Jump to content


Photo

help, how can Separate the interface of my users


  • Please log in to reply
1 reply to this topic

#1 mhnostarez

mhnostarez
  • New Members
  • Pip
  • Newbie
  • 1 posts

Posted 14 August 2006 - 10:03 AM

Php programmers out there, pls help me my programming problem. <br>
I have three page : <br>
          first page : for the administrator side where The administrator able to create a user
                        the sample input are 
                                <li>User name
                                <li>password
                                <li>user type
          <br>second page : A client page where the  user (client) can view the unrestricted area      or            information of the company. <br>
          <br> Third  page : And login page where the users logins.
<br>
What should I do (what script shall I put) to identity the login name of the users, for then when the administrator log-in he/she can view the Admin page, and if the client log-in she/he can view the client side. Pls help. Thank you.


#2 tomfmason

tomfmason
  • Staff Alumni
  • Advanced Member
  • 1,696 posts
  • Locationstealing your wifi

Posted 14 August 2006 - 11:09 AM

What I do is after sucessful login I put the user_type into a session then redirect based on the type. Here is my login script.

<?php 
session_start();
include ('includes/db.php');
array_pop($_POST); 
if ( get_magic_quotes_gpc() ) { 
    $_POST= array_map('stripslashes', $_POST); 
} 
$username= mysql_real_escape_string(trim($_POST['username'])); 
$password= mysql_real_escape_string(trim($_POST['password']));
$mdpwd= md5($password); 

$sql= sprintf("SELECT COUNT(*) AS login_match FROM `users` WHERE `username` = '%s' AND `password`= '%s'", $username, $mdpwd); 
$res= mysql_query($sql) or die(mysql_error()); 
$login_match= mysql_result($res, 0, 'login_match'); 

if ( $login_match == 1 ) { 
    /*this here is the answer to your question I posted the entrie code so that you could see 
     it in the right context*/
    $q = mysql_query("SELECT * FROM `users` WHERE `username` = '$username'") or die(mysql_error());
	while ($rw = mysql_fetch_assoc($q)) {
	    $_SESSION['username'] = $username;
		$_SESSION['user_type'] = $rw['user_type'];
	}
	if ($_SESSION['user_type'] == "admin") {
	    include("admin.php");
	}elseif ($_SESSION['user_type'] == "client") {
	    include("client.php");
	}else{
	    echo "There was some kind of error with your login";
	}					
} else { 
    echo "Your username and password do not match";
	include('login.php');
	// not logged in 
}
?>

I posted the entire login script so that you could see it in the proper context. So you can ether use this script or add something like this to your existing login script, after a sucess ful login

    $q = mysql_query("SELECT * FROM `users` WHERE `username` = '$username'") or die(mysql_error());
	while ($rw = mysql_fetch_assoc($q)) {
	    $_SESSION['username'] = $username;
		$_SESSION['user_type'] = $rw['user_type'];
	}
	if ($_SESSION['user_type'] == "admin") {
	    include("admin.php");
	}elseif ($_SESSION['user_type'] == "client") {
	    include("client.php");
	}else{
	    echo "There was some kind of error with your login";
	}


Now you can do this to protect your admin pages like this.
<?php
session_start();
if ($_SESSION['user_type'] !== "admin") {
   echo "You do not have the proper permissions to view this page";
  include("index.php");
  exit(1);
}
//the rest of your admin code
?>


And you can use the standard session check for the client page.
session_start();
if (!$_SESSION['username']) {
    echo "You must login to view this page";
    include("login.php");
    exit(1);
}
//the rest of your client page
?>


Good Luck,
Tom

Traveling East in search of instruction, and West to propagate the knowledge I have had gained.

current projects: pokersource

My Blog | My Pastebin | PHP Validation class | Backtrack linux





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users