Jump to content

Login Script problem


Recommended Posts

Hey, i got a login script from evolt.org with admin feature made bu jpmaster77.

The problem i am having is that pages that should be only available to some users is avaiable to all. What happens when you are not authorized to wiev it it just log in as guest and you can see it.
I'm not sure what information you want, so i'll just post a few snippets, and just ask for whatever more you need :-)


function Process(){
      global $session;
      /* User submitted login form */

      * Should not get here, which means user is viewing this page
      * by mistake and therefore is redirected.
          header("Location: index2.php");

Same if, just removed some elseif's

    * isAdmin - Returns true if currently logged in user is
    * an administrator, false otherwise.
  function isAdmin(){
      return ($this->userlevel == ADMIN_LEVEL ||
              $this->username  == ADMIN_NAME);
  *isLevel - Same function as isAdmin for users
  function isLevel(){
  return ($this->userlevel >= $level);

Tried to add an isLevel to help secure.. dunno if it will help, but doesn't seem so :-)
i.e page3.php


  echo "<h1>Logged In</h1>";
  echo "Welcome <b>$session->username</b>, you are logged in. <br><br>"
      ."[<a href=\"userinfo.php?user=$session->username\">My Account</a>]<br> &nbsp;&nbsp;"
      ."[<a href=\"useredit.php\">Edit Account</a>]<br> &nbsp;&nbsp;";
      echo "[<a href=\"admin/admin.php\">Admin Center</a>]<br> &nbsp;&nbsp;";
  echo "[<a href=\"process.php\">Logout</a>]<br>";

put in x in user level since there is 9 possibilities..
I have also tried without my "experiment, but it still log in as guest..
So, here is my question. How do i really make the script work like intended? (only specified user level can view the page(s)

Hope anyone can help me. Thanks

Link to comment
Share on other sites

I would have to see more of the code but It looks like you didnt put a check if they are not that level.  You can try a code similar to this that once it checks the user level, if they are not in it then it will display a message to them.

of course your variable $level would be whatever level you want to access that area.

if (!isLevel($level)){
die("You are not allowed to access this area!!");

Or you could do a redirect somewhere if they are not in that level.

  Header("Location: whereever_you_want _to_redirect_them.php");
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.