Login/logout For Admin And Regular Users

[gromstone]

I made a login/logout page, but now I i'll like to separate the admin from regular users as they login. What I am trying to do is to have **regular users** just view available files, and the **admins** well of course they will be able to view and edit those files.

 

Now my set up:

 

**Login**.php

<?php
session_start();
include("password.php");
require_once "config.php";

/* Constants */
$TITLE = "Formation - User Login";
$CSS = array("assets/css/formation.css");
$Javascript = array();
$mode = $_GET["mode"];
/* Template */

require_once $TEMPLATE_PATH."header.php";

if ($mode == "login") { /// do after login form is submitted
	 if ($USERS[$_POST["username"]]==$_POST["password"]) { /// check if submitted username and password exist in $USERS array
		 $_SESSION["login"]=$_POST["username"];
		 header("location:index.php");
	 } else {
		 echo "Incorrect username/password. Please, try again.";
	 };
} else if ($mode == "logout") {
	 session_start();
	 unset($_SESSION["login"],$USERS);
	 header("location: login.php");
	 exit(0);
};
echo <<< XHTML

	<h1>$TITLE</h1>
	<form id="form" method="post" action="{$LOGIN_URL}?mode=login">
		<label id="username_label" for="username" class="normal">Username</label> :<br />
		<input id="username" name="username" type="text" value="" class="half" /><br />
		<label id="password_label" for="password" class="normal">Password</label> :<br />
		<input id="password" name="password" type="password" value="" class="half" /><br />
		<input id="submits" type="submit" value="Login" />
	</form>

XHTML;

require_once $TEMPLATE_PATH . "footer.php";

?>

**Password**.php (verifies users and passwords)

 

<?php
$USERS["drodrig1"] = "pwd1";
$USERS["jsutta"] = "pwd2";
$USERS["username3"] = "pwd3";

function check_logged(){
	 global $_SESSION, $USERS;
	 if (!array_key_exists($_SESSION["login"],$USERS)) {
		 header("Location: login.php");
		 exit(0);
	 };
};
?>

 

**Config**.php

<?php

$ASSETS_URL = "[url="https://url-link/formationXX/assets/%22;"]https://url-link/for...ionXX/assets/";[/url]
$ASSETS_PATH = "serverpath/formationXX/assets/";
$TEMPLATE_URL = "[url="https://url-link/formationXX/assets/template/%22;"]https://url-link/for...ets/template/";[/url]
$TEMPLATE_PATH = "serverpath/formationXX/assets/template/";
$LOGIN_URL = "[url="https://url-link/formationXX/login.php%22;"]https://url-link/for...nXX/login.php";[/url]
$LOGIN_PATH = "serverpath/formationXX/login.php";

?>

 

**Index**.php (After login, this is where I want to see admin differentiate from regular user. The admin should be able so see and edit the following: CSS, JS, Email, PDF and Spread Sheet. Meanwhile user can **only view** all except: CSS, JS)

<?php

require_once "config.php";
session_start(); /// initialize session
include("password.php");
check_logged(); /// function checks if visitor is logged.

/* Constants */
$TITLE = "Formation - User Login";
$CSS = array("assets/css/formation.css");
$Javascript = array();
/* Template */

require_once $TEMPLATE_PATH."header.php";

echo <<< XHTML
		<form id="form" method="post" action="{$LOGIN_URL}?mode=login">
		 <div class="full row column">
			<h1>{$TITLE}</h1>
		 </div>
		 <div class="full row column">
			<div class="half column small">
			 <p>Logged in as: <strong>{$_SESSION["login"]}</strong> | <a href="{$LOGIN_URL}?mode=logout" class="small">Logout</a></p><br />
			 Add Form | Delete Selected Form(s)
			</div>
		 </div>
		 <div class="full row column">
			<table id="formslist" cellpadding="0" cellspacing="0">
			 <th>
				<tr>
				 <td class="form_select">
					<input id="selectallforms" name="selectallforms" type="checkbox" value="Select All Forms" />
				 </td>
				 <td class="form_id">
					ID
				 </td>
				 <td class="form_url">
					URL
				 </td>
				 <td class="form_dates">
					Launch Date
				 </td>
				 <td class="form_dates">
					Expiration Date
				 </td>
				 <td class="form_autofill">
					Autofill
				 </td>
				 <td class="form_save">
					**CSS**
				 </td>
				 <td class="form_save">
					**JS**
				 </td>
				 <td class="form_save">
					Email
				 </td>
				 <td class="form_save">
					PDF
				 </td>				
				 <td class="form_dates">
					Spread sheet
				 </td>
				</tr>
			 </th>
			</table>
		 </div>
		</form>
XHTML;

require_once $TEMPLATE_PATH . "footer.php";

?>

[codydaig]

I don't have much time to completely go through your code, and I don't see exactly where the user can "edit" a file. What I would do is just store a variable when the user logs in (store a variable or in a session cookie) whether they are a "user" or "administrator" then in your output page, when you have content that is admin only, just check to see if user is administrator.

