Jump to content

Archived

This topic is now archived and is closed to further replies.

mhnostarez

help, how can Separate the interface of my users

Recommended Posts

Php programmers out there, pls help me my programming problem. <br>
I have three page : <br>
          [b]first page[/b] : for the administrator side where The administrator able to create a user
                        the sample input are 
                                <li>User name
                                <li>password
                                <li>user type
          <br>[b]second page[/b] : A client page where the  user (client) can view the unrestricted area      or            information of the company. <br>
          <br> [b]Third  page[/b] : And login page where the users logins.
<br>
What should I do (what script shall I put) to identity the login name of the users, for then when the administrator log-in he/she can view the Admin page, and if the client log-in she/he can view the client side. Pls help. Thank you.

Share this post


Link to post
Share on other sites
What I do is after sucessful login I put the user_type into a session then redirect based on the type. Here is my login script.

[code] <?php
session_start();
include ('includes/db.php');
array_pop($_POST);
if ( get_magic_quotes_gpc() ) {
    $_POST= array_map('stripslashes', $_POST);
}
$username= mysql_real_escape_string(trim($_POST['username']));
$password= mysql_real_escape_string(trim($_POST['password']));
$mdpwd= md5($password);

$sql= sprintf("SELECT COUNT(*) AS login_match FROM `users` WHERE `username` = '%s' AND `password`= '%s'", $username, $mdpwd);
$res= mysql_query($sql) or die(mysql_error());
$login_match= mysql_result($res, 0, 'login_match');

if ( $login_match == 1 ) {
    /*this here is the answer to your question I posted the entrie code so that you could see
     it in the right context*/
    $q = mysql_query("SELECT * FROM `users` WHERE `username` = '$username'") or die(mysql_error());
while ($rw = mysql_fetch_assoc($q)) {
    $_SESSION['username'] = $username;
$_SESSION['user_type'] = $rw['user_type'];
}
if ($_SESSION['user_type'] == "admin") {
    include("admin.php");
}elseif ($_SESSION['user_type'] == "client") {
    include("client.php");
}else{
    echo "There was some kind of error with your login";
}
} else {
    echo "Your username and password do not match";
include('login.php');
// not logged in
}
?>[/code]

I posted the entire login script so that you could see it in the proper context. So you can ether use this script or add something like this to your existing login script, after a sucess ful login

[code=php:0]    $q = mysql_query("SELECT * FROM `users` WHERE `username` = '$username'") or die(mysql_error());
while ($rw = mysql_fetch_assoc($q)) {
    $_SESSION['username'] = $username;
$_SESSION['user_type'] = $rw['user_type'];
}
if ($_SESSION['user_type'] == "admin") {
    include("admin.php");
}elseif ($_SESSION['user_type'] == "client") {
    include("client.php");
}else{
    echo "There was some kind of error with your login";
}[/code]


Now you can do this to protect your admin pages like this.
[code=php:0]
<?php
session_start();
if ($_SESSION['user_type'] !== "admin") {
   echo "You do not have the proper permissions to view this page";
  include("index.php");
  exit(1);
}
//the rest of your admin code
?>
[/code]

And you can use the standard session check for the client page.
[code=php:0]
session_start();
if (!$_SESSION['username']) {
    echo "You must login to view this page";
    include("login.php");
    exit(1);
}
//the rest of your client page
?>
[/code]


Good Luck,
Tom

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.