Jump to content

simple role based login

decpariem

By decpariem
in PHP Coding Help

Recommended Posts

decpariem Newbie

decpariem

Posted
Posted

hi. i am trying to make a simple login system in flash php mysql.I have the database table users and the user is either admin or simple user. i want a php form that will check the role entry and return different result to process it in flash. i have the code for admin login without role which works:

<?php

include_once("settings.inc.php");

include_once("functions.inc.php");

$password = MD5($_GET['userPassword']); // md5()

$query = "SELECT * FROM user WHERE username = '" . $_GET['userName'] . "' AND password = '$password'";

$result = @mysql_query($query);

if($result){

    if(mysql_num_rows($result) == 1){

        echo "status=ok";

    }

else{

        fail("The user name and password could not be validated.");

    }

}else{

    fail("There was an error getting information on the user.", mysql_error());

}

?>

 

i guess a line is missing to check the roles but i can't think of it!!!! help please.

 

Link to comment
https://forums.phpfreaks.com/topic/195020-simple-role-based-login/
Share on other sites
cs.punk Advanced Member

cs.punk

Posted
Posted

hi. i am trying to make a simple login system in flash php mysql.I have the database table users and the user is either admin or simple user. i want a php form that will check the role entry and return different result to process it in flash. i have the code for admin login without role which works:

<?php

include_once("settings.inc.php");

include_once("functions.inc.php");

$password = MD5($_GET['userPassword']); // md5()

$query = "SELECT * FROM user WHERE username = '" . $_GET['userName'] . "' AND password = '$password'";

$result = @mysql_query($query);

if($result){

    if(mysql_num_rows($result) == 1){

        echo "status=ok";

    }

else{

        fail("The user name and password could not be validated.");

    }

}else{

    fail("There was an error getting information on the user.", mysql_error());

}

?>

 

i guess a line is missing to check the roles but i can't think of it!!!! help please.

 

Firstly use POST rather than GET. It is more secure. Look into mysql_real_escape_string to make your inputs database safe...

Consider if I typed in "test"; die;"..

 

You might have magic quotes turned on though. This automatically escapes all POST/GET data.

 

Oh i forget!

I would add a 'rank' column to your table. And do something like this:

 

<?php
include_once("settings.inc.php");
include_once("functions.inc.php");

$password = MD5($_GET['userPassword']); // md5()

$query = "SELECT * FROM user WHERE username = '" . $_GET['userName'] . "' AND password = '$password'";
$result = @mysql_query($query);
if($result){
    if(mysql_num_rows($result) == 1){
        echo "status=ok";

    $row = mysql_fetch_row($result);
    echo "status=ok Rank={$row['3']}"; //        Which ever is the colunm your rank is starting from 0,1,2,3 etc
    } else{
        fail("The user name and password could not be validated.");
    }
}else{
    fail("There was an error getting information on the user.", mysql_error());
}
?>

decpariem Newbie

decpariem

Posted
  • Author
Posted

the truth is i don't seem to get your point.

while i have a flash application as interface i have something like this code into flash to check php.

if status=="ok" then do this. i don't get the line echo status=ok rank=["3"].

say i have a column role which is 0 if the user is admin and1 if the user is simple.

i want a diffirent status for each case.

thank you.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.