Jump to content


Photo

User level


  • Please log in to reply
7 replies to this topic

#1 Vatik

Vatik
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 18 October 2006 - 07:57 PM

I am designing a login type site that when you log in depending on your user level you will be taken to a page. I found a simple login script, the only problem is now i keep running into issues about the user level.

this is the code im using..
<?php
ob_start();
$host="**"; // Host name 
$username="**"; // Mysql username 
$password="**"; // Mysql password 
$db_name="**"; // Database name 
$tbl_name="**"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword 
$myusername=$_POST['myusername']; 
$mypassword=md5($_POST['mypassword'];

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 

header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}

ob_end_flush();
?>


on my mysql table i have a column called User_level but i just cant figure out how to do it. I tried to do session_register('user_level') = 1
header (suchandsuch)

but that didnt turn out good.

Thanks for taking the time to read this.

#2 LazyJones

LazyJones
  • Members
  • PipPipPip
  • Advanced Member
  • 78 posts

Posted 18 October 2006 - 08:11 PM

you'd want to fetch the user level from database and compare it

if($user_level == 1) header("location:normal_user.php");
if($user_level == 2) header("location:admin.php");
...

or something of that sort.
I'll leave the query of the user level as a homework...


BTW.

session_register('user_level') = 1

makes on sense. session_register() is a function which returns TRUE if the registering is succesfull...

and you'll be better off using plain $_SESSION array values (like $_SESSION["user_level"] )

#3 Vatik

Vatik
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 18 October 2006 - 08:32 PM

Wow! that was a quick reply thanks wasnt expecting one so fast.

I tried out the If statements but the page just is all white and doesnt go to those phps.

My coding ended up looking like this

<?php
ob_start();
$host="***"; // Host name 
$username="***"; // Mysql username 
$password="***"; // Mysql password 
$db_name="Login_integinc_ca"; // Database name 
$tbl_name="Clients"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword 
$myusername=$_POST['myusername']; 
$mypassword=md5($_POST['mypassword'];

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION ["myusername"];
$_SESSION ["mypassword"]; 

$sql="SELECT * FROM $tbl_name WHERE user_level='$user_level'";
if($user_level = 1) header("login_success.php");
if($user_level = 2) header("location:admin.php");
}

else {
echo "Wrong Username or Password";
}

ob_end_flush();
?>

i thought i was on the right path am i far off or something?

#4 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 19 October 2006 - 01:30 AM

<?php
ob_start();

$host="***"; // Host name 
$username="***"; // Mysql username 
$password="***"; // Mysql password 
$db_name="Login_integinc_ca"; // Database name 
$tbl_name="Clients"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword 
$myusername=$_POST['myusername']; 
$mypassword=md5($_POST['mypassword'];

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION ["myusername"];
$_SESSION ["mypassword"]; 

$sql="SELECT * FROM $tbl_name WHERE user_level='$user_level'";

if($user_level == 1){

header("login_success.php"){

}elseif($user_level == 2) {

header("location:admin.php");

}else{

echo "Wrong Username or Password";

}

ob_end_flush();
?>

Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#5 trq

trq
  • Staff Alumni
  • Advanced Member
  • 31,041 posts

Posted 19 October 2006 - 02:56 AM

Neither of you managed to define $user_level. Try something like....

<?php
  ob_start();
  $host="***"; // Host name 
  $username="***"; // Mysql username 
  $password="***"; // Mysql password 
  $db_name="Login_integinc_ca"; // Database name 
  $tbl_name="Clients"; // Table name 

// Connect to server and select databse.
  mysql_connect($host, $username, $password) or die("cannot connect"); 
  mysql_select_db($db_name)or die("cannot select DB");

  if (isset($_POST['myusername']) && isset($_POST['mypassword'])) {
    // Define $myusername and $mypassword 
    $myusername = $_POST['myusername']; 
    $mypassword = md5($_POST['mypassword'];

    $sql="SELECT * FROM $tbl_name WHERE username='$myusername' AND password='$mypassword'";
    $result = mysql_query($sql) or die(mysql_error());

// Mysql_num_row is counting table row
    $count = mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

    if ($count == 1) {
      $row = mysql_fetch_assoc($result);
// Register $myusername, $mypassword and redirect to file "login_success.php"
      $_SESSION ["myusername"] = $row['myusername'];
      $_SESSION ["mypassword"] = $row['mypassword'];
      if ($row['user_level'] == 1) header("login_success.php");
      if ($row['user_level'] == 2) header("location:admin.php");
    } else {
      echo "Wrong Username or Password";
  }
  ob_end_flush();
?>

PS: Ive also removed your db password from your post, dont want anyone hacking it.

#6 Vatik

Vatik
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 19 October 2006 - 03:54 PM

I just tried it out both of your ways. When i log in it just makes me stay at the checklogin.php page which is just white. It doesnt transfer me over.

#7 HuggieBear

HuggieBear
  • Members
  • PipPipPip
  • Advanced Member
  • 1,899 posts
  • LocationEngland, UK

Posted 19 October 2006 - 04:14 PM

on my mysql table i have a column called User_level


Don't forget case-sensitivity for table names, so thorpe's code needs to have this:

if ($row['User_level'] == 2)
not
if ($row['user_level'] == 2)

Regards
Huggie
Advice to MySQL users: Get phpMyAdmin and test your queries work there first, take half the hassle out of diagnosis, also check the reserved words list.

Links: PHP Docs :: RegEx's :: MySQL :: DevGuru :: w3schools

#8 Vatik

Vatik
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 20 October 2006 - 02:38 PM

I matched up everyone the exact spelling and capitals yet the page seems to just stay white and doesnt transfer me off checklogin. This doesnt make sense to me why its not working. :'(




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users