zyonsherlock Posted November 29, 2006 Share Posted November 29, 2006 guys what's up? i got a problem, i dunno how to make php determine the privilege of the user, i use sessions but it doesn't work, dunno if it was correct, here is the code:the login page:[code]<?phpsession_start();$error = '';if(isset($_POST['username']) && isset($_POST['password'])){ //if ($_POST['username'] == jovy && $_POST['password'] == jovy){ include 'library/dbconfig.php'; include 'library/dbconn.php'; $username = $_POST['username']; $password = $_POST['password']; $query="SELECT * FROM admin_sfs WHERE user = '$username' AND pass = PASSWORD('$password')"; $result = mysql_query($query) or die ('Error! Query Failed! '.mysql_error()); if (mysql_num_rows($result) == 1){ $_SESSION['db_logged_in'] = true; // $_SESSION['db_privileges'] = $result['privileges']; if ($result['privileges'] == "admin"){ $_SESSION['db_privileges_admin'] = true; } elseif($result['privileges'] == "accounting"){ $_SESSION['db_privileges_accounting'] = true; } header('Location: main.php'); exit; }else{ $error = 'Wrong ID/Password! Sorry...'; } include 'library/close.php';}?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /><title>Login Page</title><link href="library/css.css" rel="stylesheet" type="text/css" /><style type="text/css"><!--.style2 { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 14px;}--></style></head><body class="css"><?phpif ($error != '') {?><p align="center"><strong><?php echo $error; ?></strong></p><?php}?> <form id="frmLogin" name="frmLogin" method="post" action=""><table width="309" height="109" border="1" align="center"> <tr bgcolor="#003366"> <td colspan="4"><div align="center" class="style2">Login</div></td> </tr> <tr> <td width="37" height="24" align="left" valign="top" bgcolor="#003366"> </td> <td width="65" align="left" valign="top"><label><span class="css">Username:</span></label></td> <td width="144" align="left" valign="top"><input type="text" maxlength=20 name="username" id="username"/></td> <td width="35" align="left" valign="top" bgcolor="#003366"> </td> </tr> <tr> <td height="24" align="left" valign="top" bgcolor="#003366"> </td> <td align="left" valign="top"><label><span class="css">Password:</span></label></td> <td align="left" valign="top"><input type="password" name="password" maxlegth=45 id="password" /></td> <td align="left" valign="top" bgcolor="#003366"> </td> </tr> <tr> <td height="26" align="left" valign="top" bgcolor="#003366"> </td> <td align="left" valign="top" bgcolor="#003366"> </td> <td align="left" valign="top" bgcolor="#003366"><input name="Login" class="css" type="Submit" id="Login" value="Login" /></td> <td align="left" valign="top" bgcolor="#003366"> </td> </tr></table><p> <label></label></p></form></body></html>[/code]...and the main page:[code]<?phpsession_start(); if(!isset($_SESSION['db_logged_in']) || $_SESSION['db_logged_in'] !== true){ header('Location: login.php'); exit; }?><table width="990" height="591" border="0" cellpadding="0" cellspacing="0"> <tr> <td height="93" colspan="2"> </td> </tr> <tr> <td width="18%" height="603" valign="top"><table width="206" height="153" border="0" cellpadding="0" cellspacing="0"> <tr valign="top"> <td width="206" height="33">REQUEST FOR PROPOSALS </td> </tr> <tr valign="top"> <td class="navi"><p><a target="content" href="welcome.php">WELCOME TO SFS-OLP</a></p> <p>REQUEST PROPOSALS</p> <p><a target="content" href="peo-table.php">PEO</a></p> <p> <?php if (isset($_SESSION['db_logged_in'])){ /*include 'library/dbconfig.php'; include 'library/dbconn.php'; $query = "select * from admin_sfs"; $result = mysql_query($query)or die ('query error!' .mysql_error()); $row = mysql_fetch_assoc($result);*/ if (isset($_SESSION['db_privileges_admin'])){echo '<BR><a target="content" href="olp-table.php">OLP</a>';} else { echo 'OLP'; } if (isset($_SESSION['db_privileges_accounting'])){echo '<BR><a target="content" href="accounting.php">Accounting</a>';} else { echo '<BR> Accounting'; } echo '<BR><a target="parent" href="logout.php">logout</a>'; } ?> </p> <p> </p></td> </tr> </table> <p> </p></td> <td width="82%" height="603" valign="top" ><table width="810" height="602"> <tr> <td bordercolor="#000000"><iframe name="content" src="welcome.php" width="100%" height="100%"></iframe></td> </tr> </table></td> </tr></table>[/code]hope someone can help me with this one. Thanks in advance!!! Quote Link to comment Share on other sites More sharing options...
chriscloyd Posted November 29, 2006 Share Posted November 29, 2006 hey ur login code looks alright but my suggestion make the session like$_SESSION['db_privileges']and then everytime u look for it do if ($_SESSION['db_privileges'] == "admin") {and on ur check to see if they are logged in it loks weird just do if(!isset($_SESSION['db_logged_in'])){header("Location: linkhere.php");} Quote Link to comment Share on other sites More sharing options...
zyonsherlock Posted November 29, 2006 Author Share Posted November 29, 2006 hi chriscloyd! thanks for your reply, but i've tried that yesterday and it still doesn't work. The error is that it doesn't show anything!just the logout link. Quote Link to comment Share on other sites More sharing options...
zyonsherlock Posted November 30, 2006 Author Share Posted November 30, 2006 hey guy's! i need an answer to this problem... please........................thanks! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.