Jump to content

Am Loosing My Mind


utevwe

Recommended Posts

I have something like this

<?php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="xxxx"; // Database name
$tbl_name="xxxxxx"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$username=$_POST['username'];
$password=$_POST['password'];

// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

$res = mysql_query("SELECT * FROM members WHERE username = '$username' LIMIT 1");
if(mysql_num_rows($res)>0)
{
$d = mysql_fetch_array($res);    
if($password == $d['password'])
{
session_regenerate_id(); //security for changing permissions
session_register['id'] = $d['id'];
session_register['access_level'] = $d['access_level'];
switch($d['access_level'])
{
case 1:
$loc = "home.php";
break;
case 2:
$loc = "paramedic.php";
break;
case 3:
$loc = "doctor.php";
break;
case 4:
$loc = "medprac.php";
break;
case 5:
$loc = "wardboss.php";
break;
case 6:
$loc = "consultant.php";
break;
}
header("Location: $loc");
}
}
?>

 

and this is verry correct I suppose.

But I am having problem locking the pages. I want doctors and admin to have access to all pages while other to their pages only

Edited by ManiacDan
Link to comment
Share on other sites

Use code tags please.

 

The code you have sends the user to a specific page based on their access level. What you'll want to do is (assuming this is a base/header type file) have a list of what pages are global OR a list of what are "special", then if on the "special" page (or not a global page), check if the user's access is one of the allowed types, and if not redirect them home.

Link to comment
Share on other sites

session_register['id'] = $d['id'];

session_register['access_level'] = $d['access_level'];

Those lines are wrong. session_register is a function, not an array. The recommended way to store a session variable is by setting it in $_SESSION though, there is no need for session_register at all.

$_SESSION['id'] = $d['id'];
$_SESSION['access_level'] = $d['access_level'];

 

 

Link to comment
Share on other sites

Whatever tutorial you're using, stop using it. It's using ancient and deprecated PHP functionality and does strings wrong.

 

You'll have to define what you mean by "locking." Once they log in, they're taken to separate pages. You want THOSE pages to be secured, unrelated to the code you posted?

 

If that's the case, you'll have to go to those pages (or work in a common includes directory), and see if the page they're on is one that they have access to. You can store their access levels in the session since you set them there, but I don't know where your page-to-access-level map is. If there's a database table for that, use it. Otherwise set the access level for each page by hand.

Link to comment
Share on other sites

That code is obviously from phpeasystep.com. That site has possibly the worst code examples on the web. That site shouldn't be used as a learning resource, unless you want to learn how to write code that hasn't been current in at least ten years.

Edited by Pikachu2000
Fixed fat-fingered spelling.
Link to comment
Share on other sites

Did you, in any way, read the site on how to properly use sessions? Correct your session code. Fix your loop. Fix your concatenation line. We've specified 4 things that are wrong, even copying and pasting the lines and telling you why they're wrong.

 

If you can't do this yourself, there's a freelancer board where you can pay someone to do it.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.