log in headers

Icewolf · October 26, 2013

Hi

I was is there a way to pick what tabs are show based on when a person logs in. Like I have a admin pages and then pages for the normal user. I have created different headers but I can't get them to work.

Here is what i did

<?php
//create_cat.php
include 'connect.php';

 if	($_SESSION['user_level'] != 1 )
{
	include 'header_admin.php';
}
else
{
     include 'header.php';
}

mentalist · October 26, 2013

What is in those files, because if the session var is set then it should work!

Icewolf · October 26, 2013

Here is what it is now but what I am trying to do is only display certain ones. I had to combine them into one because it isn't working but like if the user level is a 1 they should only see create topic, create cat and admind page other wise everyone else should see everything except the ones I listed for level 1.

	<div id="wrapper">
	<div id="menu">
		<a class="item" href="/community/index.php">Home</a> -
		<a class="item" href="/community/create_topic.php">Create a topic</a> -
		<a class="item" href="/community/rewards.php">Rewards</a> -
		<a class="item" href="/community/rewards_medal.php">Medals</a> -
		<a class="item" href="/community/ranks.php">Rank</a> -
		<a class="item" href="/community/create_cat.php">Create a category</a> -
		<a class="item" href="/community/admin_page.php">Updates</a>
		
		<div id="userbar">

mentalist · October 26, 2013

OK the assumption is that you've started the session in connect.php and at some point (log in) that the session var has been set...

The keyword there is assumption! Try adding some debug...

error_reporting(E_ALL);
ini_set('display_errors',E_ALL);

If the var isn't set then you'll see that, but it should still do an include, yet maybe use isset() to check first?

But if you could expand on "doesn't work", does nothing get included? Do the files exist, etc, etc...

Icewolf · October 27, 2013

Sorry about that I know the value comes over because I use it to limit what the users can see. I have it on the create cat and admin page to say if they don't have that value not to allow them to access the page. That works fine. what i mean it doesn't work is that it doesn't use the admin page. it only uses the header.php.

Header.php

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="nl" lang="nl">
<head>
 	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 	<meta name="description" content="A short description." />
 	<meta name="keywords" content="put, keywords, here" />
 	<title>PDog Clan Forum</title>
	<link rel="stylesheet" href="style.css" type="text/css">
</head>
<body>
<h1>PDog Clan Forum</h1>
	<div id="wrapper">
	<div id="menu">
		<a class="item" href="/community/index.php">Home</a> -
		<a class="item" href="/community/create_topic.php">Create a topic</a> -
		<a class="item" href="/community/rewards.php">Rewards</a> -
		<a class="item" href="/community/rewards_medal.php">Medals</a> -
		<a class="item" href="/community/ranks.php">Rank</a>
		
		<div id="userbar">
		<?php
		if($_SESSION['signed_in'])
		{
			echo 'Hello <b>' . htmlentities($_SESSION['user_name']) . '</b>. Not you? <a class="item" href="signout.php">Sign out</a>';
		}
		else
		{
			echo '<a class="item" href="signin.php">Sign in</a> or <a class="item" href="signup.php">create an account</a>';
		}
		?>
		</div>
	</div>
		<div id="content">

header_admin.php

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="nl" lang="nl">
<head>
 	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 	<meta name="description" content="A short description." />
 	<meta name="keywords" content="put, keywords, here" />
 	<title>PDog Clan Forum</title>
	<link rel="stylesheet" href="style.css" type="text/css">
</head>
<body>
<h1>PDog Clan Forum</h1>
	<div id="wrapper">
	<div id="menu">
		<a class="item" href="/community/index.php">Home</a> -
		<a class="item" href="/community/create_cat.php">Create a category</a> -
		<a class="item" href="/community/admin_page.php">Updates</a>
		
		<div id="userbar">
		<?php
		if($_SESSION['signed_in'])
		{
			echo 'Hello <b>' . htmlentities($_SESSION['user_name']) . '</b>. Not you? <a class="item" href="signout.php">Sign out</a>';
		}
		else
		{
			echo '<a class="item" href="signin.php">Sign in</a> or <a class="item" href="signup.php">create an account</a>';
		}
		?>
		</div>
	</div>
		<div id="content">

mentalist · October 27, 2013

Have you tried echo'ing $_SESSION['user_level']?

or how is the variable set, i.e. if($_SESSION['user_level']!='1')

Icewolf · October 27, 2013

when the user logs in there is a sql statment that goes to the database to see what level they have and stores it for use later.

