Jump to content

Login/logout For Admin And Regular Users


gromstone

Recommended Posts

I made a login/logout page, but now I i'll like to separate the admin from regular users as they login. What I am trying to do is to have **regular users** just view available files, and the **admins** well of course they will be able to view and edit those files.

 

Now my set up:

 

**Login**.php

<?php
session_start();
include("password.php");
require_once "config.php";

/* Constants */
$TITLE = "Formation - User Login";
$CSS = array("assets/css/formation.css");
$Javascript = array();
$mode = $_GET["mode"];
/* Template */

require_once $TEMPLATE_PATH."header.php";

if ($mode == "login") { /// do after login form is submitted
	 if ($USERS[$_POST["username"]]==$_POST["password"]) { /// check if submitted username and password exist in $USERS array
		 $_SESSION["login"]=$_POST["username"];
		 header("location:index.php");
	 } else {
		 echo "Incorrect username/password. Please, try again.";
	 };
} else if ($mode == "logout") {
	 session_start();
	 unset($_SESSION["login"],$USERS);
	 header("location: login.php");
	 exit(0);
};
echo <<< XHTML

	<h1>$TITLE</h1>
	<form id="form" method="post" action="{$LOGIN_URL}?mode=login">
		<label id="username_label" for="username" class="normal">Username</label> :<br />
		<input id="username" name="username" type="text" value="" class="half" /><br />
		<label id="password_label" for="password" class="normal">Password</label> :<br />
		<input id="password" name="password" type="password" value="" class="half" /><br />
		<input id="submits" type="submit" value="Login" />
	</form>

XHTML;

require_once $TEMPLATE_PATH . "footer.php";

?>

**Password**.php (verifies users and passwords)

 

<?php
$USERS["drodrig1"] = "pwd1";
$USERS["jsutta"] = "pwd2";
$USERS["username3"] = "pwd3";

function check_logged(){
	 global $_SESSION, $USERS;
	 if (!array_key_exists($_SESSION["login"],$USERS)) {
		 header("Location: login.php");
		 exit(0);
	 };
};
?>

 

**Config**.php

<?php

$ASSETS_URL = "[url="https://url-link/formationXX/assets/%22;"]https://url-link/for...ionXX/assets/";[/url]
$ASSETS_PATH = "serverpath/formationXX/assets/";
$TEMPLATE_URL = "[url="https://url-link/formationXX/assets/template/%22;"]https://url-link/for...ets/template/";[/url]
$TEMPLATE_PATH = "serverpath/formationXX/assets/template/";
$LOGIN_URL = "[url="https://url-link/formationXX/login.php%22;"]https://url-link/for...nXX/login.php";[/url]
$LOGIN_PATH = "serverpath/formationXX/login.php";

?>

 

**Index**.php (After login, this is where I want to see admin differentiate from regular user. The admin should be able so see and edit the following: CSS, JS, Email, PDF and Spread Sheet. Meanwhile user can **only view** all except: CSS, JS)

<?php

require_once "config.php";
session_start(); /// initialize session
include("password.php");
check_logged(); /// function checks if visitor is logged.

/* Constants */
$TITLE = "Formation - User Login";
$CSS = array("assets/css/formation.css");
$Javascript = array();
/* Template */

require_once $TEMPLATE_PATH."header.php";

echo <<< XHTML
		<form id="form" method="post" action="{$LOGIN_URL}?mode=login">
		 <div class="full row column">
			<h1>{$TITLE}</h1>
		 </div>
		 <div class="full row column">
			<div class="half column small">
			 <p>Logged in as: <strong>{$_SESSION["login"]}</strong> | <a href="{$LOGIN_URL}?mode=logout" class="small">Logout</a></p><br />
			 Add Form | Delete Selected Form(s)
			</div>
		 </div>
		 <div class="full row column">
			<table id="formslist" cellpadding="0" cellspacing="0">
			 <th>
				<tr>
				 <td class="form_select">
					<input id="selectallforms" name="selectallforms" type="checkbox" value="Select All Forms" />
				 </td>
				 <td class="form_id">
					ID
				 </td>
				 <td class="form_url">
					URL
				 </td>
				 <td class="form_dates">
					Launch Date
				 </td>
				 <td class="form_dates">
					Expiration Date
				 </td>
				 <td class="form_autofill">
					Autofill
				 </td>
				 <td class="form_save">
					**CSS**
				 </td>
				 <td class="form_save">
					**JS**
				 </td>
				 <td class="form_save">
					Email
				 </td>
				 <td class="form_save">
					PDF
				 </td>				
				 <td class="form_dates">
					Spread sheet
				 </td>
				</tr>
			 </th>
			</table>
		 </div>
		</form>
XHTML;

require_once $TEMPLATE_PATH . "footer.php";

