Jump to content

logged in users only accessing certain pages? (please help)

alf

By alf
in PHP Coding Help

 Share

Recommended Posts

alf Newbie

alf

Posted
Posted

Hey, I'm fairly new to PHP but I'm slowly learning, so any help would be greatly appreciated :)

 

I'm building a client log in system for my website.  I've currently got a system that allows users to log in and be directed to their own area on the server using

$location = ($username == 'admin') ? 'admin.php' : "client/$username/index.php";

The admin user can also generate new users with passwords, but I need a few more advanced features...

 

1) I need to restric access to each client folder from everyone else other than that specified user and 'admin'

2) I'd also like the admin to be able to generate template folders for each new user they create (eg. creating a user named "bob" would also create a the folder & file "client/bob/index.php" and restrict access to that content from all users apart from "bob" & "admin")

 

Thanks

 

 

alf Newbie

alf

Posted
  • Author
Posted

I'm looking for help and advice about coding the advanced features I'm looking to include on my client login system.

 

Primarily, how I go about including code that says "if you're not logged in as X oy Y user, then don't load this page and redirect somewhere else"

 

Secondly, how I can allow the admin user to generate template folders and content for the new users it creates.

DeanWhitehouse Advanced Member

DeanWhitehouse

Posted
Posted

well you can lock pages to the user's ID(which would be unique) and then on the page check their ID against the one stored in the db for that page.

 

to generate new folders and content you will need to look into fwrite() and some similar PHP functions

alf Newbie

alf

Posted
  • Author
Posted

sorry, just another quick one...

 

I though this may work to lock pages (to anyone other than admin) by checking the user/session but I can't seem to get it working.  Any ideas where I'm going wrong?

 

<?php
session_start();
$_SESSION['username'] = $username;

if(!$username=='admin') {
	header("location:fail.htm");
}
?>

redarrow Advanced Member

redarrow

Posted
Posted

 

so you no incase your confused

<?php session_start();

$username="redarrow"; // The username variable.

$_SESSION['my_name']=$username; // create a session name for username

$x=$_SESSION['my_name']; // turn variable $x into the session name

echo $x; // echo variable $x

?>

alf Newbie

alf

Posted
  • Author
Posted

ok, so now I'm really confused!

 

My initial login script from the login page is this:

<?php

$host="MYHOST.net"; // Host name
$username="MYSQLUSERNAME"; // Mysql username
$password="MYPASSWORD"; // Mysql password
$db_name="MYDBNAME"; // Database name
$tbl_name="MYTABLENAME"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$username=$_POST['username'];
$password=$_POST['password'];

// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row

if($count==1){
// Register $username, $password and redirect to file admin.php or user directory


$location = ($username == 'admin') ? 'admin.php' : "client/$username/index.php"; 

session_register("username");
session_register("password");
header("location:$location");
}
else {
header("location:clientfail.htm");
}

?>

 

so if I log in as admin, I get directed to the admin page which contains this php code:

<?php
session_start();
$username = $_SESSION['username'];

if(!$username=='admin') {
      header("location:clientfail.htm");
   }
?>

 

I thought the second block of code would open the session (seeing who logged in from the initial screen) and follow the if statment to say "if you're not admin then load clientfail.htm".

 

For some reason the clientfail.htm loads regardless :(

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.