jayart Posted September 12, 2013 Share Posted September 12, 2013 i want to create login with multiple user level. i have 4 different user (admin,teacher,student,and cashier)/ please? Quote Link to comment https://forums.phpfreaks.com/topic/282095-how-to-make-a-multiple-user-level-in-php/ Share on other sites More sharing options...
ignace Posted September 12, 2013 Share Posted September 12, 2013 (edited) define('USER_LEVEL_TEACHER', 1); define('USER_LEVEL_STUDENT', 2); define('USER_LEVEL_CASHIER', 4); define('USER_LEVEL_ADMIN', ; if ($userLevel & USER_LEVEL_ADMIN) { // admin } Edited September 12, 2013 by ignace Quote Link to comment https://forums.phpfreaks.com/topic/282095-how-to-make-a-multiple-user-level-in-php/#findComment-1449237 Share on other sites More sharing options...
jayart Posted September 12, 2013 Author Share Posted September 12, 2013 (edited) define('USER_LEVEL_TEACHER', 1); define('USER_LEVEL_STUDENT', 2); define('USER_LEVEL_CASHIER', 4); define('USER_LEVEL_ADMIN', ; if ($userLevel & USER_LEVEL_ADMIN) { // admin } but how? i mean i need to redirect different page.. im new in php please can you explain? Edited September 12, 2013 by ignace Quote Link to comment https://forums.phpfreaks.com/topic/282095-how-to-make-a-multiple-user-level-in-php/#findComment-1449246 Share on other sites More sharing options...
jayart Posted September 12, 2013 Author Share Posted September 12, 2013 sorry, i have code for this but i have an error with "Notice: Undefined index: position in C:\xampp\htdocs\svbm_ernolment_system\login.php on line 20" HERES THE CODE: <?php //Start session session_start(); //Connect to mysql server include('connect.php'); //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $login = clean($_POST['id']); $password = clean($_POST['password']); $position = clean($_POST['position']); $result = mysql_query("SELECT * FROM user WHERE idnumber='$login' AND password='$password'"); while($row = mysql_fetch_array($result)) { $position = $row['position']; } if ($position=='admin') { //Create query $qry="SELECT * FROM admin WHERE idnum='$login' AND password='$password'"; $result=mysql_query($qry); //while($row = mysql_fetch_array($result)) // { // $level=$row['position']; // } //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) > 0) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['id']; session_write_close(); //if ($level="admin"){ header("location: admin/index.php"); exit(); }else { //Login failed header("location: loginform.php"); exit(); } }else { die("Query failed"); } } $result = mysql_query("SELECT * FROM user WHERE idnumber='$login' AND password='$password'"); while($row = mysql_fetch_array($result)) { $position = $row['position']; } if ($position=='student') { //Create query $qry="SELECT * FROM prereg WHERE idnumber='$login' AND password='$password'"; $result=mysql_query($qry); //while($row = mysql_fetch_array($result)) // { // $level=$row['position']; // } //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) > 0) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['id']; $_SESSION['SESS_FIRST_NAME'] = $member['idnumber']; session_write_close(); //if ($level="admin"){ header("location: student/profile.php"); exit(); }else { //Login failed header("location: loginform.php"); exit(); } }else { die("Query failed"); } } if ($position=='Casher') { //Create query $qry="SELECT * FROM casher WHERE idnumber='$login' AND password='$password'"; $result=mysql_query($qry); //while($row = mysql_fetch_array($result)) // { // $level=$row['position']; // } //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) > 0) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['id']; $_SESSION['SESS_FIRST_NAME'] = $member['idnumber']; session_write_close(); //if ($level="admin"){ header("location: casher/index.php"); exit(); }else { //Login failed header("location: loginform.php"); exit(); } }else { die("Query failed"); } } if ($position=='teacher') { //Create query $qry="SELECT * FROM teacher WHERE idnumber='$login' AND password='$password'"; $result=mysql_query($qry); //while($row = mysql_fetch_array($result)) // { // $level=$row['position']; // } //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) > 0) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['id']; $_SESSION['SESS_FIRST_NAME'] = $member['idnumber']; session_write_close(); //if ($level="admin"){ header("location: teacher/index.php"); exit(); }else { //Login failed header("location: loginform.php"); exit(); } }else { die("Query failed"); } } ?> Quote Link to comment https://forums.phpfreaks.com/topic/282095-how-to-make-a-multiple-user-level-in-php/#findComment-1449247 Share on other sites More sharing options...
ignace Posted September 12, 2013 Share Posted September 12, 2013 if ($user['position'] == 'admin') { header('Location: admin.php'); exit; } elseif ($user['position'] == 'student') { header('Location: student.php'); exit; } .. Quote Link to comment https://forums.phpfreaks.com/topic/282095-how-to-make-a-multiple-user-level-in-php/#findComment-1449261 Share on other sites More sharing options...
