Login Page Coding

[kayla]

As part of my uni project I need to create a login page that will identify the 'usertype' of the person that trying to login and then redirect them to an appropriate page.

There is 3 usertypes: admin, staff and student.

All the info is called from a database.

 

My main problem is that i'm basically stuck on what coding to write for it.

Do i need a page for each user type or can i just do it using one?

 

The coding i have so far is....

Login Page.

 

<html>
<head></head>
<body>
<center>
<font face= 'Arial'><img src="login_title.jpg">

<form method= "post" action= "college_login_script.php">
<p>User Name:<br><br>
<input type = "text" name= "username"></p>
<p>Password:<br><br>
<input type = "password" name="password"> </p>
<input type="hidden" name="page" value="<?php echo $_GET['page'];?>">

<p><input type = "SUBMIT" name="submit" value= "Login"></p>
</form> </font>
<a href=home_page.html>Return to Home Page</a>
</center>
</body
</html>

 

Script for login page

<?php
//check for required fields from the form
if ((!$_POST['username']) || (!$_POST['password'])) {
header("Location: college_login.php");
exit;

}
//get referring page
$page = $_POST['page'];

//read values from form
$form_user = $_POST['username'];
$form_password = $_POST['password'];

$db_host='127.0.01';
$db_database='college_81646';
$db_username='student';
$db_password='college';

//create connection
$connection= mysql_connect($db_host, $db_username, $db_password);
if(!$connection){
die ("Could not connect to the database: <br />".mysql_error());
}

//select database
$db_select = mysql_select_db($db_database);
if (!$db_select)
{
die ("Could not select the database: <br />".mysql_error());
}

//create the query
$sql ="SELECT forename, surname, usertype FROM users WHERE username = '$form_user' AND password ='$form_password'";

//execute the query
$result = mysql_query($sql) or die ("Could not query the database: <br/>".mysql_error());

if (mysql_num_rows($result) == 1)
{


//if authorized, get the values of the first and last name
$f_name = mysql_result($result, 0, 'forename');
$l_name = mysql_result($result, 0, 'surname');

//set authorization cookie
setcookie("auth", "secret", 0, "/", '', 0);
setcookie("user", "admin", 0, "/", '', 0);
header("Location: $page");
}
else {
echo "Could not log you in.";
}

//close connection
mysql_close($connection);

echo ("<p>Click <a href='college_login.php'>here</a> to return to the login page.</p>")
?>

 

Any help would be much appreciated as I am really confused as what to do

[kayla]

I also have no idea about cookies if anybody could explain them to me please.

[farnoise]

well the first thing is Are you trying to set account elevation or not? Like if XYZ logged in take him to index2.php if TOP logged in take him to Index3.php ....???

 

If that's the case you have to set groups for your users and set Group home page for that group so everyone can that would login will see his own group home page

[farnoise]

About the cookies,

You have to save your Authentication cookie in a file and use the include link to that Cookie in the first line of every page you wants to be protected;

 

Example:

<?php include("../auth_cookie.php"); ?>

[kayla]

I have a home page where the user can click on what they are (i.e. student, staff or admin).

Theoretically, these links will be linked straight to the pages that they can view, lets call these 'view-pages' atm.

These view-pages will contain cookies that I would like to distinguish whether the user has logged in and if they are the correct user type.

If the user hasnt logged in, it will automatically redirect them to a log in page and after they have logged in they will be redirected back to the view-page.

 

When you say groups, do you mean that each separate user type will have their own log in page?

I thought about doing this but I thought there possibly could be a different way using less pages of coding.

[Buddski]

What you have currently is ok.

But I would also suggest storing their usertype in a cookie aswell.. As this is homework Im not going to code it but ill give you and idea of how I would do it..

1) Login page gets their data and stores it in the cookies

2) If Login is successful redirect them to a gateway page we will call it gateway.php, if login fails send them back to login.

3) on the gateway page you need to check that they are logged in and have a valid user type, if either of these are wrong send them to the login page again otherwise got step 4

4) Each usertype could have a php file associated with it.. you could then include the appropriate page for that usertype eg.

if ($_COOKIE['user_type'] == 'admin') {
include('gateway_pages/admin.php');
} else if ($_COOKIER['user_type'] == '......') { etc etc

 

Hope this helps

[kayla]

I've taken in your advice in storing their usertype in a cookie also.