[White_Lily]

create a column in your database called "type" make this a tinyint of 1.

 

now - normal users will be 0

and admins will 1

 

E.g:

 

$query = mysql_query("SELECT type FROM users WHERE username = '$user'");
$gettype = mysql_fetch_assoc($query);
if($gettype["type"] == 0{
//code for normal users
}elseif($gettype["type"] == 1){
//code for admins
}

[gromstone]

I was trying something like this, but it didn't work

$USERS["drodrig1"]['level'] = 0; 
$USERS["jsutta"]['level'] = 1; 
$USERS["username3"]['level'] = 0;

if ($_GET['action'] === 'edit' && $USERS[$_SESSION["login"]]['level'] === 1) {
   // Go to function where users changes gets saved to files or db:
   saveChanges($_POST);
} else {
   die("<h1>Sorry, you cant do that!</h1>");
}

[White_Lily]

use == (equal to) not === (identical to). this is sometimes the problem with if else statements that i write aswell

[Muddy_Funster]

Can I just point out that simply saying "it doesn't work" is right up there on the pointless scale along side "it's broken", "it's not doing what I want it to" and actualy not saying anything at all?

[White_Lily]

and plus if it doesnt work, try a different method? the one i posted is the one i use for my CMS, Forum, and other sites that i have built / am building.

[gromstone]

@Muddy_Funster Dude!, how would you like me to approach it then?, I am new to this, and I am having a little problem with the logics.

[Muddy_Funster]

Break it down for us gromstone. The three fundimentals that need to be coverd when a problem occurs :

1. What the code is supposed to do.
   
2. What the code is actualy doing.
   
3. Any and all errors that are being shown - if it's a plain blank page, and you view source and it is also blank, then you need to turn on error reporting.
   

 

looking at your post #4 for example, you have an else statement there if the validation fails. Here's some options :

• The code could be erroring out,
  
• it could be producing the validation fail message when it shouldn't,
  
• it could be accepting validation when it shouldn't,
  
• it could be that the validation is fine, but the saveChanges() procedure call isn't doing what it should,
  
• it could be that the saveChanges() procedure is being called and doing what it should and the validation fail message is being shown.
  

I'm not actualy trying to be nasty or anything, I'm just facetious by nature.

[gromstone]

1 What does the code do?

Ok, let me see if I can do this better. Lets start from the login.php

Login.php

Its just a normal login page, user type the user and password and they gain access.

At the moment any user(with valid password) will have access to everything.

What I would like to do is a separation of admin and users, so that when they login they can have access to selected items.

 

password.php

This is where I verify if the user has a password.

Also there is the function that checks if the users are logged in.

 

config.php

is just the url/paths for certain files. ex the Header and footer .php files that are basically the template files. In other words html>head>/head>body>div>content/div>/body/html>

 

index.php (user view only, admin will view and edit ) emailForm.php, cssEdit.php, jsEdit.php, formCreate.php(Are other pages that I will create for admin use only)

Here is where I will get the items(in this case available forms).Each item will have the following:checkbox, Id#, name(url), launch date, expiration date, css, js, email, pdf, spread sheet.

The user that access this page can ONLY VIEW the following:checkbox, Id#, name(url), launch date, expiration date, email, pdf, spread sheet.

While the admin can view and edit: checkbox, Id#, name(url), launch date, expiration date, css, js, email, pdf, spread sheet.

This is also where the admin will have access to the other pages which include emailForm.php, cssEdit.php, jsEdit.php, formCreate.php.

 

Now where are my issues

1. Getting a separation of admin and users (currently working on this)

2. Getting the items(Forms), the are available in a different folder. (Once issues #1 is complete)

3. When the items are collected, make sure that it will print out in the following format checkbox, Id#, name(url), launch date, expiration date, css, js, email, pdf, spread sheet.

 

           echo "    <tr>\n";
           echo "      <td class=\"form_select\"><input id=\"select-all_form1\" name=\"select_all_form1\" type=\"checkbox\" value=\"Forms\" class=\"case\" /></td>\n";
           echo "      <td class=\"form_id\">" . $value . "</td>\n";
           echo "      <td class=\"form_url\"><a href=\"" . $key . "\" target=\"_blank\">" . $form_title . "</a></td>\n";
           echo "      <td class=\"form_dates\">".$launchdate."</a></td>\n";
           echo "      <td class=\"form_dates\">".$expiredate."</a></td>\n";
           echo "      <td class=\"form_autofill\">".$filler."</a></td>\n";
           echo "      <td class=\"form_save\">".$css."</a></td>\n";
           echo "      <td class=\"form_save\">".$js."</a></td>\n";
           echo "      <td class=\"form_save\">".$email."</a></td>\n";
           echo "      <td class=\"form_save\">".$pdf."</a></td>\n";
           echo "      <td class=\"form_dates\">".$spread."</a></td>\n";
           echo "    </tr>\n";

 

I hope this gives a better explination.

