Jump to content

Recommended Posts

I have begun writing a PHP website template system, and have hit a problem

<?php

include '../includes/db_connect.php';
include '../includes/config_table.inc.php';


$user_name = $_POST["user_name"];        
$user_password = $_POST["user_password"];    

if ($user_name && $user_password)        
{

$salt = substr($user_password, 0, 2);
$userPswd = crypt($user_password, $salt);
$login_check = mysql_num_rows(mysql_query("SELECT * FROM `$user` WHERE user_name='$user_name' AND user_password='$userPswd'" ));
$check_ad = mysql_query("SELECT * FROM `$user` WHERE userlevel=0");
    $check_us = mysql_query("SELECT * FROM `$user` WHERE userlevel=1");

//echo("DEBUG:\r\n");
//echo("login_check:".$login_check."\r\n"."check_ad:".$check_ad."\r\n"."check_us:".$check_us."\r\n\r\n");

    if ($login_check == 1 && $check_ad) {

echo "Logged In Sucessfully. Please wait while you are redirected";    
echo "<meta http-equiv='refresh' content='2; url=setadmincookie.php?u=$username&p=$user_password'>";

    } elseif ($login_check == 1 && $check_us) {    
    
echo "Logged In Sucessfully. Please wait while you are redirected";    
echo "<meta http-equiv='refresh' content='2; url=setcookie.php?u=$username&p=$user_password'>";

    } else {

echo 'Login failed. Username and Password did not match database entries.';    

    }
}

else    
{
    echo "Form was not completed. Please go back and make sure that the form was fully completed.";    
}


mysql_close();
?>

this code is ment to check the userlevel against the database and send them to one place or another depending on there level.

How ever is isn't working, it is always sending to the admin area, and not the user area.

i have two accounts made on the site, one user and one admin. Admin has userlevel 1, user has userlevel 2.

Link to comment
https://forums.phpfreaks.com/topic/101440-php-user-class/
Share on other sites

i thought that was a problem, but if i do

<?php
$login_check = mysql_num_rows(mysql_query("SELECT * FROM `$user` WHERE user_name='$user_name' AND user_password='$userPswd' AND userlevel='1'" ));
?>

this will only check it for admin or if i do

<?php
$admin == 1;
$user == 2;
$login_check = mysql_num_rows(mysql_query("SELECT * FROM `$user` WHERE user_name='$user_name' AND user_password='$userPswd'" userlevel='$admin'));
$login_check = mysql_num_rows(mysql_query("SELECT * FROM `$user` WHERE user_name='$user_name' AND user_password='$userPswd'" userlevel='$user'));
?>

the

$login_check == 1 

will not work, as there is more than one user, but only one main admin

 

Link to comment
https://forums.phpfreaks.com/topic/101440-php-user-class/#findComment-518887
Share on other sites

I think this will do what you need *didn't error check it too thoroughly, though*:

<?php

include '../includes/db_connect.php';
include '../includes/config_table.inc.php';


$user_name = $_POST["user_name"];        
$user_password = $_POST["user_password"];    
$verify_username = strlen($user_name);
$verify_pass = strlen($user_password);
if ($verify_pass > 0 && $verify_username > 0)
{
$salt = substr($user_password, 0, 2);
$userPswd = crypt($user_password, $salt);
$sql = "SELECT * FROM `$user` WHERE user_name='$user_name' AND user_password='$userPswd' LIMIT 1;";
$result = mysql_query($sql);
if (mysql_num_rows($result) == 1){
$row = mysql_fetch_assoc($result);
$user_level = $row['userlevel'];
	if ($user_level == 1) {
		echo "Logged In Sucessfully. Please wait while you are redirected";    
		echo "<meta http-equiv='refresh' content='2; url=setadmincookie.php?u=$username&p=$user_password'>";
	} 
	elseif ($user_level == 2){    
		echo "Logged In Sucessfully. Please wait while you are redirected";    
		echo "<meta http-equiv='refresh' content='2; url=setcookie.php?u=$username&p=$user_password'>";
	}
}
else{
	echo 'Login failed. Username and Password did not match database entries.';    
    }
}

else
{
    echo "Form was not completed. Please go back and make sure that the form was fully completed.";    
}


mysql_close();
?>

**EDIT**

Forgot to do a couple things. give me a minute to finish this up.

**EDIT2**

Fixed forgotten things. should work now.

Link to comment
https://forums.phpfreaks.com/topic/101440-php-user-class/#findComment-518937
Share on other sites

yes, you are correct. at the head of all files, (including the login script) add:

<?php
session_start();
?>

and in the login script, add this as well:

<?php
$_SESSION['is_valid'] = true; //change the session variable name to what you want, just remember it for all files
$_SESSION['username'] = $row['user_name'];
$_SESSION['user_level'] = $row['userlevel'];
?>

and for all the files that need to know user level, or username, etc...

<?php
if ($_SESSION['is_valid'] == true){
if ($_SESSION['user_level'] == 0){
//do something for general users
}
if ($_SESSION['user_level'] == 1){
//do something for admins
}
}
?>

for more info, just ask, and we shall answer

Link to comment
https://forums.phpfreaks.com/topic/101440-php-user-class/#findComment-519009
Share on other sites

so do i not need a code to check for the session?

Edit: Also can you help with this, i want the index page to redirect to whatever the user specified page is.

<?php
require_once 'main.inc.php';
header('Location: '$home_page'');
?>

but it is being read as '$home_page' as the page i want, not what is entered into the varaible

main.inc.php

<?php
$home_page = "install/install.php";
?>

Link to comment
https://forums.phpfreaks.com/topic/101440-php-user-class/#findComment-519821
Share on other sites

edit to my previous post

so do i not need a code to check for the session?

Edit: Also can you help with this, i want the index page to redirect to whatever the user specified page is.

<?php
require_once 'main.inc.php';
header('Location: '$home_page'');
?>

but it is being read as '$home_page' as the page i want, not what is entered into the varaible

main.inc.php

<?php
$home_page = "install/install.php";
?>

Edit: Also can you help with this, i want the index page to redirect to whatever the user specified page is.

<?php
require_once 'main.inc.php';
header('Location: '$home_page'');
?>

this kinda works but i get this error:

 

Warning: Division by zero in /home/www/deanwhitehouse.awardspace.co.uk/main.inc.php on line 2

 

Warning: Cannot modify header information - headers already sent by (output started at /home/www/deanwhitehouse.awardspace.co.uk/main.inc.php:2) in /home/www/deanwhitehouse.awardspace.co.uk/index.php on line 3

Link to comment
https://forums.phpfreaks.com/topic/101440-php-user-class/#findComment-519829
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.