Jump to content

Limiting Options To Users

Xtremer360

By Xtremer360
in PHP Coding Help

 Share

Recommended Posts

Xtremer360 Advanced Member

Xtremer360

Posted
  • Author
Posted

I fixed it and here's my updated code however when I try to log in and go to the control panel it doesn't do anything it just resets as if I didn't log in.

 

<?php 

//if the login form is submitted
if(isset($_POST['login']))
{
    // makes sure they filled it in
    if(!$_POST['username'] || !$_POST['pass'])
    {
        die('You did not fill in a required field.');
    }
   $username = mysql_real_escape_string($_POST['username']); 
   $pass = mysql_real_escape_string($_POST['pass']); 

    $check = mysql_query("SELECT * FROM users WHERE username = '".$username."'")or die(mysql_error());

    //Gives error if user dosen't exist
    $check2 = mysql_num_rows($check);
    if ($check2 == 0)
    {
        die('That user does not exist in our database.');
    }
    while($info = mysql_fetch_array( $check )) 
    {
        $pass = md5(stripslashes($_POST['pass']));
        $info['password'] = stripslashes($info['password']);
        //$_POST['pass'] = md5($_POST['pass']); THIS IS DONE IN THE ABOVE STATEMENT
        //gives error if the password is wrong
        if ($pass != $info['password'])
        {
            die('Incorrect password, please try again.');
        }
        else 
      
      // if login is ok then we add a cookie and send them to the correct page
        { 
            $username = stripslashes($username); 
            session_start();
         $_SESSION['username'] = $username; 
         $_SESSION['loggedin'] = time();
            
            // Finds out the user type
            $query = "SELECT `admin` FROM `users` WHERE `username` = '" . $username . "'";
            $result = mysql_query($query) or die(mysql_error()); 
            $row = mysql_fetch_array($result); 
            $admin = $row['admin'];
         $_SESSION['admin'] = $admin;
        