{
			//the form has been posted without errors, so save it
			//notice the use of mysql_real_escape_string, keep everything safe!
			//also notice the sha1 function which hashes the password
			$sql = "SELECT 
						user_id,
						user_name,
						user_level,
						rank
					FROM
						users
					WHERE
						user_name = '" . mysql_real_escape_string($_POST['user_name']) . "'
					AND
						user_pass = '" . sha1($_POST['user_pass']) . "'";
						
			$result = mysql_query($sql);
			if(!$result)
			{
				//something went wrong, display the error
				echo 'Something went wrong while signing in. Please try again later.';
				//echo mysql_error(); //debugging purposes, uncomment when needed
			}
			else
			{
				//the query was successfully executed, there are 2 possibilities
				//1. the query returned data, the user can be signed in
				//2. the query returned an empty result set, the credentials were wrong
				if(mysql_num_rows($result) == 0)
				{
					echo 'You have supplied a wrong user/password combination. Please try again.';
				}
				else
				{
					//set the $_SESSION['signed_in'] variable to TRUE
					$_SESSION['signed_in'] = true;
					$_SESSION['timeout'] = time();
					
					//we also put the user_id and user_name values in the $_SESSION, so we can use it at various pages
					while($row = mysql_fetch_assoc($result))
					{
						$_SESSION['user_id'] 	= $row['user_id'];
						$_SESSION['user_name'] 	= $row['user_name'];
						$_SESSION['user_level'] = $row['user_level'];
						$_SESSION['rank'] = $row['rank'];
					}

mentalist · October 27, 2013

Still assuming the session has been started!

Again have you printed out the variable to look see?

In your code, if for some crazy reason there are more than one entry the value will be the last, i.e. no need for the "while", just fetch the array since it should be singular.

Otherwise not seeing an issue there...

P.S. Till tomorrow

Icewolf · October 27, 2013

Yeah i am not getting it. I can see that the value is coming over after the user logs in. It is just weird I think this should work.

mac_gyver · October 27, 2013

just because you have code elsewhere that is successfully using the value in a variable, doesn't mean that variable contains the expected value on the offending page. you could be overwriting the variable before you get to that page; the session_start() might be failing on that page because of some output that is being sent to the browser; you could be changing the host-name/sub-domain in your url's and the session id cookie no longer matches the variation of your url where it was first created.

you need to actually debug what your data is doing. use var_dump($_SESSION['user_level']); right before your conditional logic. the value isn't one that you expect (your code would be doing what you expect if it was) or your value of 1 isn't the one you picked for an admin.

also, you need to use ONE header file that contains conditional logic in it to build the desired output. by making two files, you have now doubled the amount of work for yourself when you need to maintain or change your site. do you really want to go through multiple files if you change links or change the layout on your site?

a straightforward way of using ONE file is to make a function that returns the user_level when called. next, you need to make defined constants for each level (this will make your code clearer when writing or reading it.)

// in a common included file put the following
function user_level(){
    return isset($_SESSION['user_level']) ? (int)$_SESSION['user_level'] : 0; // default to a zero
}

define('ADMIN',1); // define a constant to represent the ADMIN user_level

// at the point of wanting to produce some admin specific content, use the following -
if(user_level() == ADMIN){
    // admin specific content goes here..
}

Edited October 27, 2013 by mac_gyver

Icewolf · October 31, 2013

Hi

Sorry it has taken me a while to get back. but I was able to get it to work. I just had to remove the ! after the =

Before

($_SESSION['user_level'] != 1 )

After

($_SESSION['user_level'] = 1 )

mac_gyver · October 31, 2013

if($_SESSION['user_level'] = 1 )

if that's your current code, it is setting $_SESSION['user_level'] to a 1 and testing if that is a true value, which it is, and ALL your users will be admins. two equal signs is a comparison operator. one equal is an assignment operator.

Icewolf · October 31, 2013

Thank you for that information I didn't know what the == was for but I changed it to this. I was having problems when a user wasn't signed in they saw the admin header.

 if($_SESSION['signed_in'] == false | $_SESSION['user_level'] != 1 )

mac_gyver · October 31, 2013

you should use positive logic. a value exists and it IS a specific value to allow admin access.

Sign In

log in headers

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information