Jump to content

Login based on access control - cleanup code..??

azukah

By azukah
in PHP Coding Help

 Share

Recommended Posts

azukah Member

azukah

Posted
Posted

this code works but wondering if there's an easier/cleaner way. the code redirect to 2 pages based on the user_role and if credentials r wrong it sends u back to the same login screen with a msg.

 

 

<?php 
if (!isset($_SESSION)) { session_start();}
require_once('config.php');
$now=time();
$message= $_GET['message'];
if (isset($_POST['user_email'])) {
  	$user_email=$_POST['user_email'];
  	$user_pw=$_POST['user_pw'];
mysql_select_db($database, $makeconnection);

  	$admin="SELECT * 
  		FROM tbl_users 
  		WHERE user_email='$user_email' 
  		AND user_role='1'
  		AND user_pw='$user_pw'"; 
  	
  	$client="SELECT * 
  		FROM tbl_users 
  		WHERE user_email='$user_email' 
  		AND user_role='6'
  		AND user_pw='$user_pw'"; 

  	//check that at least one row was returned
$adminresult=mysql_query($admin);
$admincount = mysql_num_rows($adminresult);

$clientresult=mysql_query($client);
$clientcount = mysql_num_rows($clientresult);

//if found, start session & redirect
if($admincount> 0){
$_SESSION['session_user_email'] =  $user_email; 
$_SESSION['session_start'] = time();
header( "Location: index.php" );
}
else if($clientcount> 0){
$_SESSION['session_user_email'] =  $user_email; 
$_SESSION['session_start'] = time();
header( "Location: test.php" );

//wrong credentials redirect
  	} else {
	header("Location: login.php?message=loginfailed");
  	}
}
?>

Link to comment
Share on other sites
WebStyles Newbie

WebStyles

Posted
Posted

you can greatly simplify that with something like this:

 

<?php 
session_start();
require_once('config.php');
if (isset($_POST['user_email']) && isset($_POST['user_pw'])) {
  	$user_email = trim($_POST['user_email']);
  	$user_pw = trim($_POST['user_pw']);
mysql_select_db($database, $makeconnection);

  	$q="select * from `tbl_users`	where `user_email` = '$user_email' and `user_pw` = '$user_pw' order by `user_role`"; 
	while($r==mysql_fetch_assoc($q)){
		$_SESSION['session_user_email'] =  $user_email; 
	$_SESSION['session_start'] = time();
		if($r['user_role']=='1'){
			header( "Location: index.php" );
			exit();
		}else{
			header( "Location: test.php" );
			exit();
		}
	}
  	//wrong credentials redirect
header("Location: login.php?message=loginfailed");
}
?>

 

but you still have some security issues there, suggest you read a bit about mysql_real_escape_string() .

 

on the first line, what you're saying is basically: "If a $_SESSION variable does not exist, then don't start session" why?

In simple terms, in any page you want to use $_SESSION variables (getting or setting) you need to have session_start() at the top before any output.

Get the irony? $_SESSION never exists before you start the session.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.