?>

Link to comment
Share on other sites

I don't have much time to completely go through your code, and I don't see exactly where the user can "edit" a file. What I would do is just store a variable when the user logs in (store a variable or in a session cookie) whether they are a "user" or "administrator" then in your output page, when you have content that is admin only, just check to see if user is administrator.

Link to comment
Share on other sites

create a column in your database called "type" make this a tinyint of 1.

 

now - normal users will be 0

and admins will 1

 

E.g:

 

$query = mysql_query("SELECT type FROM users WHERE username = '$user'");
$gettype = mysql_fetch_assoc($query);
if($gettype["type"] == 0{
//code for normal users
}elseif($gettype["type"] == 1){
//code for admins
}

Link to comment
Share on other sites

I was trying something like this, but it didn't work

$USERS["drodrig1"]['level'] = 0; 
$USERS["jsutta"]['level'] = 1; 
$USERS["username3"]['level'] = 0;

if ($_GET['action'] === 'edit' && $USERS[$_SESSION["login"]]['level'] === 1) {
   // Go to function where users changes gets saved to files or db:
   saveChanges($_POST);
} else {
   die("<h1>Sorry, you cant do that!</h1>");
}

Link to comment
Share on other sites

Break it down for us gromstone. The three fundimentals that need to be coverd when a problem occurs :

  1. What the code is supposed to do.
  2. What the code is actualy doing.
  3. Any and all errors that are being shown - if it's a plain blank page, and you view source and it is also blank, then you need to turn on error reporting.

 

looking at your post #4 for example, you have an else statement there if the validation fails. Here's some options :

  • The code could be erroring out,
  • it could be producing the validation fail message when it shouldn't,
  • it could be accepting validation when it shouldn't,
  • it could be that the validation is fine, but the saveChanges() procedure call isn't doing what it should,
  • it could be that the saveChanges() procedure is being called and doing what it should and the validation fail message is being shown.

I'm not actualy trying to be nasty or anything, I'm just facetious by nature.

Link to comment
Share on other sites

1 What does the code do?

Ok, let me see if I can do this better. Lets start from the login.php

Login.php

Its just a normal login page, user type the user and password and they gain access.

At the moment any user(with valid password) will have access to everything.

What I would like to do is a separation of admin and users, so that when they login they can have access to selected items.

 

password.php

This is where I verify if the user has a password.

Also there is the function that checks if the users are logged in.

 

config.php

is just the url/paths for certain files. ex the Header and footer .php files that are basically the template files. In other words html>head>/head>body>div>content/div>/body/html>

 

index.php (user view only, admin will view and edit ) emailForm.php, cssEdit.php, jsEdit.php, formCreate.php(Are other pages that I will create for admin use only)

Here is where I will get the items(in this case available forms).Each item will have the following:checkbox, Id#, name(url), launch date, expiration date, css, js, email, pdf, spread sheet.

The user that access this page can ONLY VIEW the following:checkbox, Id#, name(url), launch date, expiration date, email, pdf, spread sheet.

While the admin can view and edit: checkbox, Id#, name(url), launch date, expiration date, css, js, email, pdf, spread sheet.

This is also where the admin will have access to the other pages which include emailForm.php, cssEdit.php, jsEdit.php, formCreate.php.

 

Now where are my issues

1. Getting a separation of admin and users (currently working on this)

2. Getting the items(Forms), the are available in a different folder. (Once issues #1 is complete)

3. When the items are collected, make sure that it will print out in the following format checkbox, Id#, name(url), launch date, expiration date, css, js, email, pdf, spread sheet.

