kaiman Posted October 24, 2009 Share Posted October 24, 2009 Okay a couple of newbie questions here for all you PHP freaks out there... I currently have a fairly basic login script working on my site: <?php // connects to server and selects database. include ("dbconnect.inc.php"); // table name $tbl_name="registered_members"; // removes magic_quotes_gpc slashes function stripQuotes($arg) { if (get_magic_quotes_runtime()) { return stripslashes($arg); } else { return $arg; } } // protect against mysql injection function cleanString($string){ htmlentities(mysql_real_escape_string($string)); return $string; } // username and password sent from login form $username = stripQuotes($_POST['username']); $username = cleanString($_POST['username']); $pass = sha1($_POST['pass']); // select info from database $sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$pass'"; $result=mysql_query($sql); // mysql_num_row counts the table row $count=mysql_num_rows($result); // if result matched $username and $pass, table row must be 1 row if($count==1){ // register $_SESSION and redirect to member page session_start(); $_SESSION['username'] = $username; $_SESSION['pass'] = $pass; header( "Location: http://www.example.com/members/" ); } else { echo "Incorrect Username or Password"; exit ; } ?> However, I want to add user levels and permissions to it. After recommendations on this forum I took a look at bitwise operators, but am sorry to say it is above my head at this point. So I am attempting to expand on it by adding user levels with the following simple permissions: // user levels 0 = guest 1 = user - default 2 = auther 3 = moderator 4 = admin 5 = banned user I have two columns in my database that I wish to call on for this function. Both are added at signup confirmation. The second is added as a default of 1 when a user signs up. 1. `id` int(4) NOT NULL auto_increment 2. `level` int(4) default '1' My first question is one about selecting these fields from the database. I currently get a syntax error when I run this query: // select info from database $sql="SELECT *, id, level FROM $tbl_name WHERE username='$username' and password='$pass'"; $result=mysql_query($sql); // mysql_num_row counts the table row $count=mysql_num_rows($result); What am I doing wrong here? Secondly, can I use something like this to start the $_SESSION and pass the user on to the appropriate page? // register $_SESSION session_start(); $_SESSION['username'] = $username; $_SESSION['pass'] = $pass; $_SESSION['id'] = $id; $_SESSION['level'] = $level; else { echo "Incorrect Username or Password"; exit ; } // check user levels if ($level == '1') { header("Location: http://www.example.com/user/"); } if ($level == '2') { header("Location: http://www.example.com/author/"); } if ($level == '3') { header("Location: http://www.example.com/moderator/"); } if ($level == '4') { header("Location: http://www.example.com/admin/"); } } else { echo "You Don't Have Permission to View This Page"; exit ; } Finally, so far I just use this to pass the sessions from page to page: <?php session_start(); if(!isset($_SESSION['username'])){ header("Location: http://www.example.com/login/" ); exit; } ?> Could I add something like this to run a check on user permissions: // level check on admin page if ($level != '4') { echo "You Don't Have Permission to View This Page"; exit ; } Thanks in advance for your help, kaiman Quote Link to comment https://forums.phpfreaks.com/topic/178861-php-login-script-help/ Share on other sites More sharing options...
mikesta707 Posted October 24, 2009 Share Posted October 24, 2009 SELECT * selects everything. so you don't have to (and can't apparently) specify another column to grab, since its already grabbing that column $sql="SELECT *, id, level etc...."; just change that to $sql="SELECT * FROM $tablename ... etc"; Quote Link to comment https://forums.phpfreaks.com/topic/178861-php-login-script-help/#findComment-943623 Share on other sites More sharing options...
kaiman Posted October 24, 2009 Author Share Posted October 24, 2009 Thanks mikesta707, that's what I was wondering. How would I go about grabbing those columns from (id and level) from the db then? Do I have to do a second query or can I just append it after the username and password part? i.e. // select info from database $sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$pass' and id='$id' and level='$level'"; $result=mysql_query($sql); // mysql_num_row counts the table row $count=mysql_num_rows($result); Quote Link to comment https://forums.phpfreaks.com/topic/178861-php-login-script-help/#findComment-943631 Share on other sites More sharing options...
kaiman Posted October 24, 2009 Author Share Posted October 24, 2009 bump, please help! Quote Link to comment https://forums.phpfreaks.com/topic/178861-php-login-script-help/#findComment-943701 Share on other sites More sharing options...
severndigital Posted October 25, 2009 Share Posted October 25, 2009 you got a whole lot of different questions that deal with as many subjects. you might get better help with these if you ask them one at time Quote Link to comment https://forums.phpfreaks.com/topic/178861-php-login-script-help/#findComment-943731 Share on other sites More sharing options...
kaiman Posted October 25, 2009 Author Share Posted October 25, 2009 Okay, After doing some more research, here is the script I am using now, but I keep getting the following syntax error: Parse error: syntax error, unexpected T_ELSE in .../scripts/php/loginform2.php on line 40 Any ideas? Thanks, kaiman <?php // connects to server and selects database. include ("dbconnect.inc.php"); // table name $tbl_name="registered_members"; // removes magic_quotes_gpc slashes function stripQuotes($arg) { if (get_magic_quotes_runtime()) { return stripslashes($arg); } else { return $arg; } } // protect against mysql injection function cleanString($string){ htmlentities(mysql_real_escape_string($string)); return $string; } // username and password sent from login form $username = stripQuotes($_POST['username']); $username = cleanString($_POST['username']); $pass = sha1($_POST['pass']); // select info from database $sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$pass'"; $result=mysql_query($sql); // mysql_num_row counts the table row $count=mysql_num_rows($result); // if result matched $username and $pass, table row must be 1 row if($count==1){ // register $_SESSION session_start(); $_SESSION['username'] = $username; $_SESSION['pass'] = $pass; $_SESSION['id'] = $row['id']; $_SESSION['level'] = $row['level']; else { echo "Incorrect Username or Password"; exit ; } // user levels // 0 = guest // 1 = user - default // 2 = auther // 3 = moderator // 4 = admin // 5 = banned user // check user levels if ($_SESSION['level'] == '1') { header("Location: http://www.example.com/user/"); } if ($_SESSION['level'] == '2') { header("Location: http://www.example.com/author/"); } if ($_SESSION['level'] == '3') { header("Location: http://www.example.com/moderator/"); } if ($_SESSION['level'] == '4') { header("Location: http://www.example.com/admin/"); } } else { echo "You Don't Have Permission to View This Page"; exit ; } ?> Quote Link to comment https://forums.phpfreaks.com/topic/178861-php-login-script-help/#findComment-943735 Share on other sites More sharing options...
cags Posted October 25, 2009 Share Posted October 25, 2009 Line 40, at a glance appears to be... else { The if block above does not have a closing curly bracket. The line should be... } else { Quote Link to comment https://forums.phpfreaks.com/topic/178861-php-login-script-help/#findComment-944001 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.