Jump to content

PHP role based access

Aosora

By Aosora
in PHP Coding Help

 Share

Recommended Posts

Aosora Newbie

Aosora

Posted
Posted

I'm coding a lo gin form for a college assignment and i need two types of users to be able to use one log in form but be directed to different pages based on which ever type of user logs in. I already got the sql working i just don't know how to test what type of user was returned from the sql query and then redirect said user to the respective page. My code is below please help me i need to pass this assignment :

<?php
//1 Retrieve values from the POST
$e = $_POST['email'];
$p = md5($_POST['password']);

//2 Sanitize and Validate the details
$p = sanitize($p);

//initialize feedback variable to empty
$feedback= "";		
if($e == ""){ //Validate fields for null or empty
	$feedback .= "<br/>Enter Email Address";	
}
if(!filter_var($e, FILTER_VALIDATE_EMAIL)){
	$feedback .="<br/>Incorrect Format for Email Address";
}

if($p == ""){
	$feedback .= "<br/>Enter a Password";
}

if($feedback != ""){
	Header("Location:Mainpage.php?feedbackMsg=$feedback");
	Header("Location:Mainpage.php?feedbackMsg=$feedback");
}
else{

	//3 Connect to DB SErver and Select DB
	include ("dbconnect.php");

	//4 Create Query String
	$sqlSelectUser = "SELECT *
						FROM eventhost
						WHERE email = '$e'
						AND  password = '$p'
						UNION
						SELECT *
						FROM wharehouse
						WHERE email = '$e'
						AND  password = '$p'";
	//5 Execute Query String
	$queryResult = mysql_query($sqlSelectUser);

	
	//6 Check Query Result (mysql_num_rows should be = to 1)
	if(mysql_num_rows($queryResult)==1)
	{
		//7 Retrieve Results from ResultSet
		$row = mysql_fetch_array($queryResult);
		
		//8 Start/Initialize Session
		session_start();
		
		//9 Create Session Cookie
		$_SESSION['first'] = $row['firstname'];
		$_SESSION['host_Id'] = $row['hostId'] ;
		
		//10 Redirect to Main Menu
		Header("Location:studentMenu.php");
	}else{
		//USER NOT FOUND. REDIRECT TO LOGIN
		$feedback = "Invalid Login Credentials<br/>$sqlSelectUser";
		Header("Location:Mainpage.php?feedbackMsg=$feedback");
	}
}
//Function to sanitize the data
function sanitize($data){
		$data = trim($data);
		$data = mysql_real_escape_string($data);
		$data = filter_var($data, FILTER_SANITIZE_STRING);
		return $data;
	}	
?>
Link to comment
Share on other sites
requinix Prolific Member

requinix

Posted
Posted 

		//7 Retrieve Results from ResultSet
		$row = mysql_fetch_array($queryResult);
That is where you get a row of data from the query. That row should have whatever value you need. Do a

print_r($row);
if you're not sure what's in it (hint: it mirrors the table columns).

 

To redirect, you already have the header() so you just modify it accordingly. One thing, though: header() does not stop your code from executing, so since you actually want it to then you should

exit;
immediately after.
Link to comment
Share on other sites
Aosora Newbie

Aosora

Posted
  • Author
Posted

I see what your saying and i got it to print but i still don't know how to construct my if statements for the two header redirects i wants something like the if statements below, oh and i also included one of the result returned  from the sql query so if that can help u explain it to me:

 

SQL Query:

Array ( [0] => 1 [hostId] => 1 [1] => Ashely [firstname] => Ashely [2] => Narine [lastname] => Narine [3] => masterkakashi55@yahoo.com => masterkakashi55@yahoo.com [4] => 9015e616031d32a396eca3d7529398f2 [password] => 9015e616031d32a396eca3d7529398f2 )

 

Example of how i want my if statements but idk how to do it and what i typed below isn't working:

if($row == $row['hostId']){

Link to comment
Share on other sites
Aosora Newbie

Aosora

Posted
  • Author
Posted

Ok im not gonna lie at this point i am literally lost and don't know what to do if it means reading up a particular section please direct me to it. Or at least try and explain to me using code or something because i need to learn what is right so that in the future i can do better.

Link to comment
Share on other sites
requinix Prolific Member

requinix

Posted
Posted

Use phpMyAdmin or MySQL Workbench or something to connect to your database manually. So that you can do things yourself, not through code. Find where you can run a SQL query directly and run those two queries I wrote. Then post the output of each.

 

Or, alternatively, just tell me what the names of the columns are in both tables and what type of data (eg, VARCHAR or DATETIME) each one is. The SHOW CREATE TABLE queries I posted are a quick way of doing exactly that, but it's only quick if you can actually run the queries somewhere.

Link to comment
Share on other sites
Aosora Newbie

Aosora

Posted
  • Author
Posted

Ok i ran the queries this is what i got:

 

wharehouse:

CREATE TABLE `wharehouse` (
 `whId` int(5) NOT NULL AUTO_INCREMENT,
 `firstname` varchar(50) NOT NULL,
 `lastname` varchar(50) NOT NULL,
 `email` varchar(100) NOT NULL,
 `password` varchar(255) NOT NULL,
 PRIMARY KEY (`whId`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1

 

eventhost:

CREATE TABLE `eventhost` ( `hostId` int(5) NOT NULL AUTO_INCREMENT,
 `firstname` varchar(50) NOT NULL,
 `lastname` varchar(50) NOT NULL,
 `email` varchar(100) NOT NULL,
 `password` varchar(255) NOT NULL,
 PRIMARY KEY (`hostId`)
) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=latin1

Link to comment
Share on other sites
requinix Prolific Member

requinix

Posted
Posted

Thought so...

 

When you do a UNION, you only get the column names from the first row. That means the ID from the wharehouse table looks like "hostId" and not "whId". As such you can't tell which table a row came from.

 

A question before we continue: what should happen if an email address is present in both tables?

Link to comment
Share on other sites
requinix Prolific Member

requinix

Posted
Posted

The harder way is restructuring your tables. Without knowing, well, anything about your application, my first thought would be

 

Three tables. One of the user information: name, email, and password. And an ID, naturally. Then another table that has the user ID and potentially other things that may be useful and particularly pertinent. "Pertinent to what?" This table tells you which users are these "warehouse" people or whatever that's supposed to be. The third table is the same thing but for the "event host" people or whatever.

 

Or maybe,

 

The user table from before with an enum field of "warehouse" and "eventhost", like

`type` ENUM("warehouse", "eventhost") NOT NULL,
That way every user is definitely one thing or the other. Or you can use a SET to allow more than one.

 

Or maybe,

 

If there's a chance of having more than just "eventhost" and "warehouse" then maybe you need something where you won't have to change the schema. That tends to mean two or three tables. One table for users, no surprise. The second table relates a user (by ID) to a thing. That thing could be a string, like "eventhost", or it could be an ID to a third table which lists the different types (and would only have 1,warehouse and 2,eventhost to start).

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.