPassword FROM staffinfo
WHERE StaffID='$StaffID'
AND Spassword='$StaffPassword'";
$result = mysql_query($sql)
or die("Couldn't execute query."
;$num = mysql_num_rows($result);
if ($num == 1)
header("location: Logged In/WelcomeStaffPage.php?StaffID=".$HTTP_POST_VARS['StaffID'].""
;//Administrator Log In Section
$sql = "SELECT AdminPassword FROM administrator
WHERE AdminPassword='$AdminPassword'";
$result = mysql_query($sql)
or die("Couldn't execute query."
;$num = mysql_num_rows($result);
if ($num == 1)
header("location: Logged In/WelcomeAdminPage.php"
;else
$message = "<i>The details you have entered are incorrect";
?>
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<p align="center"><img name="Sites20Title20Border" src="../Sites%20Title%20Border.gif" width="799" height="89" border="0" alt="">
</p>
<p> </p>
<p align="center"><font color="#000000" size="5">Staff<strong> </strong></font>-
<em>Please enter your username and password</em></p>
<form name="form1" method="post" action="">
<div align="center">Staff ID:
<input name="StaffID" type="text" id="StaffID2">
Password:
<input name="StaffPassword" type="password" id="StaffPassword3">
<input type="submit" name="Submit2" value="Submit">
</div>
</form>
<p> </p>
<p align="center"><font color="#000000" size="5">Administrator</font><strong>
</strong>-<em> Please enter your administrator password</em></p>
<form name="form2" method="post" action="">
<div align="center">
<p align="center">Asministrator Password:
<input name="AdminPassword" type="password" id="AdminPassword">
<input type="submit" name="Submit" value="Submit">
</p>
</div>
</form>
<p> </p>
<p> </p>
<p align="center"><a href="../HomePage.php" target="_top">Return to previous page</a></p>
</body>
</html>
<?php
mysql_free_result($URLStaffID);
?>