kaiman Posted October 24, 2009 Share Posted October 24, 2009 Okay a couple of newbie questions here for all you PHP freaks out there... I currently have a fairly basic login script working on my site: <?php // connects to server and selects database. include ("dbconnect.inc.php"); // table name $tbl_name="registered_members"; // removes magic_quotes_gpc slashes function stripQuotes($arg) { if (get_magic_quotes_runtime()) { return stripslashes($arg); } else { return $arg; } } // protect against mysql injection function cleanString($string){ htmlentities(mysql_real_escape_string($string)); return $string; } // username and password sent from login form $username = stripQuotes($_POST['username']); $username = cleanString($_POST['username']); $pass = sha1($_POST['pass']); // select info from database $sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$pass'"; $result=mysql_query($sql); // mysql_num_row counts the table row $count=mysql_num_rows($result); // if result matched $username and $pass, table row must be 1 row if($count==1){ // register $_SESSION and redirect to member page session_start(); $_SESSION['username'] = $username; $_SESSION['pass'] = $pass; header( "Location: http://www.example.com/members/" ); } else { echo "Incorrect Username or Password"; exit ; } ?> However, I want to add user levels and permissions to it. After recommendations on this forum I took a look at bitwise operators, but am sorry to say it is above my head at this point. So I am attempting to expand on it by adding user levels with the following simple permissions: // user levels 0 = guest 1 = user - default 2 = auther 3 = moderator 4 = admin 5 = banned user I have two columns in my database that I wish to call on for this function. Both are added at signup confirmation. The second is added as a default of 1 when a user signs up. 1. `id` int(4) NOT NULL auto_increment 2. `level` int(4) default '1' My first question is one about selecting these fields from the database. I currently get a syntax error when I run this query: // select info from database $sql="SELECT *, id, level FROM $tbl_name WHERE username='$username' and password='$pass'"; $result=mysql_query($sql); // mysql_num_row counts the table row $count=mysql_num_rows($result); What am I doing wrong here? Secondly, can I use something like this to start the $_SESSION and pass the user on to the appropriate page? // register $_SESSION session_start(); $_SESSION['username'] = $username; $_SESSION['pass'] = $pass; $_SESSION['id'] = $id; $_SESSION['level'] = $level; else { echo "Incorrect Username or Password"; exit ; } // check user levels if ($level == '1') { header("Location: http://www.example.com/user/"); } if ($level == '2') { header("Location: http://www.example.com/author/"); } if ($level == '3') { header("Location: http://www.example.com/moderator/"); } if ($level == '4') { header("Location: http://www.example.com/admin/"); } } else { echo "You Don't Have Permission to View This Page"; exit ; } Finally, so far I just use this to pass the sessions from page to page: <?php session_start(); if(!isset($_SESSION['username'])){ header("Location: http://www.example.com/login/" ); exit; } ?> Could I add something like this to run a check on user permissions: // level check on admin page if ($level != '4') { echo "You Don't Have Permission to View This Page"; exit ; } Thanks in advance for your help, kaiman Link to comment https://forums.phpfreaks.com/topic/178861-php-login-script-help/ Share on other sites More sharing options...
mikesta707 Posted October 24, 2009 Share Posted October 24, 2009 SELECT * selects everything. so you don't have to (and can't apparently) specify another column to grab, since its already grabbing that column $sql="SELECT *, id, level etc...."; just change that to $sql="SELECT * FROM $tablename ... etc"; Link to comment https://forums.phpfreaks.com/topic/178861-php-login-script-help/#findComment-943623 Share on other sites More sharing options...
kaiman Posted October 24, 2009 Author Share Posted October 24, 2009 Thanks mikesta707, that's what I was wondering. How would I go about grabbing those columns from (id and level) from the db then? Do I have to do a second query or can I just append it after the username and password part? i.e. // select info from database $sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$pass' and id='$id' and level='$level'"; $result=mysql_query($sql); // mysql_num_row counts the table row $count=mysql_num_rows($result); Link to comment https://forums.phpfreaks.com/topic/178861-php-login-script-help/#findComment-943631 Share on other sites More sharing options...
kaiman Posted October 24, 2009 Author Share Posted October 24, 2009 bump, please help! Link to comment https://forums.phpfreaks.com/topic/178861-php-login-script-help/#findComment-943701 Share on other sites More sharing options...
severndigital Posted October 25, 2009 Share Posted October 25, 2009 you got a whole lot of different questions that deal with as many subjects. you might get better help with these if you ask them one at time Link to comment https://forums.phpfreaks.com/topic/178861-php-login-script-help/#findComment-943731 Share on other sites More sharing options...
kaiman Posted October 25, 2009 Author Share Posted October 25, 2009 Okay, After doing some more research, here is the script I am using now, but I keep getting the following syntax error: Parse error: syntax error, unexpected T_ELSE in .../scripts/php/loginform2.php on line 40 Any ideas? Thanks, kaiman <?php // connects to server and selects database. include ("dbconnect.inc.php"); // table name $tbl_name="registered_members"; // removes magic_quotes_gpc slashes function stripQuotes($arg) { if (get_magic_quotes_runtime()) { return stripslashes($arg); } else { return $arg; } } // protect against mysql injection function cleanString($string){ htmlentities(mysql_real_escape_string($string)); return $string; } // username and password sent from login form $username = stripQuotes($_POST['username']); $username = cleanString($_POST['username']); $pass = sha1($_POST['pass']); // select info from database $sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$pass'"; $result=mysql_query($sql); // mysql_num_row counts the table row $count=mysql_num_rows($result); // if result matched $username and $pass, table row must be 1 row if($count==1){ // register $_SESSION session_start(); $_SESSION['username'] = $username; $_SESSION['pass'] = $pass; $_SESSION['id'] = $row['id']; $_SESSION['level'] = $row['level']; else { echo "Incorrect Username or Password"; exit ; } // user levels // 0 = guest // 1 = user - default // 2 = auther // 3 = moderator // 4 = admin // 5 = banned user // check user levels if ($_SESSION['level'] == '1') { header("Location: http://www.example.com/user/"); } if ($_SESSION['level'] == '2') { header("Location: http://www.example.com/author/"); } if ($_SESSION['level'] == '3') { header("Location: http://www.example.com/moderator/"); } if ($_SESSION['level'] == '4') { header("Location: http://www.example.com/admin/"); } } else { echo "You Don't Have Permission to View This Page"; exit ; } ?> Link to comment https://forums.phpfreaks.com/topic/178861-php-login-script-help/#findComment-943735 Share on other sites More sharing options...
cags Posted October 25, 2009 Share Posted October 25, 2009 Line 40, at a glance appears to be... else { The if block above does not have a closing curly bracket. The line should be... } else { Link to comment https://forums.phpfreaks.com/topic/178861-php-login-script-help/#findComment-944001 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.