 

           echo "    <tr>\n";
           echo "      <td class=\"form_select\"><input id=\"select-all_form1\" name=\"select_all_form1\" type=\"checkbox\" value=\"Forms\" class=\"case\" /></td>\n";
           echo "      <td class=\"form_id\">" . $value . "</td>\n";
           echo "      <td class=\"form_url\"><a href=\"" . $key . "\" target=\"_blank\">" . $form_title . "</a></td>\n";
           echo "      <td class=\"form_dates\">".$launchdate."</a></td>\n";
           echo "      <td class=\"form_dates\">".$expiredate."</a></td>\n";
           echo "      <td class=\"form_autofill\">".$filler."</a></td>\n";
           echo "      <td class=\"form_save\">".$css."</a></td>\n";
           echo "      <td class=\"form_save\">".$js."</a></td>\n";
           echo "      <td class=\"form_save\">".$email."</a></td>\n";
           echo "      <td class=\"form_save\">".$pdf."</a></td>\n";
           echo "      <td class=\"form_dates\">".$spread."</a></td>\n";
           echo "    </tr>\n";

 

I hope this gives a better explination.

Link to comment
Share on other sites

Well I do like how my code is working so far. Now I want to add a way to split admin/users. And I would like to do it in the login page inside the if/else of the login.php.

Where in this code below can I add a way to say user:drodrig1 == admin or user:jsutta == user.

       if ($mode == "login") { /// do after login form is submitted
                if ($USERS[$_POST["username"]]==$_POST["password"]) { /// check if submitted username and password exist in $USERS array
                        $_SESSION["login"]=$_POST["username"];
                        header("location:index.php");
                } else {
                        echo "Incorrect username/password. Please, try again.";
                };
       } else if ($mode == "logout") {
                session_start();
                unset($_SESSION["login"],$USERS);
                header("location: login.php");
                exit(0);
       };

 

After, inside the index.php, when the admin is logged in they can view and edit from the table of items below. Meanwhile the user can only view some of them.

 

here is a link to my project

/software/development/drodrig1/formationXX/

Link to comment
Share on other sites

OK, I'll have a look at you link in the morning, but for now, I's suggest that, for speed and simplicity, pass a status variable through the session array to identify admin / user. set this variable by nesting another if inside your login that checks

if($_POST['username'] == "adminUserName"){$_SESSION['status'] = 'admin';}
else{$_SESSION['status'] = 'user';}

you would need to change it to suit your username for the admin user.

 

Once this is set you can then check against $_SESSION['status'] to see what options to provide at the points that would require it.

Link to comment
Share on other sites

Yeah, in this project I have to make the teachers(Admin) and the Students(Users). Once they log in they can view all the forms available, the teachers will be able to edit the forms and some of the files connected to it (CSS, JS, Spreadsheet...)

 

Now what do you think?

Link to comment
Share on other sites

@Muddy_Funster

Have a look at the code below. That is the output line of the code that I made. In the fourth line you will see a CSS file. I would like to be able to open and edit those files if they are available to the form. I have no idea how to approach it.

 

 

<tr>
<td class="form_select"><input id="select_all_form15" name="select_all_form15" type="checkbox" value="Forms" class="case" /></td>
<td class="form_id">1334261250</td>
<td class="form_url"><a href="/forms/hatternet/deland/email/index.php" target="_blank">Lifetime Email Request</a></td>
<td class="form_autofill">HATTERNET</td>
<td class="form_save">form.css</td>
<td class="form_save"></td>
<td class="form_save"></td>
<td class="form_save"></td>
<td class="form_dates"></td>
</tr>

 

Let me try to explain better

My function did his job and search for the forms and it gives his output

The output are the list of forms, some form have added files.

In this case I am focusing on the CSS files

Now my function can find those files. But I dont know how to open/edit them when I click on them if they are available.

 

Someone told me to try to use fopen. what would your suggestion be?

Edited by gromstone
Link to comment
Share on other sites

Yeah, I would say that fopen was made exactly for this reason. Load the css file into a variable and then preload the variable into the form (I'd suggest a large textarea for this rather than try to break out each element into it's own input). Then when the form is submitted you could even compare the form input with the fopen variable and save changes if there are any, discard if there are none.

 

What you may want to look at as well is glob() for finding and listing the file names in a directory, but that's overkill if you know that the file name will never change or be deleted.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.