help please

[webman2]

help please

 

Hi, Im a newbie with PHP currently and finding a few things hard!

 

Ive currently go a login script which is working fine... I can sign up and then login with that person...

 

The trouble is, there should be two types of users, normal user and admin!

 

The admin user must be able to add events but the normal user cant. Therefore when the user logs in the database should know the difference between the two. So that if its an admin loggin in it will show the add an event form. to do this In the database i have a users table but a column which i can edit who is admin by adding a 1 ...

 

does this make sence.. sorry if not!

 

Cheers in advance

[MatthewJ]

You didn't really ask a question Are you stuck on a certain part?

[Deoctor]

yes this makes sense..

check from the database by a column that whether the user is an admin or not..

[webman2]

You didn't really ask a question Are you stuck on a certain part?

 

haha sorry...

 

Ok currently my loggin script logs any register user in providing the details enetered is correct. However! I want to know how to make my scipt so that when the admin user logs in, it comes up with a link that takes you to the page addevent.php ... Normal users should not have this...

 

 

 

 

[webman2]

You didn't really ask a question Are you stuck on a certain part?

 

haha sorry...

 

Ok currently my loggin script logs any register user in providing the details enetered is correct. However! I want to know how to make my scipt so that when the admin user logs in, it comes up with a link that takes you to the page addevent.php ... Normal users should not have this...

 

Can anyone give me some help on how to go about this...

[gwolgamott]

What do you use to distiguish between admin users and non admin users? Use that as a way to run a simple if statement.

 

Here some sudo code:

if($AM_I_adimn == "yes")
{
   // do whatever for admin.
}
else
{
//do whatever for non admins here instead.
}

[aebstract]

You gave yourself the answers, there really isn't a question here. Do like you said and create a column in your user's table, "usertype" or whatever you want to name it. 0 is default, 1 will be admin. On your page, do a simple if statement like mentioned above. Check the column of "usertype" to see if it matches '1'. If it does, do whatever for admin.

 

Now after that, if you still have a question.. you need to rephrase it.

[webman2]

You gave yourself the answers, there really isn't a question here. Do like you said and create a column in your user's table, "usertype" or whatever you want to name it. 0 is default, 1 will be admin. On your page, do a simple if statement like mentioned above. Check the column of "usertype" to see if it matches '1'. If it does, do whatever for admin.

 

Now after that, if you still have a question.. you need to rephrase it.

 

This is it really, im not sure how to write this in my php... Ive got the collumn, which Ive added a user as an admin by putting a '1' in the collumn and 0 for non admins, The only issue now is ... I have no idea hwo to do this.

 

I simply do not know how to make my script right...

[aebstract]

Did you write the registrations/login scripts? If so then you know how to connect to your database and retrieve information, no?

[webman2]

Did you write the registrations/login scripts? If so then you know how to connect to your database and retrieve information, no?

 

I wrote both scripts, yes, but im confused how to expand on what ive got... Im unsure, how you write a script now to login as a normal user, taking them to a page with just a search bar, to a page with a 'add event link'

 

I really do not know

[aebstract]

Wherever you are grabbing your user's information, you need to grab the "usertype" column and set it as a variable. Something similar to this is what you will have:

 

$query = mysql_query("SELECT * FROM users WHERE id = $_SESSION[id] LIMIT 1") or DIE(mysql_error());
					if (mysql_num_rows($query)!=0){
						while($r=mysql_fetch_array($query))
						{
						$usertype = $r[usertype];
						}

					}

 

Now you can use your $usertype variable and do an if statement like what has been mentioned.

 

if ($usertype == '1') {
echo "this is an admin user, do anything here for admins";
}

 

 

[gwolgamott]

give a snippet the code for retrieving your data and we'll point u in the right direction

[webman2]

give a snippet the code for retrieving your data and we'll point u in the right direction

 

Ok,

at the moment ... by code stands like this...