This is the coding i've used:

 

The cookie has been set here;

Login Script

<?php
//check for required fields from the form
if ((!$_POST['username']) || (!$_POST['password'])) {
header("Location: staff_login.php");
exit;

}
//get referring page
$page = $_POST['page'];

//read values from form
$form_user = $_POST['username'];
$form_password = $_POST['password'];

$db_host='127.0.01';
$db_database='college_81646';
$db_username='student';
$db_password='college';

//create connection
$connection= mysql_connect($db_host, $db_username, $db_password);
if(!$connection){
die ("Could not connect to the database: <br />".mysql_error());
}

//select database
$db_select = mysql_select_db($db_database);
if (!$db_select)
{
die ("Could not select the database: <br />".mysql_error());
}

//create the query
$sql ="SELECT users.username, users.password, users.user_type 
FROM users 
WHERE username = '$form_user' AND password ='$form_password'";

//execute the query
$result = mysql_query($sql) or die ("Could not query the database: <br/>".mysql_error());

if (mysql_num_rows($result) == 1)
{
$usertype=mysql_result($result, 0, 'user_type');

//set authorization cookie
setcookie("usertype",$usertype,0, "/", '', 0);
}
else {
echo "Could not log you in.";
echo ("<p>Click <a href='staff_login.php'>here</a> to return to the login page.</p>");
}

//close connection
mysql_close($connection);


?>

 

I have then used the cookie here:

<?php
$page = $_SERVER['REQUEST_URI'];
//if (!isset ($_COOKIE['usertype']))
//{
//	header("Location: staff_login.php?page=$page");
//	exit;
//}
echo $_COOKIE['usertype'];
if ($_COOKIE['usertype'] != 'staff') {
echo "You are not authorized to view this page";
echo "Click <a href='staff_login.php?page=$page'>here</a> to return to the login page.";

} 
else
{
//declare database details
$db_host='127.0.0.1';
$db_database='college_81646';
$db_username='student';
$db_password='college';

//create connection
$connection = mysql_connect($db_host, $db_username, $db_password);
if (!$connection){
die ("Could not connect to the database: <br />". mysql_error());
}
// Select the database
$db_select=mysql_select_db($db_database);
if (!$db_select)
{
   die ("Could not select the database: <br />". mysql_error());
}

//declare the SQL statement that will query the database
$query = "SELECT users.user_id, users.forename, users.surname, modules.module_name, grades.grade 
FROM users, grades, modules 
WHERE (users.user_id = grades.user_id) AND (modules.module_id=grades.module_id) 
ORDER BY modules.module_name, grades.grade";

//execute the query
$result = mysql_query( $query);
if (!$result)
{
   die ("Could not query the database: <br />". mysql_error());
}




//output date
echo ("<center>");
echo( "<p style='font-size: x-small; font-family: Verdana;'>".date("l, F dS Y.")."</p>" );


//output database contents 
echo("<p style='font-size: 16pt; font-family: Verdana;'>Student Grades</p>");
echo("<table border='1' cellspacing='0' cellpadding='10' bordercolor='#6495ED' style='font-size: x-small; font-family: Verdana;'>");

echo ("<tr bgcolor='#CDCDCD' class='title'><td width='60'><b>User ID</b></td>
							<td width='120'><b>Forename</b></td>
							<td width='120'><b>Surname</b></td>
							<td width='120'><b>Module Name</b></td>
							<td width='120'><b>Grade</b></td>
							</tr>");

//fetch tha data from the database & display in a table
while ($row = mysql_fetch_array($result)) {
echo ("<tr>");
echo "<td><a href='staff_individual_grade.php?user_id=".$row{'user_id'}."'>".$row{'user_id'}."</a></td>";
echo "<td>".$row{'forename'}."</td>";
echo "<td>".$row{'surname'}."</td>";
echo "<td>".$row{'module_name'}."</td>";
echo "<td>".$row{'grade'}."</td>";
echo ("</tr>");
}

echo ("</table>");


//Close the connection
mysql_close($connection);

}
?>

<body>


</body>
</html>

 

However, the cookie is not working how i want it to.

It should display a message if the usertype stored in the cookie does not equal 'staff' but instead, it is actually displaying the whole page and vice versa.

Dou you know what this could be?

I've checked for extra spaces, etc and asked my lecturer to look at it but we are both confused.

[Buddski]

For debugging purposes I would echo something inside the num_rows check to ensure that it is getting to that part..

Also you host is an invalid IP it COULD be that.

$db_host='127.0.01';

 

Try this aswell

if (mysql_num_rows($result) > 0)
{
$usertype=mysql_result($result, 0, 'user_type');
//set authorization cookie
setcookie("usertype",$usertype,0, "/", '', 0);
echo $usertype;
}