Jump to content

Recommended Posts

Guys, need some help.. Right now i have a login page with select box option.. I have create several other page (admin_page.php, student_page.php, parents_page.php) to link with the option in the select box..

 

So what im asking now is how to link the selected option to their page respectively with the username and pass correct?

 

Here is the login page looks like.. http://i272.photobucket.com/albums/jj178/r1nk_2008/lol_zpsa54db359.png

<html>
	<head>
		<title> Login Form </title>
	</head>

<body>
<div style="width: 200px; margin: 200px auto 0 auto;">
<form method='post' action='login.php'>
	<table width='400' border='5' align='center'>
	<tr>
		<td align='center'
		colspan='5'><h1>Member Login</h1></td>
	</tr>
	
	<tr>
		<td align='center'>Username:</td>
		<td><input type='text' name='username' /></td>
	</tr>
	
	<tr>
		<td align='center'>Password:</td>
		<td><input type='password' name='pass' /></td>
	</tr>
	
	
	<tr>
	<td></td>
	<td align='left'>
	<select name="type" id="type">
	<option value="0" selected="selected">Select user type</option>
	<option value="admin">Admin</option>
	<option value="student">Student</option>
	<option value="lecturer">Lecturer</option>
	<option value="parents">Parents</option>
	</select>
	</td>
	</tr>
	
	<tr>
		<td colspan='5' align='center'><input type='submit' name='login' value='Log In' /></td>
	</tr>
	
	</table>
</form>
</body>
</html>
<?php
mysql_connect("localhost","root","");
mysql_select_db("student_attendance");

if(isset($_POST['login'])){

	$username = $_POST['username'];
	$password = $_POST['pass'];
	$type = $_POST['type'];
	
	$check_user = "select * from users where username='$username' AND pass='$password' AND type='$type'";
	
	$run = mysql_query($check_user);
	
	if(mysql_num_rows($run)>0){
	
	echo
	"<script>window.open('admin_page.php','_self')</script>";
	}
	else {
	echo "<script>alert('Username, password or user type is incorrect!')</script>";
	}
}

?>

as already mentioned in one of your previous threads, your login form/form-processing is not the place to select the type as the user's information stored in your users table tells your code what type the user is, not the other way around.

 

the purpose of your login form/form-processing is to authenticate the user, i.e. to check who they are by entering and testing their  username and password.

 

you are making this harder than it really is.

what's wrong with retrieving the user's type from your database table (on each page request so that you can change to limit what anyone can do on the fly without requiring them to re-login) and using that information to determine what is output on any page?

 

your current method would suggest that a student, for example, could select Admin in the drop-down and be redirected to the Admin page. is that something you want to allow?

Well, i dun think a student could login to the admin page as in the users table, the user_type already been set to "student".. He/she will get an error when login although the username and pass is correct but the user type is wrong.

 

Right now im developing a student attendance project and im planning to make that when the admin log in, the next page that comes out is special for admin only where he can add/delete other users.. that goes the same with parents where the page is to view his/her children attendance..

 

Hmmmm.. help me if u got other easy solution.. :

Get rid if the select box in the login form, it's not needed and confusing at best. At the top of your admin, student, etc pages you put a if() to check if the user_type is correct for that page and redirect if not. But upon login you do a check of the user type and redirect there accordingly based on that info in the db. The concept of this is very simple and straight forward, just slow down and think about how the logic should work for this.

I'm just wondering what Java has to do with any of this. And if the OP means JavaScript. Which then makes me wonder if the OP is aware that Java and JavaScript have nothing to do with one another, since they're made by two different companies to do two different things, and that Netscape named what was internally called 'LiveScript' JavaScript to capitalize on Java's immense hype in the 1990s.

Get rid if the select box in the login form, it's not needed and confusing at best. At the top of your admin, student, etc pages you put a if() to check if the user_type is correct for that page and redirect if not. But upon login you do a check of the user type and redirect there accordingly based on that info in the db. The concept of this is very simple and straight forward, just slow down and think about how the logic should work for this.

owh, ok.. thanx i got the concept.. but how to redirect the next page based on the user_type..?