This logs in any user signed up.... But all users currently have access to creating events! I need it so only the amdins can! ... ive made an admin page as well as a normal user page

 

<?php

session_start();

 

$b = $_POST["username"];

$c = $_POST["password"];

$d = $_post["admin"];

 

$conn = mysql_connect("localhost", "name", "password");

mysql_select_db("ccheckley");

$result=mysql_query("SELECT * FROM users WHERE username='$b' AND

password='$c'");

 

if(mysql_num_rows($result)==0)

{

        echo "Invalid username/password!";

}

else

{

$_SESSION["gatekeeper"] = $b;

header ("Location: home.php");

}

 

?>

 

<a href="home.html">home</a>

[MatthewJ]

Login Page:

session_start();

$b = $_POST["username"];
$c = $_POST["password"];

$conn = mysql_connect("localhost", "name", "password");
mysql_select_db("ccheckley");
$result=mysql_query("SELECT * FROM users WHERE username='$b' AND password='$c'");
$row = mysql_fetch_assoc($result);

if(mysql_num_rows($result)==0)
{
        echo "Invalid username/password!";
}
else
{      
$_SESSION["gatekeeper"] = $b;
$_SESSION["lvl"] = $row['accesslevel'];
header ("Location: home.php");
}

 

home.php:

session_start();

if(!isset($_SESSION["gatekeeper"])) {
header("Location: login.php");
}

if(isset($_SESSION["lvl"]) && $_SESSION["lvl"] == 1)) {

//Echo out your admin options

} else {

//Echo out your standard user options

}

 

There are more secure ways to do this, but it should give you the idea behind what you're trying to do.

[webman2]

Login Page:

session_start();

$b = $_POST["username"];
$c = $_POST["password"];

$conn = mysql_connect("localhost", "name", "password");
mysql_select_db("ccheckley");
$result=mysql_query("SELECT * FROM users WHERE username='$b' AND password='$c'");
$row = mysql_fetch_assoc($result);

if(mysql_num_rows($result)==0)
{
        echo "Invalid username/password!";
}
else
{      
$_SESSION["gatekeeper"] = $b;
$_SESSION["lvl"] = $row['accesslevel'];
header ("Location: home.php");
}

 

home.php:

session_start();

if(!isset($_SESSION["gatekeeper"])) {
header("Location: login.php");
}

if(isset($_SESSION["lvl"]) && $_SESSION["lvl"] == 1)) {

//Echo out your admin options

} else {

//Echo out your standard user options

}

 

There are more secure ways to do this, but it should give you the idea behind what you're trying to do.

 

I understand most of this except what to do in the home page...

[gwolgamott]

Are you stuck actually what to do with the data afterwords(i.e. how to display or forward to the page you want to go to)? I think that's what you are asking... if so the quick way is to go hey I'm logged in and an admin here's the link to this page... and here's a link to this page if not. You could also forward to the other page right away via so header stuff. but maybe that's beyond the scope... origianlly you were just talking about a link so here's an example: (quick and dirty for simple explanation purposes btw)

 

$adminpage = "www.whatever.com/admin";
$nonadim="www.whatever.com";

if(isset($_SESSION["lvl"]) && $_SESSION["lvl"] == 1)) {
//Echo out your admin options
echo('
<html><body>Hey I'm an Admin! <a href="
');
echo $adminpage;
('
">admin's page link</a></body></html>
');


} 
else {

//Echo out your standard user options

echo('
<html><body>Hey I'm not Admin! <a href="
');
echo $nonadmin;
('
">admin's page link</a></body></html>
');

}

[MatthewJ]

Think logically about what you are trying to do...

 

You want an admin to see things a regular user does not, so when you make that check of their access level, you just echo out the contents for each different page type...

 

You could literally make an admin page and a user page, and copy the html from each page and echo it out in the commented sections. That way, the if/else will decide for you which page content to show the user.

[gwolgamott]

Think logically about what you are trying to do...

 

You want an admin to see things a regular user does not, so when you make that check of their access level, you just echo out the contents for each different page type...

