Jump to content

Login Page Coding

kayla

By kayla
in PHP Coding Help

 Share

Recommended Posts

kayla Newbie

kayla

Posted
Posted

As part of my uni project I need to create a login page that will identify the 'usertype' of the person that trying to login and then redirect them to an appropriate page.

There is 3 usertypes: admin, staff and student.

All the info is called from a database.

 

My main problem is that i'm basically stuck on what coding to write for it.

Do i need a page for each user type or can i just do it using one?

 

The coding i have so far is....

Login Page.

 

<html>
<head></head>
<body>
<center>
<font face= 'Arial'><img src="login_title.jpg">

<form method= "post" action= "college_login_script.php">
<p>User Name:<br><br>
<input type = "text" name= "username"></p>
<p>Password:<br><br>
<input type = "password" name="password"> </p>
<input type="hidden" name="page" value="<?php echo $_GET['page'];?>">

<p><input type = "SUBMIT" name="submit" value= "Login"></p>
</form> </font>
<a href=home_page.html>Return to Home Page</a>
</center>
</body
</html>

 

Script for login page

<?php
//check for required fields from the form
if ((!$_POST['username']) || (!$_POST['password'])) {
header("Location: college_login.php");
exit;

}
//get referring page
$page = $_POST['page'];

//read values from form
$form_user = $_POST['username'];
$form_password = $_POST['password'];

$db_host='127.0.01';
$db_database='college_81646';
$db_username='student';
$db_password='college';

//create connection
$connection= mysql_connect($db_host, $db_username, $db_password);
if(!$connection){
die ("Could not connect to the database: <br />".mysql_error());
}

//select database
$db_select = mysql_select_db($db_database);
if (!$db_select)
{
die ("Could not select the database: <br />".mysql_error());
}

//create the query
$sql ="SELECT forename, surname, usertype FROM users WHERE username = '$form_user' AND password ='$form_password'";

//execute the query
$result = mysql_query($sql) or die ("Could not query the database: <br/>".mysql_error());

if (mysql_num_rows($result) == 1)
{


//if authorized, get the values of the first and last name
$f_name = mysql_result($result, 0, 'forename');
$l_name = mysql_result($result, 0, 'surname');

//set authorization cookie
setcookie("auth", "secret", 0, "/", '', 0);
setcookie("user", "admin", 0, "/", '', 0);
header("Location: $page");
}
else {
echo "Could not log you in.";
}

//close connection
mysql_close($connection);

echo ("<p>Click <a href='college_login.php'>here</a> to return to the login page.</p>")
?>

 

Any help would be much appreciated as I am really confused as what to do :(

Link to comment
Share on other sites
farnoise Member

farnoise

Posted
Posted

well the first thing is Are you trying to set account elevation or not? Like if XYZ logged in take him to index2.php if TOP logged in take him to Index3.php ....???

 

If that's the case you have to set groups for your users and set Group home page for that group so everyone can that would login will see his own group home page

Link to comment
Share on other sites
kayla Newbie

kayla

Posted
  • Author
Posted

I have a home page where the user can click on what they are (i.e. student, staff or admin).

Theoretically, these links will be linked straight to the pages that they can view, lets call these 'view-pages' atm.

These view-pages will contain cookies that I would like to distinguish whether the user has logged in and if they are the correct user type.

If the user hasnt logged in, it will automatically redirect them to a log in page and after they have logged in they will be redirected back to the view-page.

 

When you say groups, do you mean that each separate user type will have their own log in page?

I thought about doing this but I thought there possibly could be a different way using less pages of coding.

Link to comment
Share on other sites
Buddski Newbie

Buddski

Posted
Posted

What you have currently is ok.

But I would also suggest storing their usertype in a cookie aswell.. As this is homework Im not going to code it but ill give you and idea of how I would do it..

1) Login page gets their data and stores it in the cookies

2) If Login is successful redirect them to a gateway page we will call it gateway.php, if login fails send them back to login.

3) on the gateway page you need to check that they are logged in and have a valid user type, if either of these are wrong send them to the login page again otherwise got step 4

4) Each usertype could have a php file associated with it.. you could then include the appropriate page for that usertype eg.

if ($_COOKIE['user_type'] == 'admin') {
include('gateway_pages/admin.php');
} else if ($_COOKIER['user_type'] == '......') { etc etc

 

Hope this helps

Link to comment
Share on other sites
kayla Newbie

kayla

Posted
  • Author
Posted

I've taken in your advice in storing their usertype in a cookie also.