 

"At the top of your admin, student, etc pages you put a if() to check if the user_type is correct for that page and redirect if not."

I dun get what u mean by this..

Ok here is a basic setup based on the info you have provided in your posts.  This assumes that the user_type in the db is a string value of admin, student, etc.  You'll need to put the 2 functions in your functions file and include it before you use the function to validate the user_type on the specific admin, student page.  Also include the functions file before your login processing script to use the checkUserType() for the redirection after login.

Here are the 2 functions

function checkUserType($type)
{
	switch($type)
	{
		case 'admin':
		$page = 'admin.php';
		break;
		
		case 'student':
		$page = 'student.php';
		break;
		
		case 'lecturer':
		$page = 'lecturer.php';
		break;
		
		case 'parents':
		$page = 'parents.php';
		break;
	}
	
	header('Location: '.$page); //You may need to edit the path to suit your folder structure.
}

function checkUserStatus($actual_page)
{
	//First check to make sure the $_SESSION['user_type'] is set, if it's not then they haven't logged in so redirect back to login screen
	if(!isset($_SESSION['user_type']))
	{ header('Location: login.php'); }
	else
	{
		if($actual_page == $_SESSION['user_type']){}
		else{ checkUserType($_SESSION['user_type']); }
	}
}

Here is a example of how to protect a page and only allow the correct user type to view the page.  On each admin, student, etc page you would change the 'admin' string value in the function call to whatever user type is allowed to view that specific page.

<?php
session_start();
require_once('your_functions_page.php'); //Set this to what ever page you include that holds all your functions so that we can use the checkUserStatus()
checkUserStatus('admin');
?>

<!DOCTYPE html>
<html>

<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<title>Untitled</title>
</head>

<body>

</body>

</html>

In your login php processing, after you validate everything and need to redirect to the proper page, put this function in that place and it will handle the redirection.

checkUserType();
  • 2 weeks later...

sorry for late replying.. Got busy with tests.. Ok for the 1st part, i dun get what this means..

header('Location: '.$page); //You may need to edit the path to suit your folder structure.

and also for the third part i dont know where to put it in.. So right now these are what i got so far..

 

function.php

function checkUserType($type)
{
	switch($type)
	{
		case 'admin':
		$page = 'admin_page.php';
		break;
		
		case 'student':
		$page = 'student.php';
		break;
		
		case 'lecturer':
		$page = 'lecturer.php';
		break;
		
		case 'parents':
		$page = 'parents.php';
		break;
	}
	
	header('Location: '.$page); //You may need to edit the path to suit your folder structure.
}

function checkUserStatus($actual_page)
{
	//First check to make sure the $_SESSION['type'] is set, if it's not then they haven't logged in so redirect back to login screen
	if(!isset($_SESSION['type']))
	{ header('Location: login.php'); }
	else
	{
		if($actual_page == $_SESSION['type']){}
		else{ checkUserType($_SESSION['type']); }
	}
}

login.php

<html>
	<head>
		<title> Login Form </title>
	</head>

<body>
<div style="width: 200px; margin: 200px auto 0 auto;">
<form method='post' action='login.php'>
	<table width='400' border='5' align='center'>
	<tr>
		<td align='center'
		colspan='5'><h1>Member Login</h1></td>
	</tr>
	
	<tr>
		<td align='center'>Username:</td>
		<td><input type='text' name='username' /></td>
	</tr>
	
	<tr>
		<td align='center'>Password:</td>
		<td><input type='password' name='pass' /></td>
	</tr>
	
	<tr>
		<td colspan='5' align='center'><input type='submit' name='login' value='Log In' /></td>
	</tr>
	
	</table>
</form>
</body>
</html>
<?php
mysql_connect("localhost","root","");
mysql_select_db("student_attendance");

if(isset($_POST['login'])){

	$username = $_POST['username'];
	$password = $_POST['pass'];
	
	$check_user = "select * from users where username='$username' AND pass='$password'";
	
	$run = mysql_query($check_user);
	
	if(mysql_num_rows($run)>0){
	
	echo
	"<script>window.open('function.php;','_self')</script>";
	}
	else {
	echo "<script>alert('Username or password is incorrect!')</script>";
	}
}