[White_Lily]

do get the difference between an admin logging in and a normal member logging in look at my example of an if and elseif statement. so long as you change it to suit your code then it will work first time.

[Muddy_Funster]

yeah, ok I get that. So what's the actual problem at the moment? and, if I may ask, why have you elected not to use a database?

[gromstone]

I know I need to work with a database. But I am not that great with MySQL, also I don't really have access to them. Plus this is a small project I need to have ready in 2 weeks and I am already on week 2. 4 days to dead line.

[gromstone]

@White_Liily I would like to take that approach but I dont have access to the database. And I really can't mame one.

[Muddy_Funster]

ok, so you have the login page, and it's all working happy as you like, the problem is now identifying admin from non-admin right?

what is it exactly that's going wrong here?

 

oh, and this typo:

....And I really can't mame one.

made me smile

[gromstone]

@Muddy_Funster Currently, yes that is my problem. Also don't make fun of me, I am trying my best to keep my composure.

[Muddy_Funster]

ohhhh...that's not even close to me making fun of you! so, my question still stands, what exactly is the issue you are having with the admin/user split? give us details, specifics, as much as you can - the more info we have the better and quicker we can provide productive help.

[gromstone]

Well I do like how my code is working so far. Now I want to add a way to split admin/users. And I would like to do it in the login page inside the if/else of the login.php.

Where in this code below can I add a way to say user:drodrig1 == admin or user:jsutta == user.

       if ($mode == "login") { /// do after login form is submitted
                if ($USERS[$_POST["username"]]==$_POST["password"]) { /// check if submitted username and password exist in $USERS array
                        $_SESSION["login"]=$_POST["username"];
                        header("location:index.php");
                } else {
                        echo "Incorrect username/password. Please, try again.";
                };
       } else if ($mode == "logout") {
                session_start();
                unset($_SESSION["login"],$USERS);
                header("location: login.php");
                exit(0);
       };

 

After, inside the index.php, when the admin is logged in they can view and edit from the table of items below. Meanwhile the user can only view some of them.

 

here is a link to my project

/software/development/drodrig1/formationXX/

[MDCode]

There are plenty of sites that allow people to use private mysql databases through their site. However secure I'm not sure. Perhaps another person who knows can tell you but might be worth looking into

[Muddy_Funster]

OK, I'll have a look at you link in the morning, but for now, I's suggest that, for speed and simplicity, pass a status variable through the session array to identify admin / user. set this variable by nesting another if inside your login that checks

if($_POST['username'] == "adminUserName"){$_SESSION['status'] = 'admin';}
else{$_SESSION['status'] = 'user';}

you would need to change it to suit your username for the admin user.

 

Once this is set you can then check against $_SESSION['status'] to see what options to provide at the points that would require it.

[Muddy_Funster]

tried your link, looks like it needs a student login perhaps?

[gromstone]

Yeah, in this project I have to make the teachers(Admin) and the Students(Users). Once they log in they can view all the forms available, the teachers will be able to edit the forms and some of the files connected to it (CSS, JS, Spreadsheet...)

 

Now what do you think?

[gromstone]

@Muddy_Funster

Have a look at the code below. That is the output line of the code that I made. In the fourth line you will see a CSS file. I would like to be able to open and edit those files if they are available to the form. I have no idea how to approach it.

 

 

<tr>
<td class="form_select"><input id="select_all_form15" name="select_all_form15" type="checkbox" value="Forms" class="case" /></td>
<td class="form_id">1334261250</td>
<td class="form_url"><a href="/forms/hatternet/deland/email/index.php" target="_blank">Lifetime Email Request</a></td>
<td class="form_autofill">HATTERNET</td>
<td class="form_save">form.css</td>
<td class="form_save"></td>
<td class="form_save"></td>
<td class="form_save"></td>
<td class="form_dates"></td>
</tr>

 

Let me try to explain better

My function did his job and search for the forms and it gives his output

The output are the list of forms, some form have added files.

In this case I am focusing on the CSS files

Now my function can find those files. But I dont know how to open/edit them when I click on them if they are available.

 

Someone told me to try to use fopen. what would your suggestion be?

Edited November 5, 2012 by gromstone

[Muddy_Funster]

Yeah, I would say that fopen was made exactly for this reason. Load the css file into a variable and then preload the variable into the form (I'd suggest a large textarea for this rather than try to break out each element into it's own input). Then when the form is submitted you could even compare the form input with the fopen variable and save changes if there are any, discard if there are none.

 

What you may want to look at as well is glob() for finding and listing the file names in a directory, but that's overkill if you know that the file name will never change or be deleted.