Jump to content

Different Pages For Different Users


SalientAnimal
Go to solution Solved by Mace,

Recommended Posts

I'm currently working on restricting access to pages for users who are logged into my site. However, I keen getting the wrong result.

 

I have two senarios:

 

Logged in users must see the logged in page

  • This is then further restricted by access level (0 = None, 1 = General User, 2 = Team User, etc.)
  • 2 must have access to all pages, 1 to some page, and 0 only have access to the home page

Users who are not logged in must see a different page all together (Contains registration info)

 

Here is what I have been tryign, but it is not working:

<head>
  	<title>Test Page</title>

<?php
include 'formatting.html'
?>

</head>


<body>



<?php if (login_check($mysqli) == true) :
include 'panelin.php';
include '../menu2/menu.html';
?>



<?php else :
include 'panelout.php';
?>



<?php endif; ?>	

This was mainly focusing for the logged in vs. logged out users at the moment.

 

I am able to see the session info, however I keep getting the panelout.php page instead of the panelin.php

Link to comment
Share on other sites

Sorry this was at the top of my page, I did not include it in the original section:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<!-- INCLUDING REQUIRED AUTHENTICATION FILES, DATABASE CONNECTIONS, FUNCTIONS. -->


<?php
include_once 'includes/db_connect.php';
include_once 'includes/functions.php';

sec_session_start();
if (login_check($mysqli) == true) 
?>

Formatting.html looks like this:


    <link rel="shortcut icon" href="../test/favicon.ico?v=2"/>    
    <meta name="description" content="Login Page" />
    <meta name="keywords" content="login, register, login page, techdesignlab, tech design lab, computer, components, hardware, software, peripherals" />
    <meta http-equiv="content-type" content="text/html; charset=utf-8" />    

    
    <!-- REFERENCING FOR ALL STYLE SHEETS -->
    <link rel="stylesheet" href="css/style.css" type="text/css" media="screen"/>
    <link rel="stylesheet" href="css/slide.css" type="text/css" media="screen"/>
    <link rel="stylesheet" href="menu2/menu.css" type="text/css" media="screen"/>
    <link rel="stylesheet" href="css/form_template.css" type="text/css" media="screen"/>    

<!-- REFERNCE TO MAIN CORE OF jQUERY SCRIPT -->
    <script src="js/jquery-2.0.3.min.js" type="text/javascript"></script>
    <!-- MENU SLIDE EFFFECT -->
    <script src="js/slide.js" type="text/javascript"></script>
    <!-- SHA512 PASSWORD ENCRIPTION ALGORYTHM -->    
    <script src="js/sha512.js" type="text/javascript"></script>
    <!-- FORM FUNCTIONS -->    
    <script src="js/forms.js" type="text/javascript"></script>
    -->
Edited by SalientAnimal
Link to comment
Share on other sites

Could you show what the login_check() function look like? Of course, if there is any sensitive information in the function, you'll want to hide that.

 

Have you tried displaying the value that's returned by login_check()? Maybe it doesn't return a true/false value. You could add the following line above your if statement:

var_dump(login_check($mysqli));
Link to comment
Share on other sites

Here is the login function:

function login_check($mysqli) 
	{
    // Check if all session variables are set 
    if (isset($_SESSION['user_id'], 
			  $_SESSION['username'], 
			  $_SESSION['login_string'],
			  $_SESSION['email'],
			  $_SESSION['level'],
			  $_SESSION['session_status'])) 
	{

    $user_id = $_SESSION['user_id'];
    $login_string = $_SESSION['login_string'];
    $username = $_SESSION['username'];
	$email = $_SESSION['email'];
	$level = $_SESSION['level'];
	$status = $_SESSON['session_status']
		;

        // Get the user-agent string of the user.
        $user_browser = $_SERVER['HTTP_USER_AGENT'];

        if ($stmt = $mysqli->prepare("SELECT password 
                                      FROM members 
                                      WHERE id = ? LIMIT 1")) {
            // Bind "$user_id" to parameter. 
            $stmt->bind_param('i', $user_id);
            $stmt->execute();   // Execute the prepared query.
            $stmt->store_result();

            if ($stmt->num_rows == 1) {
                // If the user exists get variables from result.
                $stmt->bind_result($password);
                $stmt->fetch();
                $login_check = hash('sha512', $password . $user_browser);

                if ($login_check == $login_string) {
                    // Logged In!!!! 
                    return true;
                } else {
                    // Not logged in 
                    return false;
                }
            } else {
                // Not logged in 
                return false;
            }
        } else {
            // Not logged in 
            return false;
        }
    } else {
        // Not logged in 
        return false;
    }
}

I did use

var_dump(login_check($mysqli));
and did get the session information returned.
Link to comment
Share on other sites

 I did use

var_dump(login_check($mysqli));
and did get the session information returned.