Hall of Famer Posted September 13, 2013 Share Posted September 13, 2013 (edited) Your design has some flaws in it. First of all, mysql extension is deprecated, use mysqli or PDO. Second, for a system like this Id prefer object oriented approach as you are not handling a personal home page type of website. I dont get the entire picture of what your site is supposed to do, but below is a sample code that will help(note it is not a complete design, you can do some refactoring to make it better, its used for illustrative purposes only): abstract class User{ public function __construct(UserDTO $userDTO){ $this->id = $userDTO->idnumber; $this->idNumber = $userDTO->idnumber; $this->password = $userDTO->password; // Assume you already did password hashing/salting beforehand $this->position = $userDTO->position; // Whatever additional fields } abstract public function redirect(); } class Admin extends User{ public function redirect(){ header('Location: admin.php'); } } class Teacher extends User{ public function redirect(){ header('Location: teacher.php'); } } class Student extends User{ public function redirect(){ header('Location: student.php'); } } class Cashier extends User{ public function redirect(){ header('Location: admin.php'); } } class UserFactory{ public function __construct(UserDTO $userDTO){ $this->userDTO = $userDTO; } public function createUser(){ $method = "create{$userDTO->position}"; $this->$method(); } private function createStudent(){ return new Student($this->userDTO); } private function createTeacher(){ return new Teacher($this->userDTO); } private function createAdmin(){ return new Admin($this->userDTO); } private function createCashier(){ return new Cashier($this->userDTO); } } // Assume you have a PDO object available, but not a data mapper(for a small system). $PDO = new PDO(/*.. Your DB credentials..*/); $stmt = PDO->prepare(/*.. Your SQL ..*/); $stmt->execute(); $userDTO = $pdo->fetchObject("UserDTO"); //UserDTO, a data transfer object $factory = new UserFactory($userDTO); $user = factory->createUser(); $user->redirect(); exit(); This design is better 'cause you can use polymorphism to eliminate unnecessary conditionals. The advantage is more evident once you have to write duplicate if...else statement to check user level/position in other script/class files. Also once your site grows, there is a good chance that you will have other actions beyond redirection that will require checking the user level/position conditionals. All you have to do then is to add such method for each User sub-classes. As you see, with Polymorphism, you dont need to worry about writing these conditionals over and over again, PHP will do it for you. Note the design can be further improved using a domain model - data mapper design pattern, you will learn this later once you become more familiar with PHP and OOP. Edited September 13, 2013 by Hall of Famer Quote Link to comment https://forums.phpfreaks.com/topic/282095-how-to-make-a-multiple-user-level-in-php/#findComment-1449338 Share on other sites More sharing options...
ignace Posted September 13, 2013 Share Posted September 13, 2013 @Hall of Famer: You are constantly advocating good OO design, yet here you tie your application layer to your model.. A user should not be concerned about how an application handles login or about where a user should go after login. Quote Link to comment https://forums.phpfreaks.com/topic/282095-how-to-make-a-multiple-user-level-in-php/#findComment-1449340 Share on other sites More sharing options...
Hall of Famer Posted September 13, 2013 Share Posted September 13, 2013 (edited) @Hall of Famer: You are constantly advocating good OO design, yet here you tie your application layer to your model.. A user should not be concerned about how an application handles login or about where a user should go after login. I said it was just for illustrative purposes, if you earnestly believe this is what I will end up having in my own OO architecture you'd be serious mistaken. In my OO design Id completely separate the domain layer from application layer, the domain model will not know how to handle redirection, login and this kind of behavior. The controller will call login based on the subclass of model, but then you need to create a class hierachy for controllers first, maybe service layers too if you need further separation of concerns. Also I wont use PDO to fetch objects in the application layer either, instead I will use a data mapper. Now you see it will require significant overhead, and thus inappropriate in a single post like this to explain. Yeah I will do it if it were my own application, but here I just want to explain the concept of polymorphism, more precisely how to use polymorphism to eliminate conditionals. Nothing more nothing less, I dont wish to write 20+ classes/interfaces to scare the OP away, perhaps this forum wont allow me to post/upload all the source code of these classes anyway since they will be too long. Like I said, you can always refactor after design the first draft of your system architecture, for OP's skillset the above code should suffice, once he learns more about OOA/OOD he will move on to more advanced OOP. Edited September 13, 2013 by Hall of Famer Quote Link to comment https://forums.phpfreaks.com/topic/282095-how-to-make-a-multiple-user-level-in-php/#findComment-1449341 Share on other sites More sharing options...
trq Posted September 13, 2013 Share Posted September 13, 2013 This has been done a thousand times over, no need to reinvent the wheel. https://github.com/machuga/authority Quote Link to comment https://forums.phpfreaks.com/topic/282095-how-to-make-a-multiple-user-level-in-php/#findComment-1449352 Share on other sites More sharing options...