        } 
    } 
} 
else 
{ 
// if they have not submitted the form
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta http-equiv="Content-Style-Type" content="text/css">
<meta http-equiv="Content-Language" content="en-us">
<meta name="language" content="en-us">
<title>Backstage V1 Administration Console</title>
<link rel="stylesheet" href="backstage.css" type="text/css" media="screen">
<link rel="stylesheet" href="backstage_print.css" type="text/css" media="print">
<script src="prototype.js" type="text/javascript"></script>
<script src="scriptaculous.js" type="text/javascript"></script>
<script type="text/javascript" src="ajax.js"></script>
<script type="text/javascript">
var page = document.cookie.match(/page=[\w][\w\-\.]+;/);
if(page != null) {
    ajaxpage("page", "content");
} else {
    ajaxpage("home", "content");
}
</script>
<link rel=stylesheet href=backstage.css type=css media=screen>
<link rel=stylesheet href=backstage_print.css type=css media=print>
</head>
<body>
<div id=login>
<form method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<h1>KOW Backstage</h1>
<p><label>Username:<br><input type=text name=uname id=log tabindex=1></label></p>
<p><label>Password:<br><input type=password name=pword id=pwd tabindex=2></label></p>
<p style="text-align: center;"><input type=submit class=button name=submit id=submit value="Login »" tabindex=4></p>
</form>
</div>
<?php if(isset($_SESSION['admin'])) { ?>
<div id=container>
<div class=header>
<table cellpadding="0" cellspacing="0" border="0" width="95%">
<tr>
<td width=110 align=center></td>
<td></td>
<td width=40 valign=bottom align=right>
<a href="#" onclick="ajaxpage('home', 'content'); return false;">Home</a> | <a href="#" onclick="ajaxpage('logout', 'content'); return false;">Logout</a> | <a target="_blank" href="http://kansasoutlawwrestling.com/phpBB3">Forums</a></td>
</tr>
</table>
</div>
<div id=container2>
<div id=nav>
<?php if(isset($_SESSION['admin']) && $_SESSION['admin'] <= 1) { ?>
<h1>Character</h1>
<ul>
<li><a href="#" onclick="ajaxpage('bio', 'content'); return false;">Bio</a></li>
<li><a href="#" onclick="ajaxpage('allies', 'content'); return false;">Allies</a></li>
<li><a href="#" onclick="ajaxpage('rivals', 'content'); return false;">Rivals</a></li>
<li><a href="#" onclick="ajaxpage('quotes', 'content'); return false;">Quotes</a></li>
</ul>
<?php } ?>
<?php if(isset($_SESSION['admin']) && $_SESSION['admin'] <= 4) { ?>
<h1>Submit</h1>
<ul>
<li><a href="#" onclick="ajaxpage('roleplay', 'content'); return false;">Roleplay</a></li>
<li><a href="#" onclick="ajaxpage('news', 'content'); return false;">News</a></li>
<li><a href="#" onclick="ajaxpage('match', 'content'); return false;">Match</a></li>
<li><a href="#" onclick="ajaxpage('seg', 'content'); return false;">Seg</a></li>
</ul>
<?php } ?>
<?php if(isset($_SESSION['admin']) && $_SESSION['admin'] <= 3) { ?>
<h1>Handler</h1>
<ul>
<li><a href="#" onclick="ajaxpage('directory', 'content'); return false;">Directory</a></li>
</ul>
<?php } ?>
<?php if(isset($_SESSION['admin']) && $_SESSION['admin'] <= 2) { ?>
<h1>Booking</h1>
<ul>
<li><a href="#" onclick="ajaxpage('champions', 'content'); return false;">Champions</a></li>
<li><a href="#" onclick="ajaxpage('booker', 'content'); return false;">Booker</a></li>
<li><a href="#" onclick="ajaxpage('compiler', 'content'); return false;">Compiler</a></li>
<li><a href="#" onclick="ajaxpage('archives', 'content'); return false;">Archives</a></li>
</ul>
<?php } ?>
<?php if(isset($_SESSION['admin']) && $_SESSION['admin'] <= 1) { ?>
<h1>Fed Admin</h1>
<ul>
<li><a href="#" onclick="ajaxpage('handlers', 'content'); return false;">Handlers</a></li>
<li><a href="#" onclick="ajaxpage('characters', 'content'); return false;">Characters</a></li>
<li><a href="#" onclick="ajaxpage('applications', 'content'); return false;">Applications</a></li>
<li><a href="#" onclick="ajaxpage('eventnames', 'content'); return false;">Event Names</a></li>
<li><a href="#" onclick="ajaxpage('titlenames', 'content'); return false;">Title Names</a></li>
<li><a href="#" onclick="ajaxpage('matchtypes', 'content'); return false;">Match Types</a></li>
<li><a href="#" onclick="ajaxpage('divisions', 'content'); return false;">Divisions</a></li>
<li><a href="#" onclick="ajaxpage('countries', 'content'); return false;">Arenas</a></li>
</ul>
<?php } ?>
<?php if(isset($_SESSION['admin']) && $_SESSION['admin'] <= 0) { ?>
<h1>Site Admin</h1>
<ul>
<li><a href="#" onclick="ajaxpage('templates', 'content'); return false;">Templates</a></li>
<li><a href="#" onclick="ajaxpage('content', 'content'); return false;">Content</a></li>
<li><a href="#" onclick="ajaxpage('biosconfig', 'content'); return false;">Bio Configuration</a></li>
<li><a href="#" onclick="ajaxpage('newscat', 'content'); return false;">News Categories</a></li>
<li><a href="#" onclick="ajaxpage('menus', 'content'); return false;">Menus</a></li>
</ul>
<?php } ?>
</div>
<div id=content>
</div>
<div id="footer">Backstage 1 © 2009
</div>
</div>
</div>
</body>
</html>
<?php 
}
}
?>

Link to comment
Share on other sites
Maq Prolific Member

Maq

Posted
Posted

1)  All of the values for the attributes you use (type=password, name=pword) should have " " around the values (type="password", name="pword").

