john666 Posted January 19, 2014 Share Posted January 19, 2014 im having problem setting up folder paths in PHP ..want to secure my admin panel like www.mysite.com/admin/index.php if any one try and his user namd and password wrong then user should navigate to www.mysite.com i have a how to go 1 step back in php here is my code... <?php session_start(); include('header.php'); include('config.php'); if (isset($_GET['logout'])) { session_unset(); session_destroy(); header('location:index.php?msg=You Are Log Out'); } if (isset($_POST['submit'])) { $username = ($_POST['username']); $password = ($_POST['password']); $query = "SELECT * FROM login WHERE user_name='$username' AND pass_word='$password' LIMIT 1"; $result = mysql_query($query) or die(mysql_error()); if(mysql_num_rows($result)) { $_SESSION['username']=$username; $error = "You Can Not Access To Admin Panel"; header('location:college/index.php?error='.$error); //here what i should add?? exit(); } else { $error = "You Can Not Access To Admin Panel"; header('location:/college/index.php?error='.$error); //here what i should add?? } } ?> <table class="login" align="center"> <tr> <td class="table1" > Student Information System</td> </tr> </table> <div class="table2"> <form method="post"> <table class="table3" align="center"> <?php if(isset($error)): ?> <tr> <td colspan="2" style="color: red; font-weight: bold"><?php echo $error; ?></td> </tr> <?php endif; ?> <?php if(isset($_REQUEST['username'])): ?> <tr> <td colspan="2" style="color: red; font-weight: bold"><?php echo "Please Log In Usernme And Password"; ?></td> </tr> <?php endif; ?> <tr> <td>Username</td> <td><input type="text" name="username"></td> </tr> <tr> <td>Password</td> <td><input type="password" name="password"></td> </tr> <tr> <td colspan="2" align="center"><input type="submit" name="submit" value="LogIn"></td> </tr> </table> </form> </div> <?php include('footer.php'); ?> college is the name of my localhost folder localhost/college/admin/index.php and there is another file localhost/college/index.php i want if some 1 try to open admin panel and user enter username or password code navigate him to user panel like if he access www.mysite.com/admin/index.php and he enter username and password there the code should navigate him to www.mysite.com Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted January 19, 2014 Share Posted January 19, 2014 (edited) Why are you allow users to login from two different locations? You should provide login from one location. You then decide where to redirect the user based on their access level, eg admin users go to admin cp, and everyone else goes to your homepage. In order to determine their access level you need to store that in your database. Example code // query the database and get the users data, when username and password match $query = "SELECT username, email, access_level FROM users WHERE username='$username' AND password='$password'"; $result = mysql_query($query); if($result) { // did query return any rows? if(mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); // save user data to session $_SESSION['username'] = $row['username']; $_SESSION['email'] = $row['email']; $_SESSION['access_level'] = $row['access_level']; // redirect based on access level if($row['access_level'] == 'admin') { header('location: /college/admin/'); // for admins } else { header('location: /college/'); // for everyone else } exit; } else { echo 'login failed, username password did not match'; } } else { // query failed probably due to an error } Edited January 19, 2014 by Ch0cu3r Quote Link to comment Share on other sites More sharing options...
john666 Posted January 19, 2014 Author Share Posted January 19, 2014 Why are you allow users to login from two different locations? You should provide login from one location. You then decide where to redirect the user based on their access level, eg admin users go to admin cp, and everyone else goes to your homepage. In order to determine their access level you need to store that in your database. Example code // query the database and get the users data, when username and password match $query = "SELECT username, email, access_level FROM users WHERE username='$username' AND password='$password'"; $result = mysql_query($query); if($result) { // did query return any rows? if(mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); // save user data to session $_SESSION['username'] = $row['username']; $_SESSION['email'] = $row['email']; $_SESSION['access_level'] = $row['access_level']; // redirect based on access level if($row['access_level'] == 'admin') { header('location: /college/admin/'); // for admins } else { header('location: /college/'); // for everyone else } exit; } else { echo 'login failed, username password did not match'; } } else { // query failed probably due to an error } i Got this Logic bro and its quite Easy nd best way for this Code just need to know why we are storing Data in Sessions...im New in php so lil confuse here Quote Link to comment Share on other sites More sharing options...
Solution Ch0cu3r Posted January 19, 2014 Solution Share Posted January 19, 2014 I save the users details in the session for use latter on. The data then becomes persistent whilst the user is logged in, provided you call session_start on all pages you use sessions. You then don't need to keep querying the database to get their info. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.