jayart Posted September 14, 2013 Author Share Posted September 14, 2013 Your design has some flaws in it. First of all, mysql extension is deprecated, use mysqli or PDO. Second, for a system like this Id prefer object oriented approach as you are not handling a personal home page type of website. I dont get the entire picture of what your site is supposed to do, but below is a sample code that will help(note it is not a complete design, you can do some refactoring to make it better, its used for illustrative purposes only): abstract class User{ public function __construct(UserDTO $userDTO){ $this->id = $userDTO->idnumber; $this->idNumber = $userDTO->idnumber; $this->password = $userDTO->password; // Assume you already did password hashing/salting beforehand $this->position = $userDTO->position; // Whatever additional fields } abstract public function redirect(); } class Admin extends User{ public function redirect(){ header('Location: admin.php'); } } class Teacher extends User{ public function redirect(){ header('Location: teacher.php'); } } class Student extends User{ public function redirect(){ header('Location: student.php'); } } class Cashier extends User{ public function redirect(){ header('Location: admin.php'); } } class UserFactory{ public function __construct(UserDTO $userDTO){ $this->userDTO = $userDTO; } public function createUser(){ $method = "create{$userDTO->position}"; $this->$method(); } private function createStudent(){ return new Student($this->userDTO); } private function createTeacher(){ return new Teacher($this->userDTO); } private function createAdmin(){ return new Admin($this->userDTO); } private function createCashier(){ return new Cashier($this->userDTO); } } // Assume you have a PDO object available, but not a data mapper(for a small system). $PDO = new PDO(/*.. Your DB credentials..*/); $stmt = PDO->prepare(/*.. Your SQL ..*/); $stmt->execute(); $userDTO = $pdo->fetchObject("UserDTO"); //UserDTO, a data transfer object $factory = new UserFactory($userDTO); $user = factory->createUser(); $user->redirect(); exit(); This design is better 'cause you can use polymorphism to eliminate unnecessary conditionals. The advantage is more evident once you have to write duplicate if...else statement to check user level/position in other script/class files. Also once your site grows, there is a good chance that you will have other actions beyond redirection that will require checking the user level/position conditionals. All you have to do then is to add such method for each User sub-classes. As you see, with Polymorphism, you dont need to worry about writing these conditionals over and over again, PHP will do it for you. Note the design can be further improved using a domain model - data mapper design pattern, you will learn this later once you become more familiar with PHP and OOP. BTW thanks for helping.. idk how to use mysqli or PDO as new in php my system is online enrollment system . and i dont know how to apply this code to my code.. Quote Link to comment https://forums.phpfreaks.com/topic/282095-how-to-make-a-multiple-user-level-in-php/#findComment-1449442 Share on other sites More sharing options...
jayart Posted September 14, 2013 Author Share Posted September 14, 2013 This has been done a thousand times over, no need to reinvent the wheel. https://github.com/machuga/authority dont know this Quote Link to comment https://forums.phpfreaks.com/topic/282095-how-to-make-a-multiple-user-level-in-php/#findComment-1449443 Share on other sites More sharing options...
ignace Posted September 14, 2013 Share Posted September 14, 2013 dont know this Great! Now you can learn it. Quote Link to comment https://forums.phpfreaks.com/topic/282095-how-to-make-a-multiple-user-level-in-php/#findComment-1449447 Share on other sites More sharing options...
DFulg Posted September 14, 2013 Share Posted September 14, 2013 I said it was just for illustrative purposes, if you earnestly believe this is what I will end up having in my own OO architecture you'd be serious mistaken. So you are purposefully pointing the OP to bad practices? Don't be overly defensive, ignace is just trying to help. I don't think it's the best idea to point a new programmer to OO right away, he probably has no idea what he is looking at in your example. However, OP, trq has pointed you to a good authorization interface that I can think you can manage to implement if you go through the documentation. Quote Link to comment https://forums.phpfreaks.com/topic/282095-how-to-make-a-multiple-user-level-in-php/#findComment-1449480 Share on other sites More sharing options...
Hall of Famer Posted September 16, 2013 Share Posted September 16, 2013 (edited) So you are purposefully pointing the OP to bad practices? Don't be overly defensive, ignace is just trying to help. I don't think it's the best idea to point a new programmer to OO right away, he probably has no idea what he is looking at in your example. Nope I am not being overly defensive, I do in fact know what I am doing, and in fact if you read Ignace's post history with me you will know why I am talking about this. There was a time when I brough up that PHP's namespace is lacking wildcard import by using a draft user class hierachy example to illustrate how importing multiple classes can be made easier, and Ignace went on to comment on how the user class hierachy is flawed. Dont you think this is completely missing the point of dicussion? Edited September 16, 2013 by Hall of Famer Quote Link to comment https://forums.phpfreaks.com/topic/282095-how-to-make-a-multiple-user-level-in-php/#findComment-1449775 Share on other sites More sharing options...
ignace Posted September 17, 2013 Share Posted September 17, 2013 Talking about missing the point of discussion, I think the OP wants an answer to his question. Quote Link to comment https://forums.phpfreaks.com/topic/282095-how-to-make-a-multiple-user-level-in-php/#findComment-1449841 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.