2) 

$_POST['username']     $_POST['pass']    $_POST['login']

 

 

are supposed to be

 

$_POST['uname']   $_POST['pword']       $_POST['submit']

 

 

3) You need to start debugging.  A good way is to use echos in different spots in your logic to see if you get there.  Make these modifications and let me know what happens.

Link to comment
Share on other sites
Xtremer360 Advanced Member

Xtremer360

Posted
  • Author
Posted

Still nothing happens. Updated code:

 

<?php 

//if the login form is submitted
if(isset($_POST['login']))
{
    // makes sure they filled it in
    if(!$_POST['uname'] || !$_POST['pword'])
    {
        die('You did not fill in a required field.');
    }
   $username = mysql_real_escape_string($_POST['uname']); 
   $pass = mysql_real_escape_string($_POST['pword']); 

    $check = mysql_query("SELECT * FROM users WHERE username = '".$username."'")or die(mysql_error());

    //Gives error if user dosen't exist
    $check2 = mysql_num_rows($check);
    if ($check2 == 0)
    {
        die('That user does not exist in our database.');
    }
    while($info = mysql_fetch_array( $check )) 
    {
        $pass = md5(stripslashes($_POST['pword']));
        $info['password'] = stripslashes($info['password']);
        //$_POST['pass'] = md5($_POST['pass']); THIS IS DONE IN THE ABOVE STATEMENT
        //gives error if the password is wrong
        if ($pass != $info['pword'])
        {
            die('Incorrect password, please try again.');
        }
        else 
      
      // if login is ok then we add a cookie and send them to the correct page
        { 
            $username = stripslashes($username); 
            session_start();
         $_SESSION['uname'] = $username; 
         $_SESSION['loggedin'] = time();
            
            // Finds out the user type
            $query = "SELECT `admin` FROM `users` WHERE `username` = '" . $username . "'";
            $result = mysql_query($query) or die(mysql_error()); 
            $row = mysql_fetch_array($result); 
            $admin = $row['admin'];
         $_SESSION['admin'] = $admin;
        