 

 

Did it return "true" as expected?

 

 

Since the function return true/false, you could modify the if statement as follows:

<?php if (login_check($mysqli)) :

Also, note that the function could be simplified. Instead of having all those return statements, you could do something like:

<?php
//...
 
                if ($login_check == $login_string) {
                    // Logged In!!!! 
                    return true;
                }
            }
        }
    }
 
    // Not logged in 
    return false;
}
?>

Also note 

Link to comment
Share on other sites

It might be easier to find the problem by finding out which condition is invalid. Try an echo at every possible return false.

                if ($login_check == $login_string) {
                // Logged In!!!!
                    return true;
                } else {
                // Not logged in
                    echo 1;
                    return false;
                }
            } else {
            // Not logged in
                echo 2;
                return false;
            }
        } else {
        // Not logged in
            echo 3;
            return false;
        }
    } else {
    // Not logged in
        echo 4;
        return false;
    }
}

Depending on which number is echo'd you know where your problem is.

Link to comment
Share on other sites

It's returning 4

 

I removed

$_SESSION['session_status']

from my login_check script because I wanted to use this the determine if a user is logged in or not to check the number of online users.

When I removed it, it is now not echoing any of the values, but the wrong pages are still being displayed.

Link to comment
Share on other sites

I took a different route to solving this problem. I changed the way that my page looks at the session, and rather than coding different pages I'm just routing the users who are not logged in back to the login page.

<?php
include_once 'includes/db_connect.php';
include_once 'includes/functions.php';

sec_session_start();
if (login_check($mysqli) == true) 
	{
    $logged = 'in';
	} 
else 
	{
    $logged = 'out';
	header('location:index.php');
	echo 'You are required to login';
	exit;
	}
?>

What I do want to ask now though, is how do I use this session to control access levels, i.e. UserAccess = 0, 1, 2, 3.

  • User level 0 has access to only 1 page on the site and will always be redirected to this page.
  • User level 1,2 has access to certain pages. Different for both users, sometimes user 2 will be able to access user 1 pages but not always.
  • User level 3 has access to ALL pages.

 

 

Link to comment
Share on other sites

  • Solution

I'm not sure if you mean something like this, but i'll give it a try :)

function checkLoginLevel() {
        $allowed = array(
            '1' => array('first-page.php'),
            '2' => array('first-page.php', 'second-page.php'),
            '3' => true,
        );
    
        if(!isset($allowed[$_SESSION['level']])) {
            echo 'You have no login level';
            exit;
        }
    
        if(is_array($allowed[$_SESSION['level']])) {
            $file = $_SERVER["PHP_SELF"];
            $file = explode('/', $file);
            $file = end($file);
            if(!in_array($file, $allowed[$_SESSION['level']])) {
                echo 'You are not allowed on this page';
                exit;
            }
        }
    
        if(is_bool($allowed[$_SESSION['level']])) {
            // you're allowed;
        }
    }
Link to comment
Share on other sites

That looks like what I'm looking for, going to give it a try.

 

Would I call the function at the same time as I call the login_check function?

 

so i.e.

the opening line of my page would be:

checkLoginLevel();
sec_session_start();

Do I add all the pages the user is allowed to access to each array?

 

Oh, and level 0 I want to re-direct to the info.php page. All other users just get the message saying that they are not authorized / or get allowed in (depending on their access level) to view the page.

Edited by SalientAnimal
Link to comment
Share on other sites

just add all the files you want to grant acces to in the array $allowed.

 

place this code in the function.

if($_SESSION['level'] == 0) {
header('Location:info.php');
exit;
}

and i would do the session start before the checkLoginLevel.

checkLoginLevel();
sec_session_start();
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.