 

You could literally make an admin page and a user page, and copy the html from each page and echo it out in the commented sections. That way, the if/else will decide for you which page content to show the user.

 

Also to add on to this you could even store the pieces of the pages in a database... so if admin logged in ... call this page part stored in the database... else call the other page parts from database.

 

www.w3schools.com/php is a good place for reference too btw

[webman2]

Think logically about what you are trying to do...

 

You want an admin to see things a regular user does not, so when you make that check of their access level, you just echo out the contents for each different page type...

 

You could literally make an admin page and a user page, and copy the html from each page and echo it out in the commented sections. That way, the if/else will decide for you which page content to show the user.

 

This seems really reasonable and totally easier, the trouble is, I want to make it so that there is only one login...

 

Is there no way of simply ...

 

all in one go verifying withj the database who and who isnt a admin!

 

how do i do this? ...

 

ive got my pages ready for this to work... except im not sure how i code this in the login!

 

Ive got a users home page...

Admin home page

 

The database has a table with all the users together including admin ... i simply put a 1 in each row of which the user is a admin and a 0 for the those who are normal users!

 

For those who are admin, how do I get that to open thje admin page and for those normal users how do i say that to go to that page?

[gwolgamott]

 

This seems really reasonable and totally easier, the trouble is, I want to make it so that there is only one login...

 

Is there no way of simply ...

 

all in one go verifying withj the database who and who isnt a admin!

 

how do i do this? ...

Um yes there is and matt showed u

Matt's option is using only one log in...    It's after you verify the username and password this piece of code here (THIS IS IN THE VERIFY SECTION of the code) :

if(isset($_SESSION["lvl"]) && $_SESSION["lvl"] == 1)) {
//Echo out your admin options
//PUT CODE HERE TO REDIRECT FOR ADMIN
//OR LINK TO ADMIN PAGE
} 
else {
//Echo out your standard user options
//PUT CODE HERE TO REDIRECT FOR NON-ADMIN
//OR LINK TO NON-ADMIN PAGE
}

Now echo out redirects in each spot

 

That if and else statement above answers this question:

The database has a table with all the users together including admin ... i simply put a 1 in each row of which the user is a admin and a 0 for the those who are normal users!

 

For those who are admin, how do I get that to open the admin page and for those normal users how do i say that to go to that page?

 

[gwolgamott]

Since I think we lost you...

Step-by-step english how to:

1.) have one log in screen............... done

2.) have other pages....................... done

3.) have a log in script

  a.) verify name and password ........  you've got this I think

  b.) verify if admin or not ..................  is it a 1 or 0..... done

  c.) if it is 1 and admin then echo out link to all pages an admin needs.........

------------------this is what you need to do

  d. if it is 0 then it is not an admin ..................................................................

----------------this is what you need to do

 

That's it... just that simple.

 

[webman2]

Since I think we lost you...

Step-by-step english how to:

1.) have one log in screen............... done

2.) have other pages....................... done

3.) have a log in script

  a.) verify name and password ........  you've got this I think

  b.) verify if admin or not ..................  is it a 1 or 0..... done

  c.) if it is 1 and admin then echo out link to all pages an admin needs.........

------------------this is what you need to do

  d. if it is 0 then it is not an admin ..................................................................

----------------this is what you need to do

 

That's it... just that simple.

 

arghhhh im totally lost!

[gwolgamott]

haha no sweat... that was a bit confusing.... was just a break down though.

 

What I meant was:

you have one login page

when you log in it checks for 1 or 0 after it verifies username and password right?

 

It's at this step that in the login code only it changes. you use the header to redirect or echo out a link page depending on if it is a 1 or 0.

 

That's the simple part....

 

Now the not so simple part....

However if you have page setup to work and the log in page is just sending links or redirects to these pages without each page checking if you are logged in is a major security issue and then yeah not that simple but at the time is very minor adjustments.

 

But I'm out for the weekend... best of luck to you... try snooping these sites for further help as well... the w3schools site.... the dynamicdrive site.... and php.net