utevwe Posted October 8, 2012 Share Posted October 8, 2012 (edited) I have something like this <?php $host="localhost"; // Host name $username="root"; // Mysql username $password=""; // Mysql password $db_name="xxxx"; // Database name $tbl_name="xxxxxx"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // username and password sent from form $username=$_POST['username']; $password=$_POST['password']; // To protect MySQL injection (more detail about MySQL injection) $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $res = mysql_query("SELECT * FROM members WHERE username = '$username' LIMIT 1"); if(mysql_num_rows($res)>0) { $d = mysql_fetch_array($res); if($password == $d['password']) { session_regenerate_id(); //security for changing permissions session_register['id'] = $d['id']; session_register['access_level'] = $d['access_level']; switch($d['access_level']) { case 1: $loc = "home.php"; break; case 2: $loc = "paramedic.php"; break; case 3: $loc = "doctor.php"; break; case 4: $loc = "medprac.php"; break; case 5: $loc = "wardboss.php"; break; case 6: $loc = "consultant.php"; break; } header("Location: $loc"); } } ?> and this is verry correct I suppose. But I am having problem locking the pages. I want doctors and admin to have access to all pages while other to their pages only Edited October 8, 2012 by ManiacDan Quote Link to comment Share on other sites More sharing options...
xyph Posted October 8, 2012 Share Posted October 8, 2012 (edited) session_register is long depricated. On top of that, you're using in incorrectly. Please, check out the manual on how to assign and use session variables. http://php.net/manual/en/session.examples.basic.php Edited October 8, 2012 by xyph Quote Link to comment Share on other sites More sharing options...
Jessica Posted October 8, 2012 Share Posted October 8, 2012 Use code tags please. The code you have sends the user to a specific page based on their access level. What you'll want to do is (assuming this is a base/header type file) have a list of what pages are global OR a list of what are "special", then if on the "special" page (or not a global page), check if the user's access is one of the allowed types, and if not redirect them home. Quote Link to comment Share on other sites More sharing options...
kicken Posted October 8, 2012 Share Posted October 8, 2012 session_register['id'] = $d['id']; session_register['access_level'] = $d['access_level']; Those lines are wrong. session_register is a function, not an array. The recommended way to store a session variable is by setting it in $_SESSION though, there is no need for session_register at all. $_SESSION['id'] = $d['id']; $_SESSION['access_level'] = $d['access_level']; Quote Link to comment Share on other sites More sharing options...
ManiacDan Posted October 8, 2012 Share Posted October 8, 2012 Whatever tutorial you're using, stop using it. It's using ancient and deprecated PHP functionality and does strings wrong. You'll have to define what you mean by "locking." Once they log in, they're taken to separate pages. You want THOSE pages to be secured, unrelated to the code you posted? If that's the case, you'll have to go to those pages (or work in a common includes directory), and see if the page they're on is one that they have access to. You can store their access levels in the session since you set them there, but I don't know where your page-to-access-level map is. If there's a database table for that, use it. Otherwise set the access level for each page by hand. Quote Link to comment Share on other sites More sharing options...
xyph Posted October 8, 2012 Share Posted October 8, 2012 BTW - you should tie your mind up tighter next time Quote Link to comment Share on other sites More sharing options...
utevwe Posted October 8, 2012 Author Share Posted October 8, 2012 Kicken what do I need to do? Quote Link to comment Share on other sites More sharing options...
ManiacDan Posted October 8, 2012 Share Posted October 8, 2012 Read the rest of the posts and click on the links to the session manual, for one. Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted October 8, 2012 Share Posted October 8, 2012 (edited) That code is obviously from phpeasystep.com. That site has possibly the worst code examples on the web. That site shouldn't be used as a learning resource, unless you want to learn how to write code that hasn't been current in at least ten years. Edited October 8, 2012 by Pikachu2000 Fixed fat-fingered spelling. Quote Link to comment Share on other sites More sharing options...
ManiacDan Posted October 8, 2012 Share Posted October 8, 2012 Yes, also, "stop using that site." Most of the content of this thread is good advice, not just Kicken (though Kicken is very smart) Quote Link to comment Share on other sites More sharing options...
utevwe Posted October 8, 2012 Author Share Posted October 8, 2012 So guy, can someone please help me out? Quote Link to comment Share on other sites More sharing options...
Jessica Posted October 8, 2012 Share Posted October 8, 2012 I'm not your guy, pal. Quote Link to comment Share on other sites More sharing options...
ManiacDan Posted October 8, 2012 Share Posted October 8, 2012 Did you, in any way, read the site on how to properly use sessions? Correct your session code. Fix your loop. Fix your concatenation line. We've specified 4 things that are wrong, even copying and pasting the lines and telling you why they're wrong. If you can't do this yourself, there's a freelancer board where you can pay someone to do it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.