This is the coding i've used:

 

The cookie has been set here;

Login Script

<?php
//check for required fields from the form
if ((!$_POST['username']) || (!$_POST['password'])) {
header("Location: staff_login.php");
exit;

}
//get referring page
$page = $_POST['page'];

//read values from form
$form_user = $_POST['username'];
$form_password = $_POST['password'];

$db_host='127.0.01';
$db_database='college_81646';
$db_username='student';
$db_password='college';

//create connection
$connection= mysql_connect($db_host, $db_username, $db_password);
if(!$connection){
die ("Could not connect to the database: <br />".mysql_error());
}

//select database
$db_select = mysql_select_db($db_database);
if (!$db_select)
{
die ("Could not select the database: <br />".mysql_error());
}

//create the query
$sql ="SELECT users.username, users.password, users.user_type 
FROM users 
WHERE username = '$form_user' AND password ='$form_password'";

//execute the query
$result = mysql_query($sql) or die ("Could not query the database: <br/>".mysql_error());

if (mysql_num_rows($result) == 1)
{
$usertype=mysql_result($result, 0, 'user_type');

//set authorization cookie
setcookie("usertype",$usertype,0, "/", '', 0);
}
else {
echo "Could not log you in.";
echo ("<p>Click <a href='staff_login.php'>here</a> to return to the login page.</p>");
}

//close connection
mysql_close($connection);


?>

 

I have then used the cookie here:

<?php
$page = $_SERVER['REQUEST_URI'];
//if (!isset ($_COOKIE['usertype']))
//{
//	header("Location: staff_login.php?page=$page");
//	exit;
//}
echo $_COOKIE['usertype'];
if ($_COOKIE['usertype'] != 'staff') {
echo "You are not authorized to view this page";
echo "Click <a href='staff_login.php?page=$page'>here</a> to return to the login page.";

} 
else
{
//declare database details
$db_host='127.0.0.1';
$db_database='college_81646';
$db_username='student';
$db_password='college';

//create connection
$connection = mysql_connect($db_host, $db_username, $db_password);
if (!$connection){
die ("Could not connect to the database: <br />". mysql_error());
}
// Select the database
$db_select=mysql_select_db($db_database);
if (!$db_select)
{
   die ("Could not select the database: <br />". mysql_error());
}

//declare the SQL statement that will query the database
$query = "SELECT users.user_id, users.forename, users.surname, modules.module_name, grades.grade 
FROM users, grades, modules 
WHERE (users.user_id = grades.user_id) AND (modules.module_id=grades.module_id) 
ORDER BY modules.module_name, grades.grade";

//execute the query
$result = mysql_query( $query);
if (!$result)
{
   die ("Could not query the database: <br />". mysql_error());
}




//output date
echo ("<center>");
echo( "<p style='font-size: x-small; font-family: Verdana;'>".date("l, F dS Y.")."</p>" );


//output database contents 
echo("<p style='font-size: 16pt; font-family: Verdana;'>Student Grades</p>");
echo("<table border='1' cellspacing='0' cellpadding='10' bordercolor='#6495ED' style='font-size: x-small; font-family: Verdana;'>");

echo ("<tr bgcolor='#CDCDCD' class='title'><td width='60'><b>User ID</b></td>
							<td width='120'><b>Forename</b></td>
							<td width='120'><b>Surname</b></td>
							<td width='120'><b>Module Name</b></td>
							<td width='120'><b>Grade</b></td>
							</tr>");

//fetch tha data from the database & display in a table
while ($row = mysql_fetch_array($result)) {
echo ("<tr>");
echo "<td><a href='staff_individual_grade.php?user_id=".$row{'user_id'}."'>".$row{'user_id'}."</a></td>";
echo "<td>".$row{'forename'}."</td>";
echo "<td>".$row{'surname'}."</td>";
echo "<td>".$row{'module_name'}."</td>";
echo "<td>".$row{'grade'}."</td>";
echo ("</tr>");
}

echo ("</table>");


//Close the connection
mysql_close($connection);

}
?>

<body>


</body>
</html>

 

However, the cookie is not working how i want it to.

It should display a message if the usertype stored in the cookie does not equal 'staff' but instead, it is actually displaying the whole page and vice versa.

Dou you know what this could be?

I've checked for extra spaces, etc and asked my lecturer to look at it but we are both confused.

Link to comment
Share on other sites
Buddski Newbie

Buddski

Posted
Posted

For debugging purposes I would echo something inside the num_rows check to ensure that it is getting to that part..

Also you host is an invalid IP it COULD be that.

$db_host='127.0.01';

 

Try this aswell 

if (mysql_num_rows($result) > 0)
{
$usertype=mysql_result($result, 0, 'user_type');
//set authorization cookie
setcookie("usertype",$usertype,0, "/", '', 0);
echo $usertype;
}

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.