Jump to content

PHP ( 2 types of users - log in problem & Access Forbidden )

Edmhar

By Edmhar
in PHP Coding Help

 Share
Go to solution Solved by Ch0cu3r,

Recommended Posts

Edmhar Newbie

Edmhar

Posted
Posted

Hi, Guys Im new here im creating our system for Thesis , so our system is MIS ( Management Information System) 
it have subsystem of Employee Management System , Assests Management System, Customer Relation Management.

So when im creating log in i encounter this problems.

 

Im thinking that problem is came from core.php but i dont know how to fix it.

Here is my indes.php
 

<?php
require 'core.php';
require 'connect.php';


if (loggedin()) {
 if($_SESSION['type'] == 'EMPLOYEE'){
    header('Location:../MIS1/home2.php');
 }else{
     header('Location:../MIS1/home.php');
 }
}
else{
	header('Location:../MIS1/loginform.php');
}



?>

 

 

 

This is my core.php

<?php
ob_start();
session_start();
$current_file = $_SERVER['SCRIPT_NAME'];


function loggedin() {
  if (isset($_SESSION['user_id'])&&!empty($_SESSION['user_id'])) {
    return true;
  } else {
    return false;
  }

}


function adminloggedin() {
  if (isset($_SESSION['user_id'])&&!empty($_SESSION['user_id'])) {
    return true;
  } else {
    return false;
  }

}



?>

this is my loginform.

<?php
if (isset($_POST['eusername'])&&isset($_POST['epassword'])) {
  $username = mysql_real_escape_string($_POST['eusername']);
  $password = mysql_real_escape_string(md5($_POST['epassword']));


 if (!empty($username)&&!empty($password)) {

     $query = "SELECT * FROM tbl_account WHERE LogUsername='".$username."' AND LogPassword = '".$password."' AND type = 'ADMINISTRATION' ";
     if ($query_run = mysql_query($query)) {
       $query_num_rows = mysql_num_rows($query_run);

       if ($query_num_rows==0) {
        echo 'Invalid username/Password combination.';

       } else if ($query_num_rows == 1) {
         $user_id = mysql_result($query_run, 0, 'LogUsername');
         $_SESSION['user_id']=$user_id;
		 $_SESSION['type'] = "EMPLOYEE";
         header('Location:../MIS1/indes.php');
       }

     }

 } else  {

   echo 'You must supply username/password.';
 }


}




?>
<div id="employee">

<form action="<?php echo $current_file ?>" method="POST">
Employee ID: <input type="text" name="eusername"> </br>
Password: <input type="password" name="epassword">
<input type="submit" id="employeesubmit" value="Log in">
</form>
</div>



<div id="admin">

 <form action="<?php echo $current_file ?>" method="POST">
Admin ID: <input type="text" name="username"> </br>
Password: <input type="password" name="password">
<input type="submit" id="adminsubmit" value="Log in">
</form>
</div>

this is my adminloginform.php

<?php



if (isset($_POST['username'])&&isset($_POST['password'])) {
  $username = mysql_real_escape_string($_POST['username']);
  $password = mysql_real_escape_string(md5($_POST['password']));


 if (!empty($username)&&!empty($password)) {

     $query = "SELECT * FROM tbl_account WHERE LogUsername='".$username."' AND LogPassword = '".$password."' AND type = 'ADMINISTRATION' ";
     if ($query_run = mysql_query($query)) {
       $query_num_rows = mysql_num_rows($query_run);

       if ($query_num_rows==0) {
        echo 'Invalid username/Password combination.';

       } else if ($query_num_rows == 1) {
         $user_id = mysql_result($query_run, 0, 'LogUsername');
		 $_SESSION['user_id']=$user_id;
         $_SESSION['type'] = "ADMININSTRATION";
       }

     }

 } else  {

   echo 'You must supply username/password.';
 }


}




?>

This is my connect.php

<?php

$conn_err ='Cant Connect';

$mysql_host = 'localhost';
$mysql_user = 'root';
$mysql_pass = '';

$mysql_db = 'mis';

if (!@mysql_connect($mysql_host, $mysql_user, $mysql_pass)||!@mysql_select_db($mysql_db))  {
  die($conn_err);


}

?>

Please help me i need to it 
to continue my thesis :)

i also attach the php files for who wants to try

Link to comment
Share on other sites
mac_gyver Prolific Member

mac_gyver

Posted
Posted

you didn't actually state what exact problem you are having with the code.

 

however, DRY (Don't Repeat Yourself).  you are repeating the login form and form processing code. that isn't accomplishing anything, except to make more work for you.

 

the purpose of logging in is to authenticate who the visitor is. your database table contains a type column that tells your code what the visitor may access. you would simply retrieve that type value and use it in the comparisons that determine what the visitor may see or do on any page.

Link to comment
Share on other sites
Edmhar Newbie

Edmhar

Posted
  • Author
Posted

you didn't actually state what exact problem you are having with the code.

 

however, DRY (Don't Repeat Yourself).  you are repeating the login form and form processing code. that isn't accomplishing anything, except to make more work for you.

 

the purpose of logging in is to authenticate who the visitor is. your database table contains a type column that tells your code what the visitor may access. you would simply retrieve that type value and use it in the comparisons that determine what the visitor may see or do on any page.

Sir check my updated sorry im new in php :(

Link to comment
Share on other sites
Edmhar Newbie

Edmhar

Posted
  • Author
Posted

You are getting the error in the second screenshot because the variable $current_file doesn't exist.

<form action="<?php echo $current_file ?>" method="POST">

If your submitting the form to itself then use an empty action attribute

 

 

 

I try to empty the form attribute but nothing happens when i click log in  

Link to comment
Share on other sites
Edmhar Newbie

Edmhar

Posted
  • Author
Posted

You are getting the error in the second screenshot because the variable $current_file doesn't exist.

<form action="<?php echo $current_file ?>" method="POST">

If your submitting the form to itself then use an empty action attribute

 

 

What i need to do to make my program run ? Please help im 2-3 days stuck here :(

Link to comment
Share on other sites
  • Solution
Ch0cu3r Newbie

Ch0cu3r

Posted
  • Solution
Posted (edited)

Is that the full code for loginform.php and adminloginform.php? In both files you need to include core.php and connect.php in order for 1) the sessions to work and 2) for the login code to be able to query the database. The only times you include these files is in indes.php.

 

 

 

I try to empty the form attribute but nothing happens when i click log in  

I didn't realise loginform.php had two forms. The action attribute for admin login should be set to adminloginform.php but the employee login form needs be set to either loginform.php or just leave it empty.

Edited by Ch0cu3r
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.