Originariamente inviato da satifal
Riposta il nuovo script modificato completo.
Ho modificato solo questo:

Codice PHP:
<?php include 'controllo_login.class.php';   
$auth = new UserAuthentication(); 
$auth->VerifyLogin(); 
$auth->IsAuth(); 
$grado $auth->ShowGrado();  
if($grado == "Amministratore"){         
header('refresh: 0; url=pannello_amministratore.php'); 

else{         
header('refresh: 0; url=pannello_utente.php'); 

?>
Questa è la classe

Codice PHP:
<?php     
session_start();     
class UserAuthentication  
{      
public $conn;             
protected function DbConnect()          
{              
include "connessione.php";                 
$this->conn mysql_connect($host,$user,$password) OR die("Impossibile connettersi al database");              
mysql_select_db($db$this->conn);          
}             
public function VerifyLogin()          
{              
$username $_POST['username'];              
$password $_POST['password'];              
$this->DbConnect();          
//Questa query quando vado a stamparla me la stampa senza $username e $password. Non capisco cosa sbaglio    
$sql "SELECT * FROM utente WHERE username='$username' AND password='$password'";              
$res mysql_query($sql,$this->conn);                 
if($row mysql_fetch_array($res))              
{                  
$_SESSION['auth'] = 1;                  
$_SESSION['user_id'] = $row['username'];                  
header("Location: login_effettuato.php");                  
mysql_close($this->conn);                  die;              
}              
else              
{                  
echo "<script type=\"text/javascript\">alert(\"Attenzione dati non validi!\")</script>";                                   
header('refresh: 0; url=login.php');                  
mysql_close($this->conn);                  
die;              
}          
}             
public function IsAuth()          
{              
if(!isset($_SESSION['auth']))              
{                  
header("Location: home.php");                  
die;              
}          
}             
public function ShowUsername()          
{              
$this->DbConnect();              
$sql "SELECT username FROM utente WHERE username=$_SESSION[user_id]";              
$res mysql_query($sql,$this->conn);              
$row mysql_fetch_array($res);              
mysql_close($this->conn);              
return $row['username'];          
}                  
public function ShowGrado()          
{              
$this->DbConnect();              
$sql "SELECT grado FROM utente WHERE username=$_SESSION[user_id]";              
$res mysql_query($sql,$this->conn);              
$row mysql_fetch_array($res);              
mysql_close($this->conn);              
return $row['grado'];          
}  
}     
?>
Questo è il form del login della prima pagina:

Codice PHP:
<centerInserire i dati di accesso

 
<form action="login_effettuato.php" method="post"name="form1"
<table border="1"
<tr
 <td align="center">Login:</td
<td align="center"><input type="text" name="username" value="" size="40"></td> </tr
<tr>  <td align="center">Password:</td> <td align="center"><input type="password" name="password" value="" size="40"></td> </tr> </table

 
<input type="submit" value="Invia dati"
</form>
 </center