Jump to content

How to set log in with privilege

metalloid

By metalloid
in PHP Coding Help

Recommended Posts

metalloid Newbie

metalloid

Posted
Posted

I am making a log in to my page but I do not know where to put the restriction/privilege to a user. Given that they input usernames and passwords in a general log in form, but upon log in they would be directed to the page they are allowed only to see and manipulate.

 

For example if the log in detects that the user_lvl is 1 it would show the user the admin page, or if the user_lvl is 2 it would show the clerks page, or if the user_lvl is 3 it would redirect the user to the view only page.

 

here is my code:

 

 

<?php

session_start();

include ('config.php');

 

$username = $_POST["username"];

$password = md5($_POST["password"]);

 

$sql="SELECT * FROM users WHERE username='$username' and password='$password'";

$result=mysql_query($sql,$con);

 

$count=mysql_num_rows($result);

 

 

$rec = mysql_fetch_row($result);

 

if($count==1){

 

session_register("username");

session_register("password");

$_SESSION['name1'] = $rec[1]." ".$rec[3];

$_SESSION['id'] = $rec[0];

$_SESSION['ok'] = 1;

header("location:lloydfinals.php");

}else {

include ('erroruser.php');

}

?>

 

Link to comment
https://forums.phpfreaks.com/topic/234207-how-to-set-log-in-with-privilege/
Share on other sites
metalloid Newbie

metalloid

Posted
  • Author
Posted

I tried using this code but it won't work...

 

It's for the Admin page...

 

 

<?php

session_start();

include ('config.php');

 

$username = $_POST["username"];

$password = $_POST["password"];

 

$sql="SELECT * FROM users WHERE username='$username' and password='$password' and user_lvl= '$user_lvl'";

$result=mysql_query($sql,$con);

 

$count=mysql_num_rows($result);

 

 

$rec = mysql_fetch_row($result);

 

if($count==1){

 

session_register("username");

session_register("password");

session_register("user_lvl") ==1;

$_SESSION['name1'] = $rec[1]." ".$rec[3];

$_SESSION['id'] = $rec[0];

$_SESSION['ok'] = 1;

header("location: Admin_main.php");

}else {

include ('erroruser.php');

}

?>

 

Skewled Member

Skewled

Posted
Posted 

   session_register("user_lvl") ==1;
   $_SESSION['name1'] = $rec[1]." ".$rec[3];
   $_SESSION['id'] = $rec[0];
   $_SESSION['ok'] = 1;
   header("location: Admin_main.php");

 

Do you have a user_lvl field in your database? $rec['user_lvl'] as an example

 

First:

$_SESSION['user_lvl'] = $rec['user_lvl'];

 

Then: Assign your $_SESSION variables and then use either a IF/ELSE or SWITCH/CASE to step through your user_lvl's.

 

if ($_SESSION['user_lvl'] == 1) {
   // header to load the admin page
} elseif ($_SESSION['user_lvl'] == 2) {
  // header to load next page
} else { 
// header to load the user level page
}

metalloid Newbie

metalloid

Posted
  • Author
Posted

There is an error message

 

Parse error: parse error in D:\wamp\www\Lloyd\SCVI\checkuser.php on line 25

 

that would be on this line:

header("location: Admin_main.php")}

 

 

of the new code from which you suggested:

<?php
session_start();
include ('config.php'); 

$username = $_POST["username"]; 
$password = $_POST["password"];

$sql="SELECT * FROM users WHERE username='$username' and password='$password' and user_lvl= '$user_lvl'";
$result=mysql_query($sql,$con);

$count=mysql_num_rows($result);


$rec = mysql_fetch_row($result);

if($count==1){

session_register("username");
session_register("password");
$_SESSION['name1'] = $rec[1]." ".$rec[3];
$_SESSION['user_lvl'] = $rec['user_lvl'];
$_SESSION['id'] = $rec[0];
$_SESSION['ok'] = 1;
if ($_SESSION['user_lvl'] == 1) {
header("location: Admin_main.php")}
else if ($_SESSION['user_lvl'] == 2) {
header("location: Powuser_main.php")};
}else {
include ('erroruser.php'); 
}
?>

 

Skewled Member

Skewled

Posted
Posted

Should be:

 

if ($_SESSION['user_lvl'] == 1) {
        header("location: Admin_main.php")
} else if ($_SESSION['user_lvl'] == 2) {	
       header("location: Powuser_main.php");
} else {
       include ('erroruser.php');
}

 

You had an extra } along with no ; for ending that line.

 

header("location: Powuser_main.php")};}else {

metalloid Newbie

metalloid

Posted
  • Author
Posted

Tried modifying it just as you suggested:

<?php
session_start();
include ('config.php'); 

$username = $_POST["username"]; 
$password = $_POST["password"];

$sql="SELECT * FROM users WHERE username='$username' and password='$password' and user_lvl= '$user_lvl'";
$result=mysql_query($sql,$con);

$count=mysql_num_rows($result);


$rec = mysql_fetch_row($result);

if($count==1){

session_register("username");
session_register("password");
$_SESSION['name1'] = $rec[1]." ".$rec[3];
$_SESSION['user_lvl'] = $rec['user_lvl'];
$_SESSION['id'] = $rec[0];
$_SESSION['ok'] = 1;
if ($_SESSION['user_lvl'] == 1) {
        header("location: Admin_main.php")
} else if ($_SESSION['user_lvl'] == 2) {	
       header("location: Powuser_main.php");
} else {
       include ('erroruser.php');
}
?>

 

But there is an error message here on this portion:

 

} else if ($_SESSION['user_lvl'] == 2) {

 

The error message is this:

 

Parse error: parse error in D:\wamp\www\Lloyd\SCVI\checkuser.php on line 26

 

Skewled Member

Skewled

Posted
Posted

Sorry was very late, but I said you needed to add ; to the line but fell short of telling you which one...

 

You're not adding ; to the end of this line:

 

        header("location: Admin_main.php")

 

You need to:

 

        header("location: Admin_main.php");

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.