AdeelZaighum Posted February 1, 2017 Share Posted February 1, 2017 here is a code of sign in page I want to add a role access for the student, teacher, and admin I have table name student in the database and a column role see image attached for database include("dbconfig.php"); session_start(); if($_SERVER["REQUEST_METHOD"] == "POST") { // username and password sent from form $name = mysqli_real_escape_string($con,$_POST['name']); $password = mysqli_real_escape_string($con,$_POST['password']); $sql = "SELECT user_id FROM student WHERE name = '$name' and password = '$password'"; $result = mysqli_query($con,$sql); $row = mysqli_fetch_array($result,MYSQLI_ASSOC); // $active = $row['active']; $count = mysqli_num_rows($result); if($count == 1) { //session_register("name"); $_SESSION['login_user'] = $name; header("location: allstudents1.php"); }else { $error = "Your Login Name or Password is invalid"; } } ?> Quote Link to comment https://forums.phpfreaks.com/topic/303070-how-to-add-role-in-this-code-using-if-statement/ Share on other sites More sharing options...
ginerjm Posted February 1, 2017 Share Posted February 1, 2017 I see two problems. 1 - you apparently are storing your passwords in plain text. Do Not Do That. Do some reading on the concept of hashing your password in the database and then do the same thing with the user's input before querying it. 2nd - what do you want to do? You want to add a role. Fine. But in what context? The only thing I can guess here is that you want to control who can access what pages in your site. Therefore when you check for a proper login, grab the role indicator from your table along with the username and save that as a session var also. Now for each page that requires a logged in user you will need to check for the username begin set and if there is a required role for that page, check the saved role value. Personally I would write a function for this code that returns a Boolean so that you can later modify/improve this code. Quote Link to comment https://forums.phpfreaks.com/topic/303070-how-to-add-role-in-this-code-using-if-statement/#findComment-1542176 Share on other sites More sharing options...
mac_gyver Posted February 1, 2017 Share Posted February 1, 2017 aside from fixing the problems in this code, you wouldn't add any role based logic to this code. the purpose of the is code is to authenticate who the user is, that has nothing to do with the user's role and what they can do on a web site. you should also store the user_id value in the session variable, not the mysqli string escaped name that was entered in the form. you would add code to the 'protected' pages to retrieve the current user's role on each page request. and why would you do it this way? so that any change to the role value will take affect without requiring the user to log out and log back in. Quote Link to comment https://forums.phpfreaks.com/topic/303070-how-to-add-role-in-this-code-using-if-statement/#findComment-1542178 Share on other sites More sharing options...
ginerjm Posted February 1, 2017 Share Posted February 1, 2017 Mac-giver makes a good point about when to check for the 'current' role status. My method would force a user to re-login as he said. So - perhaps your 'security' function not only checks for a simple logged-in token, but then can also make a quick query for the role if the token is found to exist. Quote Link to comment https://forums.phpfreaks.com/topic/303070-how-to-add-role-in-this-code-using-if-statement/#findComment-1542189 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.