Jump to content

Recommended Posts

Hi there,

 

I have a login page which I would like to add a control panel to this page so if the user is admin and logs in then I would like to show the control panel if not then I would like the user to be redirected to the members area.

 

How would I check to see if the user is admin or not.

 

Thanks

Link to comment
https://forums.phpfreaks.com/topic/150586-user-and-admin-check/
Share on other sites

with sessions but as it has been said it depends how your user login system is built as mine is built with access levels from 1 - 10 at the moment with 9 of the 10 actually having user levels and one being a NULL level of access with no user, unregistered users are classed as level 10 and gods aka me only for my site classed as level 1 who would be abe to access and modify all closley followed by super users and administrators all the way down to plain old regular users

Link to comment
https://forums.phpfreaks.com/topic/150586-user-and-admin-check/#findComment-791002
Share on other sites

If there is only 1 admin then session shouldn't be necessary.

 

Yeah I know, but it's impossible to tell when the OP doesn't provide any helpful information.

 

sorry. yes there are different Admins. I am going to check your code to see if that works.

 

What code?  We need you to tell us exactly how your login system works, specifically the user groups.  So far you have given us no helpful information.

Link to comment
https://forums.phpfreaks.com/topic/150586-user-and-admin-check/#findComment-791008
Share on other sites

with sessions but as it has been said it depends how your user login system is built as mine is built with access levels from 1 - 10 at the moment with 9 of the 10 actually having user levels and one being a NULL level of access with no user, unregistered users are classed as level 10 and gods aka me only for my site classed as level 1 who would be abe to access and modify all closley followed by super users and administrators all the way down to plain old regular users

 

I have four different user_types :

 

 

these are in the user_types table:

with the type_name and type_id fields

 

admin is 1

guest is 2

author is 3

user is 4

 

and I have another tables called users which contain all the fields such as user_type, first_name etc.

 

here it is the php code on the top of my page:


<?php

error_reporting(6143);
require_once("includes/db.inc.php");
//include the file that connects to the database


if( isset($_POST['btnSubmit']) ){
//the user has clicked the submit button
$un = trim($_POST['username']);		//our username field in the html form
$pw = trim($_POST['pwd']);				//out pwd field in the html form
$key = "1234";
$strSQL = "SELECT user_id, user_name, user_type
				FROM users
				WHERE user_name='$un' AND '$pw' = AES_DECRYPT(pwd_b, '$key') ";
//OR to use the MD5 column
$strSQLMD5 = "SELECT user_id, user_name, user_type
				FROM users
				WHERE user_name='$un' AND pwd = MD5('$pw') ";
$rs = mysql_query($strSQL, $oConn);

if( $rs  && mysql_num_rows($rs) == 1    ){
	//if the code gets to this point it means that the username and password matched
	//we could get all the information we need about the user from the database...
	$row = mysql_fetch_assoc($rs);



	if($_SESSIONS['user_type'] == "1") {

	header("Location: user-edit.php");

	} else if ($_SESSIONS['user_type'] !== "1"){

	$_SESSION['user_id'] =  $row['user_id'];
	$_SESSION['user_name'] = $row['user_name'];
	$_SESSION['user_type'] = $row['user_type'];	
	header("Location: members/members.php");			
	$feedback = "Successful login.";
}else{
	$errMsg = "Invalid Login";
}

}
}

?>


 

that doesnot seem to work

Link to comment
https://forums.phpfreaks.com/topic/150586-user-and-admin-check/#findComment-791013
Share on other sites

Does anything happen?

 

You should have session_start() at the top of all the pages you're using sessions in.

 

You can print out the session variables to make sure they're being set.

 

print_r($_SESSION);

 

It's also SESSION not SESSIONS (that's my fault, in my example I used the wrong one).

Link to comment
https://forums.phpfreaks.com/topic/150586-user-and-admin-check/#findComment-791021
Share on other sites

My personal site has three user groups: users, moderators and admins.

 

When they go to log in, depending on what user group they are in, they have different cookies set. Then, when it comes to displaying stuff for certain user groups, I just check their cookies. Pretty simple really.

Link to comment
https://forums.phpfreaks.com/topic/150586-user-and-admin-check/#findComment-791022
Share on other sites

I did change that SESSIONS to SESSION. How come I did not notice it. That is why being newbie sucks :) .

 

However it does not work. when I login as admin it redirects me to the member area rather than control panel.

 

In regards to cookies I am not sure if that is the secure way to check for admin or not.

 

and yes I do have session start in my db.inc.php

Link to comment
https://forums.phpfreaks.com/topic/150586-user-and-admin-check/#findComment-791030
Share on other sites

However it does not work. when I login as admin it redirects me to the member area rather than control panel.

 

That means it's failing here:

 

      if($_SESSIONS['user_type'] == "1") {

 

Have you echoed the session, specifically 'user_type', to ensure that it's 1, or even being set?

Link to comment
https://forums.phpfreaks.com/topic/150586-user-and-admin-check/#findComment-791036
Share on other sites

However it does not work. when I login as admin it redirects me to the member area rather than control panel.

 

That means it's failing here:

 

      if($_SESSIONS['user_type'] == "1") {

 

Have you echoed the session, specifically 'user_type', to ensure that it's 1, or even being set?

 

No I have not. The code that I provided earlier is what I have. How would I do that please?

Link to comment
https://forums.phpfreaks.com/topic/150586-user-and-admin-check/#findComment-791050
Share on other sites

At the top of your script you can print out the whole session array:

 

print_r($_SESSION);

 

or you can just echo it out before your if statement:

 

echo $_SESSION['user_type'];
if($_SESSIONS['user_type'] == "1")

 

I did add that but still dont work

 

It's not supposed to...  It was for debugging purposes, does the echo print out the number '1'?

Link to comment
https://forums.phpfreaks.com/topic/150586-user-and-admin-check/#findComment-791065
Share on other sites

At the top of your script you can print out the whole session array:

 

print_r($_SESSION);

 

or you can just echo it out before your if statement:

 

echo $_SESSION['user_type'];
if($_SESSIONS['user_type'] == "1")

 

I did add that but still dont work

 

It's not supposed to...  It was for debugging purposes, does the echo print out the number '1'?

 

no it does not. However I solved the problem by adding this:

 


if($_SESSION['user_type']=$row['user_type'] == 1) {

	header("Location: user-edit.php");

	} else if ($_SESSION['user_type']=$row['user_type'] != 1){
header("Location: members.php");
}

 

Thanks a lot for the help.

Link to comment
https://forums.phpfreaks.com/topic/150586-user-and-admin-check/#findComment-791071
Share on other sites

Theres an semi-outdated login script that is full featured over at evolt.org:

 

http://www.evolt.org/PHP-Login-System-with-Admin-Features

 

It's worth checking out. I say it's outdated because it lacks some necessary security features to combat session fixation and session hijacking. I think you could use it with a few modifications.

 

 

Link to comment
https://forums.phpfreaks.com/topic/150586-user-and-admin-check/#findComment-791116
Share on other sites

Theres an semi-outdated login script that is full featured over at evolt.org:

 

http://www.evolt.org/PHP-Login-System-with-Admin-Features

 

It's worth checking out. I say it's outdated because it lacks some necessary security features to combat session fixation and session hijacking. I think you could use it with a few modifications.

 

 

 

I'm not sure you want to use that, it's from 2004 and uses some old methods and like skunkbad said, it contains security flaws.  Although, you could get some good design ideas from it.

Link to comment
https://forums.phpfreaks.com/topic/150586-user-and-admin-check/#findComment-791120
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.