nicht angemeldet
Hallo,
wir haben das auf einer Seite wie folgt gemacht:
<?php
$OnLoad = '';
if (true === isset($_REQUEST['Login']))
{
$Sql =
"SELECT *" .
" FROM reg\_user" .
" WHERE username = '" . mysql_real_escape_string($_REQUEST['Login']['Usr']) . "'" .
"";
$Res = mysql_query($Sql)
or die(mysql_error());
if (false === $Usr = mysql_fetch_object($Res))
{
$OnLoad = ' onload="alert('User nicht bekannt');"';
}
else
{
if ($Usr->passwort != $_REQUEST['Login']['Pwd'])
{
$OnLoad = ' onload="alert('Passwort unkorrekt');"';
}
else
{
$_SESSION['LoggedIn'] = true;
$_SESSION['Usr'] = $Usr;
}
}
}
?>
<body<?php print $OnLoad; ?>>
<?php
if (true === $_SESSION['LoggedIn'])
{
switch ($_SESSION['Usr']->rights)
{
case 'admin' :
header('Location: http://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'] . '?seite=user');
break;
default :
header('Location: http://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'] . '?seite=user');
break;
}
}
else
{
?>
<form name="form1" method="post" action="">
<table width="50%" border="0" align="center">
<tr>
<td width="42%" height="30">NickName</td>
<td width="58%"><label>
<input name="Login[Usr]" type="text" class="name_input1" size="35">
</label></td>
</tr>
<tr>
<td height="30">Passwort</td>
<td height="30"><input name="Login[Pwd]" type="password" class="name_input1" size="35"></td>
</tr>
<tr>
<td height="30"> </td>
<td height="30"><input type="submit" class="name_input1" value="Login"></td>
</tr>
</table>
</form>
<?php
}
?>
Gruß,
Svenja
Der Martin