mhnostarez Posted August 14, 2006 Share Posted August 14, 2006 Php programmers out there, pls help me my programming problem. <br>I have three page : <br> [b]first page[/b] : for the administrator side where The administrator able to create a user the sample input are <li>User name <li>password <li>user type <br>[b]second page[/b] : A client page where the user (client) can view the unrestricted area or information of the company. <br> <br> [b]Third page[/b] : And login page where the users logins. <br>What should I do (what script shall I put) to identity the login name of the users, for then when the administrator log-in he/she can view the Admin page, and if the client log-in she/he can view the client side. Pls help. Thank you. Quote Link to comment Share on other sites More sharing options...
tomfmason Posted August 14, 2006 Share Posted August 14, 2006 What I do is after sucessful login I put the user_type into a session then redirect based on the type. Here is my login script.[code] <?php session_start();include ('includes/db.php');array_pop($_POST); if ( get_magic_quotes_gpc() ) { $_POST= array_map('stripslashes', $_POST); } $username= mysql_real_escape_string(trim($_POST['username'])); $password= mysql_real_escape_string(trim($_POST['password']));$mdpwd= md5($password); $sql= sprintf("SELECT COUNT(*) AS login_match FROM `users` WHERE `username` = '%s' AND `password`= '%s'", $username, $mdpwd); $res= mysql_query($sql) or die(mysql_error()); $login_match= mysql_result($res, 0, 'login_match'); if ( $login_match == 1 ) { /*this here is the answer to your question I posted the entrie code so that you could see it in the right context*/ $q = mysql_query("SELECT * FROM `users` WHERE `username` = '$username'") or die(mysql_error()); while ($rw = mysql_fetch_assoc($q)) { $_SESSION['username'] = $username; $_SESSION['user_type'] = $rw['user_type']; } if ($_SESSION['user_type'] == "admin") { include("admin.php"); }elseif ($_SESSION['user_type'] == "client") { include("client.php"); }else{ echo "There was some kind of error with your login"; } } else { echo "Your username and password do not match"; include('login.php'); // not logged in }?>[/code]I posted the entire login script so that you could see it in the proper context. So you can ether use this script or add something like this to your existing login script, after a sucess ful login[code=php:0] $q = mysql_query("SELECT * FROM `users` WHERE `username` = '$username'") or die(mysql_error()); while ($rw = mysql_fetch_assoc($q)) { $_SESSION['username'] = $username; $_SESSION['user_type'] = $rw['user_type']; } if ($_SESSION['user_type'] == "admin") { include("admin.php"); }elseif ($_SESSION['user_type'] == "client") { include("client.php"); }else{ echo "There was some kind of error with your login"; }[/code]Now you can do this to protect your admin pages like this.[code=php:0]<?phpsession_start();if ($_SESSION['user_type'] !== "admin") { echo "You do not have the proper permissions to view this page"; include("index.php"); exit(1);}//the rest of your admin code?>[/code] And you can use the standard session check for the client page.[code=php:0]session_start();if (!$_SESSION['username']) { echo "You must login to view this page"; include("login.php"); exit(1);}//the rest of your client page?>[/code]Good Luck,Tom Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.