DeanWhitehouse Posted April 16, 2008 Share Posted April 16, 2008 I have begun writing a PHP website template system, and have hit a problem <?php include '../includes/db_connect.php'; include '../includes/config_table.inc.php'; $user_name = $_POST["user_name"]; $user_password = $_POST["user_password"]; if ($user_name && $user_password) { $salt = substr($user_password, 0, 2); $userPswd = crypt($user_password, $salt); $login_check = mysql_num_rows(mysql_query("SELECT * FROM `$user` WHERE user_name='$user_name' AND user_password='$userPswd'" )); $check_ad = mysql_query("SELECT * FROM `$user` WHERE userlevel=0"); $check_us = mysql_query("SELECT * FROM `$user` WHERE userlevel=1"); //echo("DEBUG:\r\n"); //echo("login_check:".$login_check."\r\n"."check_ad:".$check_ad."\r\n"."check_us:".$check_us."\r\n\r\n"); if ($login_check == 1 && $check_ad) { echo "Logged In Sucessfully. Please wait while you are redirected"; echo "<meta http-equiv='refresh' content='2; url=setadmincookie.php?u=$username&p=$user_password'>"; } elseif ($login_check == 1 && $check_us) { echo "Logged In Sucessfully. Please wait while you are redirected"; echo "<meta http-equiv='refresh' content='2; url=setcookie.php?u=$username&p=$user_password'>"; } else { echo 'Login failed. Username and Password did not match database entries.'; } } else { echo "Form was not completed. Please go back and make sure that the form was fully completed."; } mysql_close(); ?> this code is ment to check the userlevel against the database and send them to one place or another depending on there level. How ever is isn't working, it is always sending to the admin area, and not the user area. i have two accounts made on the site, one user and one admin. Admin has userlevel 1, user has userlevel 2. Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted April 16, 2008 Share Posted April 16, 2008 $check_ad and $check_us will be mysql resource identifiers, not values. don't use those to compare anything. Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted April 16, 2008 Author Share Posted April 16, 2008 i thought that was a problem, but if i do <?php $login_check = mysql_num_rows(mysql_query("SELECT * FROM `$user` WHERE user_name='$user_name' AND user_password='$userPswd' AND userlevel='1'" )); ?> this will only check it for admin or if i do <?php $admin == 1; $user == 2; $login_check = mysql_num_rows(mysql_query("SELECT * FROM `$user` WHERE user_name='$user_name' AND user_password='$userPswd'" userlevel='$admin')); $login_check = mysql_num_rows(mysql_query("SELECT * FROM `$user` WHERE user_name='$user_name' AND user_password='$userPswd'" userlevel='$user')); ?> the $login_check == 1 will not work, as there is more than one user, but only one main admin Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted April 16, 2008 Share Posted April 16, 2008 correct. you'll need to change your logic to determine whether the user is logged in as admin or logged in as a regular user. Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted April 16, 2008 Author Share Posted April 16, 2008 As you might be able to tell, i am fairly new to PHP, please can you go into more details on how to do this. My other idea was to use the user ID as a way to determine it, because the admin will always be ID 1. Quote Link to comment Share on other sites More sharing options...
jonsjava Posted April 16, 2008 Share Posted April 16, 2008 I think this will do what you need *didn't error check it too thoroughly, though*: <?php include '../includes/db_connect.php'; include '../includes/config_table.inc.php'; $user_name = $_POST["user_name"]; $user_password = $_POST["user_password"]; $verify_username = strlen($user_name); $verify_pass = strlen($user_password); if ($verify_pass > 0 && $verify_username > 0) { $salt = substr($user_password, 0, 2); $userPswd = crypt($user_password, $salt); $sql = "SELECT * FROM `$user` WHERE user_name='$user_name' AND user_password='$userPswd' LIMIT 1;"; $result = mysql_query($sql); if (mysql_num_rows($result) == 1){ $row = mysql_fetch_assoc($result); $user_level = $row['userlevel']; if ($user_level == 1) { echo "Logged In Sucessfully. Please wait while you are redirected"; echo "<meta http-equiv='refresh' content='2; url=setadmincookie.php?u=$username&p=$user_password'>"; } elseif ($user_level == 2){ echo "Logged In Sucessfully. Please wait while you are redirected"; echo "<meta http-equiv='refresh' content='2; url=setcookie.php?u=$username&p=$user_password'>"; } } else{ echo 'Login failed. Username and Password did not match database entries.'; } } else { echo "Form was not completed. Please go back and make sure that the form was fully completed."; } mysql_close(); ?> **EDIT** Forgot to do a couple things. give me a minute to finish this up. **EDIT2** Fixed forgotten things. should work now. Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted April 17, 2008 Author Share Posted April 17, 2008 Yer this code works, very well. Now all i need to do is learn sessions, from what i gathered you set a session from the login page and then each page checks for the session? Quote Link to comment Share on other sites More sharing options...
jonsjava Posted April 17, 2008 Share Posted April 17, 2008 yes, you are correct. at the head of all files, (including the login script) add: <?php session_start(); ?> and in the login script, add this as well: <?php $_SESSION['is_valid'] = true; //change the session variable name to what you want, just remember it for all files $_SESSION['username'] = $row['user_name']; $_SESSION['user_level'] = $row['userlevel']; ?> and for all the files that need to know user level, or username, etc... <?php if ($_SESSION['is_valid'] == true){ if ($_SESSION['user_level'] == 0){ //do something for general users } if ($_SESSION['user_level'] == 1){ //do something for admins } } ?> for more info, just ask, and we shall answer Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted April 17, 2008 Author Share Posted April 17, 2008 so do i not need a code to check for the session? Edit: Also can you help with this, i want the index page to redirect to whatever the user specified page is. <?php require_once 'main.inc.php'; header('Location: '$home_page''); ?> but it is being read as '$home_page' as the page i want, not what is entered into the varaible main.inc.php <?php $home_page = "install/install.php"; ?> Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted April 17, 2008 Author Share Posted April 17, 2008 edit to my previous post so do i not need a code to check for the session? Edit: Also can you help with this, i want the index page to redirect to whatever the user specified page is. <?php require_once 'main.inc.php'; header('Location: '$home_page''); ?> but it is being read as '$home_page' as the page i want, not what is entered into the varaible main.inc.php <?php $home_page = "install/install.php"; ?> Edit: Also can you help with this, i want the index page to redirect to whatever the user specified page is. <?php require_once 'main.inc.php'; header('Location: '$home_page''); ?> this kinda works but i get this error: Warning: Division by zero in /home/www/deanwhitehouse.awardspace.co.uk/main.inc.php on line 2 Warning: Cannot modify header information - headers already sent by (output started at /home/www/deanwhitehouse.awardspace.co.uk/main.inc.php:2) in /home/www/deanwhitehouse.awardspace.co.uk/index.php on line 3 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.