?>

admin_page.php

<?php
session_start();
require_once('function.php'); //Set this to what ever page you include that holds all your functions so that we can use the checkUserStatus()
checkUserStatus('admin');
?>

<!DOCTYPE html>
<html>
	<head>
		<title> Admin Page </title>
	</head>

<body>
<h2 align='right'><a href='logout.php'>Logout</a></h2>
<h2 align='right'><a href='registration.php'>Register User</a></h2>
<h2 align='right'><a href='view_users.php'>Delete User</a></h2>
</body>
</html>

header('Location: '.$page); // if your admin, student, etc. pages are in the root then you don't need to do any thing different than what I have shown.  If they reside in another location then you need to change where the path goes to like folder/admin.php rather than admin.php
exit(); // Add this line in the function, I forgot it earlier.

Your login page is not right.

<html>
	<head>
		<title> Login Form </title>
	</head>

<body>
<div style="width: 200px; margin: 200px auto 0 auto;">
<form method='post' action='login.php'>
	<table width='400' border='5' align='center'>
	<tr>
		<td align='center'
		colspan='5'><h1>Member Login</h1></td>
	</tr>
	
	<tr>
		<td align='center'>Username:</td>
		<td><input type='text' name='username' /></td>
	</tr>
	
	<tr>
		<td align='center'>Password:</td>
		<td><input type='password' name='pass' /></td>
	</tr>
	
	<tr>
		<td colspan='5' align='center'><input type='submit' name='login' value='Log In' /></td>
	</tr>
	
	</table>
</form>
</body>
</html>
<?php
mysql_connect("localhost","root","");
mysql_select_db("student_attendance");

if(isset($_POST['login'])){
        require_once('function.php');
	$username = $_POST['username'];
	$password = $_POST['pass'];
	
	$check_user = "select * from users where username='$username' AND pass='$password'";
	
	$run = mysql_query($check_user);
	
	if(mysql_num_rows($run)>0){
	$results = mysql_fetch_assoc($run);
	checkUserType($results['type']);
	}
	else {
	echo "<script>alert('Username or password is incorrect!')</script>";
	}
}

?>

Looks like we missed a crucial part, forgot to actually set the session vars on login and put session_start() at the top, oops.

<?php session_start(); ?>
<html>
	<head>
		<title> Login Form </title>
	</head>

<body>
<div style="width: 200px; margin: 200px auto 0 auto;">
<form method='post' action='login.php'>
	<table width='400' border='5' align='center'>
	<tr>
		<td align='center'
		colspan='5'><h1>Member Login</h1></td>
	</tr>
	
	<tr>
		<td align='center'>Username:</td>
		<td><input type='text' name='username' /></td>
	</tr>
	
	<tr>
		<td align='center'>Password:</td>
		<td><input type='password' name='pass' /></td>
	</tr>
	
	<tr>
		<td colspan='5' align='center'><input type='submit' name='login' value='Log In' /></td>
	</tr>
	
	</table>
</form>
</body>
</html>
<?php
mysql_connect("localhost","root","");
mysql_select_db("student_attendance");

if(isset($_POST['login'])){
        require_once('function.php');
	$username = $_POST['username'];
	$password = $_POST['pass'];
	
	$check_user = "select * from users where username='$username' AND pass='$password'";
	
	$run = mysql_query($check_user);
	
	if(mysql_num_rows($run)>0){
	$results = mysql_fetch_assoc($run);
        $_SESSION['type'] = $results['type'];
	checkUserType($results['type']);
	}
	else {
	echo "<script>alert('Username or password is incorrect!')</script>";
	}
}

?>

haha no problem.. thanx it works.. =) Finally can move on to the next part..

 

but one thing that have been bugging me right now.. so i have a table called users (id, name, username, pass, type) right.. lets say in the student page, he/she can view his/her birthday, own cgpa and email.. so i must create another table right.. Now my question is, is it possible when the admin register a student in the database and the username and pass of the students will be add both in the users table and the new created table..?

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.