        } 
    } 
} 
else 
{ 
// if they have not submitted the form
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta http-equiv="Content-Style-Type" content="text/css">
<meta http-equiv="Content-Language" content="en-us">
<meta name="language" content="en-us">
<title>Backstage V1 Administration Console</title>
<link rel="stylesheet" href="backstage.css" type="text/css" media="screen">
<link rel="stylesheet" href="backstage_print.css" type="text/css" media="print">
<script src="prototype.js" type="text/javascript"></script>
<script src="scriptaculous.js" type="text/javascript"></script>
<script type="text/javascript" src="ajax.js"></script>
<script type="text/javascript">
var page = document.cookie.match(/page=[\w][\w\-\.]+;/);
if(page != null) {
    ajaxpage("page", "content");
} else {
    ajaxpage("home", "content");
}
</script>
<link rel=stylesheet href=backstage.css type=css media=screen>
<link rel=stylesheet href=backstage_print.css type=css media=print>
</head>
<body>
<div id=login>
<form method="POST" action="/other/backstage2.php">
<h1>KOW Backstage</h1>
<p><label>Username:<br><input type="text" name="uname" id="log" tabindex="1"></label></p>
<p><label>Password:<br><input type="password" name="pword" id="pwd" tabindex="2"></label></p>
<p style="text-align: center;"><input type="submit" class="button" name="submit" id="submit" value="Login »" tabindex="4"></p>
</form>
</div>
<?php if(isset($_SESSION['admin'])) { ?>
<div id=container>
<div class=header>
<table cellpadding="0" cellspacing="0" border="0" width="95%">
<tr>
<td width=110 align=center></td>
<td></td>
<td width=40 valign=bottom align=right>
<a href="#" onclick="ajaxpage('home', 'content'); return false;">Home</a> | <a href="#" onclick="ajaxpage('logout', 'content'); return false;">Logout</a> | <a target="_blank" href="http://kansasoutlawwrestling.com/phpBB3">Forums</a></td>
</tr>
</table>
</div>
<div id=container2>
<div id=nav>
<?php if(isset($_SESSION['admin']) && $_SESSION['admin'] <= 1) { ?>
<h1>Character</h1>
<ul>
<li><a href="#" onclick="ajaxpage('bio', 'content'); return false;">Bio</a></li>
<li><a href="#" onclick="ajaxpage('allies', 'content'); return false;">Allies</a></li>
<li><a href="#" onclick="ajaxpage('rivals', 'content'); return false;">Rivals</a></li>
<li><a href="#" onclick="ajaxpage('quotes', 'content'); return false;">Quotes</a></li>
</ul>
<?php } ?>
<?php if(isset($_SESSION['admin']) && $_SESSION['admin'] <= 4) { ?>
<h1>Submit</h1>
<ul>
<li><a href="#" onclick="ajaxpage('roleplay', 'content'); return false;">Roleplay</a></li>
<li><a href="#" onclick="ajaxpage('news', 'content'); return false;">News</a></li>
<li><a href="#" onclick="ajaxpage('match', 'content'); return false;">Match</a></li>
<li><a href="#" onclick="ajaxpage('seg', 'content'); return false;">Seg</a></li>
</ul>
<?php } ?>
<?php if(isset($_SESSION['admin']) && $_SESSION['admin'] <= 3) { ?>
<h1>Handler</h1>
<ul>
<li><a href="#" onclick="ajaxpage('directory', 'content'); return false;">Directory</a></li>
</ul>
<?php } ?>
<?php if(isset($_SESSION['admin']) && $_SESSION['admin'] <= 2) { ?>
<h1>Booking</h1>
<ul>
<li><a href="#" onclick="ajaxpage('champions', 'content'); return false;">Champions</a></li>
<li><a href="#" onclick="ajaxpage('booker', 'content'); return false;">Booker</a></li>
<li><a href="#" onclick="ajaxpage('compiler', 'content'); return false;">Compiler</a></li>
<li><a href="#" onclick="ajaxpage('archives', 'content'); return false;">Archives</a></li>
</ul>
<?php } ?>
<?php if(isset($_SESSION['admin']) && $_SESSION['admin'] <= 1) { ?>
<h1>Fed Admin</h1>
<ul>
<li><a href="#" onclick="ajaxpage('handlers', 'content'); return false;">Handlers</a></li>
<li><a href="#" onclick="ajaxpage('characters', 'content'); return false;">Characters</a></li>
<li><a href="#" onclick="ajaxpage('applications', 'content'); return false;">Applications</a></li>
<li><a href="#" onclick="ajaxpage('eventnames', 'content'); return false;">Event Names</a></li>
<li><a href="#" onclick="ajaxpage('titlenames', 'content'); return false;">Title Names</a></li>
<li><a href="#" onclick="ajaxpage('matchtypes', 'content'); return false;">Match Types</a></li>
<li><a href="#" onclick="ajaxpage('divisions', 'content'); return false;">Divisions</a></li>
<li><a href="#" onclick="ajaxpage('countries', 'content'); return false;">Arenas</a></li>
</ul>
<?php } ?>
<?php if(isset($_SESSION['admin']) && $_SESSION['admin'] <= 0) { ?>
<h1>Site Admin</h1>
<ul>
<li><a href="#" onclick="ajaxpage('templates', 'content'); return false;">Templates</a></li>
<li><a href="#" onclick="ajaxpage('content', 'content'); return false;">Content</a></li>
<li><a href="#" onclick="ajaxpage('biosconfig', 'content'); return false;">Bio Configuration</a></li>
<li><a href="#" onclick="ajaxpage('newscat', 'content'); return false;">News Categories</a></li>
<li><a href="#" onclick="ajaxpage('menus', 'content'); return false;">Menus</a></li>
</ul>
<?php } ?>
</div>
<div id=content>
</div>
<div id="footer">Backstage 1 © 2009
</div>
</div>
</div>
</body>
</html>
<?php 
}
}
?>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.