Jump to content

[SOLVED] Session Header. Code Modification Help.

pwnuspoints

By pwnuspoints
in PHP Coding Help

Recommended Posts

pwnuspoints Member

pwnuspoints

Posted
Posted

Hello phpfreaks!

 

I did a quick search of the forum to find a topic related to my question and came up with nothing. Any help you can provide would be much appreciated.

 

I am using the following code to execute a secure php login:

 

//Start session

session_start();

 

//Connect to mysql server

$link=mysql_connect("blank","blank","blank");

if(!$link) {

die('Failed to connect to server: ' . mysql_error());

}

//Select database

$db=mysql_select_db("blank");

if(!$db) {

die("Unable to select database");

}

 

//Sanitize the value received from login field

//to prevent SQL Injection

if(!get_magic_quotes_gpc()) {

$login=mysql_real_escape_string($_POST['login']);

}else {

$login=$_POST['login'];

}

 

//Create query

$qry="SELECT member_id FROM members WHERE login='$login' AND passwd LIKE'".md5($_POST['password'])."'";

$result=mysql_query($qry);

//Check whether the query was successful or not<a href="login-exec.php">login-exec.php</a>

if($result) {

if(mysql_num_rows($result)>0) {

//Login Successful

session_regenerate_id();

$member=mysql_fetch_assoc($result);

$_SESSION['SESS_MEMBER_ID']=$member['member_id'];

session_write_close();

header("location: main.php");

exit();

}else {

//Login failed

header("location: login-failed.php");

exit();

}

}else {

die("Query failed");

}

 

 

 

The above code works just fine. However, I would like to modify the code. I want the header to redirect the users to different pages based on a permission number which is set in the database.

 

Stored in the same table as the username and password; I have a column for titled 'permission'. Permission level is attributed in three ways: Admin Users = "300", General Users ="200", and Public Users ="100".

 

For example, When the user logs in, I want the code to create the session as it does in the above code-- then check to see what permission number is associated to the user and redirect the user to the appropriate page.

 

Any suggestions?

 

 

-Thanks For Your Help!

pwnuspoints Member

pwnuspoints

Posted
  • Author
Posted

Thank you!

 

Though, I guess I should have been more upfront with my php skills. I'm not sure what syntax to use to have that field read.

 

I'm pretty sure the if statements would read something like this:

 

if ($permission == "300") {

header("location: 300main.php")

}

if ($permission == "200") {

header("location: 200main.php")

}

if ($permission == "100") {

header("location: 100main.php")

}

exit();

} else {

header("location: login-failed.php");

 

 

Am I right?

 

 

My trouble has been in fetching and setting the $permission variable within the session. Nothing I've tried has worked~ Which sql fetch function should I use? and where should it be placed within the existing code?

 

Thank-you again! This is a real help!

pwnuspoints Member

pwnuspoints

Posted
  • Author
Posted

Yes, I understand- I'm glad you double checked.

 

I'm better with the reading and comprehension of PHP than I am at writing it.

 

Whenever I go to write from scratch, I'm constantly referencing manuals-- I won't lie.. I often skip the definition and copypasta the code. However, I always make an effort at understanding the general concept.

 

In this case we added "permission" to my sql query - without adding "permission" my query was only searching the table for the memer usernames and passwords. With my updated query I was able to set the "permission" data as a variable using $permission=$member['permission']; .

 

Once it's in a variable- the data can be easily applied to any subsequent code! In this case, I used if/else statements to define specific header re-direction!

 

I should really brush up on my PHP lexicon  :D So many websites, so little time.

 

Thanks again!

 

pwnuspoints Member

pwnuspoints

Posted
  • Author
Posted

Just in case anyone comes across my problem in the future.

 

The final code looks like this:

 

 

  //Start session

  session_start();

 

  //Connect to mysql server

  $link=mysql_connect("blank","blank","blank");

  if(!$link) {

      die('Failed to connect to server: ' . mysql_error());

  }

  //Select database

  $db=mysql_select_db("blank");

  if(!$db) {

      die("Unable to select database");

  }

 

  //Sanitize the value received from login field

  //to prevent SQL Injection

  if(!get_magic_quotes_gpc()) {

      $login=mysql_real_escape_string($_POST['login']);

  }else {

      $login=$_POST['login'];

  }

 

  //Create query

  $qry="SELECT member_id, permission FROM members WHERE login='$login' AND passwd LIKE'".md5($_POST['password'])."'";

  $result=mysql_query($qry);

  //Check whether the query was successful or not<a href="login-exec.php">login-exec.php</a>

  if($result) {

      if(mysql_num_rows($result)>0) {

        //Login Successful

        session_regenerate_id();

        $member=mysql_fetch_assoc($result);

        $permission=$members['permission'];

        $_SESSION['SESS_MEMBER_ID']=$member['member_id'];

        session_write_close();

       

if ($permission == "400") {

header("location: 400main.php");

} else {

if ($permission == "300") {

header("location: 300main.php");

} else {

if ($permission == "200") {

header("location: 200main.php");

}

}

}

        exit();

      }else {

        //Login failed

        header("location: login-failed.php");

        exit();

      }

  }else {

      die("Query failed");

  }

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.