Jump to content

Recommended Posts

Okay a couple of newbie questions here for all you PHP freaks out there...

 

I currently have a fairly basic login script working on my site:

 

<?php
// connects to server and selects database.
include ("dbconnect.inc.php");

// table name
$tbl_name="registered_members";

// removes magic_quotes_gpc slashes
function stripQuotes($arg) { 
  if (get_magic_quotes_runtime()) { 
    return stripslashes($arg); 
  } else { 
    return $arg; 
  } 
} 

// protect against mysql injection
function cleanString($string){
    htmlentities(mysql_real_escape_string($string));
    return $string;
}

// username and password sent from login form
$username = stripQuotes($_POST['username']);
$username = cleanString($_POST['username']);
$pass = sha1($_POST['pass']);

// select info from database
$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$pass'";
$result=mysql_query($sql);

// mysql_num_row counts the table row
$count=mysql_num_rows($result);

// if result matched $username and $pass, table row must be 1 row
if($count==1){

// register $_SESSION and redirect to member page
session_start();
$_SESSION['username'] = $username;
$_SESSION['pass'] = $pass;
header( "Location: http://www.example.com/members/" );
}
else {
echo "Incorrect Username or Password";
exit ;
}
?>

 

However, I want to add user levels and permissions to it. After recommendations on this forum I took a look at bitwise operators, but am sorry to say it is above my head at this point. So I am attempting to expand on it by adding user levels with the following simple permissions:

 

// user levels

 

0 = guest

1 = user - default

2 = auther

3 = moderator

4 = admin

5 = banned user

 

I have two columns in my database that I wish to call on for this function. Both are added at signup confirmation. The second is added as a default of 1 when a user signs up.

 

1. `id` int(4) NOT NULL auto_increment

2. `level` int(4) default '1'

 

My first question is one about selecting these fields from the database. I currently get a syntax error when I run this query:

 

// select info from database
$sql="SELECT *, id, level FROM $tbl_name WHERE username='$username' and password='$pass'";
$result=mysql_query($sql);

// mysql_num_row counts the table row
$count=mysql_num_rows($result);

 

What am I doing wrong here?

 

Secondly, can I use something like this to start the $_SESSION and pass the user on to the appropriate page?

 

// register $_SESSION
session_start();
$_SESSION['username'] = $username;
$_SESSION['pass'] = $pass;
$_SESSION['id'] = $id;
$_SESSION['level'] = $level;
else {
echo "Incorrect Username or Password";
exit ;
}

// check user levels 
if ($level == '1') { 
header("Location: http://www.example.com/user/"); 
} 
if ($level == '2') { 
header("Location: http://www.example.com/author/"); 
} 
if ($level == '3') { 
header("Location: http://www.example.com/moderator/"); 
}
if ($level == '4') { 
header("Location: http://www.example.com/admin/"); 
} 
} 
else { 
echo "You Don't Have Permission to View This Page";
exit ;
}

 

Finally, so far I just use this to pass the sessions from page to page:

 

<?php
session_start();
if(!isset($_SESSION['username'])){
header("Location: http://www.example.com/login/" );
exit;
}
?>

 

Could I add something like this to run a check on user permissions:

 

// level check on admin page
if ($level != '4') { 
echo "You Don't Have Permission to View This Page";
exit ;
}

 

Thanks in advance for your help,

 

kaiman

 

 

Link to comment
https://forums.phpfreaks.com/topic/178861-php-login-script-help/
Share on other sites

SELECT * selects everything. so you don't have to (and can't apparently) specify another column to grab, since its already grabbing that column

$sql="SELECT *, id, level etc....";

 

just change that to

$sql="SELECT * FROM $tablename ... etc";

Thanks mikesta707,

 

that's what I was wondering. How would I go about grabbing those columns from (id and level) from the db then? Do I have to do a second query or can I just append it after the username and password part?

 

i.e.

 

// select info from database
$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$pass' and id='$id' and level='$level'";
$result=mysql_query($sql);

// mysql_num_row counts the table row
$count=mysql_num_rows($result);

 

Okay,

 

After doing some more research, here is the script I am using now, but I keep getting the following syntax error:

 

Parse error: syntax error, unexpected T_ELSE in .../scripts/php/loginform2.php on line 40

 

Any ideas?

 

Thanks,

 

kaiman

 

<?php
// connects to server and selects database.
include ("dbconnect.inc.php");

// table name
$tbl_name="registered_members";

// removes magic_quotes_gpc slashes
function stripQuotes($arg) { 
  if (get_magic_quotes_runtime()) { 
    return stripslashes($arg); 
  } else { 
    return $arg; 
  } 
} 

// protect against mysql injection
function cleanString($string){
    htmlentities(mysql_real_escape_string($string));
    return $string;
}

// username and password sent from login form
$username = stripQuotes($_POST['username']);
$username = cleanString($_POST['username']);
$pass = sha1($_POST['pass']);

// select info from database
$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$pass'";
$result=mysql_query($sql);

// mysql_num_row counts the table row
$count=mysql_num_rows($result);

// if result matched $username and $pass, table row must be 1 row
if($count==1){

// register $_SESSION
session_start();
$_SESSION['username'] = $username;
$_SESSION['pass'] = $pass;
$_SESSION['id'] = $row['id'];
$_SESSION['level'] = $row['level'];
else {
echo "Incorrect Username or Password";
exit ;
}

// user levels

// 0 = guest
// 1 = user - default
// 2 = auther
// 3 = moderator
// 4 = admin
// 5 = banned user

// check user levels 
if ($_SESSION['level'] == '1') { 
header("Location: http://www.example.com/user/"); 
} 
if ($_SESSION['level'] == '2') { 
header("Location: http://www.example.com/author/"); 
} 
if ($_SESSION['level'] == '3') { 
header("Location: http://www.example.com/moderator/"); 
}
if ($_SESSION['level'] == '4') { 
header("Location: http://www.example.com/admin/"); 
}
}
else { 
echo "You Don't Have Permission to View This Page";
exit ;
} 
?>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.