Jump to content

Log In System Problems

Beck3

By Beck3
in PHP Coding Help

 Share

Recommended Posts

Beck3 Newbie

Beck3

Posted
Posted

Hello, I'm trying to build a student management information system.

 

It has to have two login modes, admin and user. I have some code, but the database is not working.

 

When I try to login, I'm just send the message that the login failed. How do I compare the user credentials to what is in the database already so that the user logs in based on user role? I have creared a users table with the following attributes: user_id (PK), first_name, last_name, username, and pwd(FK). And another table called role with the attribute of role. Role is the primary key.  

 

Any help would be appreciated! 

 

config.php

https://pastebin.com/PUqhMdsY

 

SQLFunctions.php

https://pastebin.com/X7LvBC5M

 

login.php 

https://pastebin.com/36fTGzgh

 

loginsubmit.php

https://pastebin.com/1RpRkmTj

 

sessions.php

https://pastebin.com/6XWVZF9K

 

Link to comment
Share on other sites
ginerjm Prolific Member

ginerjm

Posted
Posted

Let's start with the login. Why a user id and a username? Wouldn't one work?

 

Why two "login modes"? Aren't these just multiple user ids with assigned roles? I'd put role in the user table and dump the roles table. Let your other pages check the role that you return with a valid login. If you need to have multiple roles, return an array of roles instead of a single one and store the roles in your role table, linked by userid. In either case add a std. function to each of your pages to check the returned role variable and return a true/false answer when checking if a user is allowed access to that page. That way you can change the roles around should you have to with very little work.

 

And if you are not using PDO, I'll jump on the bandwagon to tell you to switch to that NOW. And use prepared queries too - life will be much simpler.

 

Let's get the login working. Be sure to wrap any code you post here properly.

And when next you post - post your question along with the PERTINENT code that you think is the root of your problem. Many of us don't look at links to other sites and having a slew of them posted just discourages interest. IMHO.

Link to comment
Share on other sites
Beck3 Newbie

Beck3

Posted
  • Author
Posted

Let's start with the login. Why a user id and a username? Wouldn't one work?

 

Why two "login modes"? Aren't these just multiple user ids with assigned roles? I'd put role in the user table and dump the roles table. Let your other pages check the role that you return with a valid login. If you need to have multiple roles, return an array of roles instead of a single one and store the roles in your role table, linked by userid. In either case add a std. function to each of your pages to check the returned role variable and return a true/false answer when checking if a user is allowed access to that page. That way you can change the roles around should you have to with very little work.

 

And if you are not using PDO, I'll jump on the bandwagon to tell you to switch to that NOW. And use prepared queries too - life will be much simpler.

 

Let's get the login working. Be sure to wrap any code you post here properly.

And when next you post - post your question along with the PERTINENT code that you think is the root of your problem. Many of us don't look at links to other sites and having a slew of them posted just discourages interest. IMHO.

 

To be honest, I'm new to PHP. I don't really know much about it. I have to create two log in modes because the project needs an admin to log in and have that person be in charged of the whole database to edit, delete, insert, etc information. The other mode is just user aka the student. The student should only be able to view courses, grades,and tests. 

 

Why is PDO better? I did found a tutorial with PDO log in system and it works, but I find the queries hard to understand. I made a registration page in the admin page, but it didn't work. It will not connect to my database. I understand some of the logic behind the code, but not all. 

 

index:

<div class="col-md-6 col-md-offset-3">
                    <h4></span>Log in with your credentials<span class="glyphicon glyphicon-user"></h4><br/>
                            <div class="block-margin-top">
                              <?php 

                                $errors = array(
                                    1=>"Invalid user name or password, Try again",
                                    2=>"Please login to access this area"
                                  );

                                $error_id = isset($_GET['err']) ? (int)$_GET['err'] : 0;

                                if ($error_id == 1) {
                                        echo '<p class="text-danger">'.$errors[$error_id].'</p>';
                                    }elseif ($error_id == 2) {
                                        echo '<p class="text-danger">'.$errors[$error_id].'</p>';
                                    }
                               ?>  

                              <form action="authenticate.php" method="POST" class="form-signin col-md-8 col-md-offset-2" role="form">  
                                  <input type="text" name="username" class="form-control" placeholder="Username" required autofocus><br/>
                                  <input type="password" name="password" class="form-control" placeholder="Password" required><br/>
                                  <button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
                             </form>
                           </div>
            </div>

authenticate:

<?php 
 require 'database-config.php';

 session_start();

 $username = "";
 $password = "";
 
 if(isset($_POST['username'])){
  $username = $_POST['username'];
 }
 if (isset($_POST['password'])) {
  $password = $_POST['password'];

 }
 

 $q = 'SELECT * FROM users WHERE username=:username AND password=:password';

 $query = $dbh->prepare($q);

 $query->execute(array(':username' => $username, ':password' => $password));


 if($query->rowCount() == 0){
  header('Location: index.php?err=1');
 }else{

  $row = $query->fetch(PDO::FETCH_ASSOC);

  session_regenerate_id();
  $_SESSION['sess_user_id'] = $row['id'];
  $_SESSION['sess_username'] = $row['username'];
        $_SESSION['sess_userrole'] = $row['role'];

        echo $_SESSION['sess_userrole'];
  session_write_close();

  if( $_SESSION['sess_userrole'] == "admin"){
   header('Location: adminhome.php');
  }else{
   header('Location: userhome.php');
  }
  
  
 }


?>

data-base config:

<?php
   // define database related variables
   $database = 'c9';
   $host = '127.0.0.1';
   $user = 'kittykat77';
   $pass = '';

   // try to conncet to database
   $dbh = new PDO("mysql:dbname={$database};host={$host};port={3306}", $user, $pass);

   if(!$dbh){

      echo "unable to connect to database";
   }
   
?>

adminhome:

<?php 
    session_start();
    $role = $_SESSION['sess_userrole'];
    if(!isset($_SESSION['sess_username']) || $role!="admin"){
      header('Location: index.php?err=2');
    }
?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>Bootstrap 101 Template</title>

    <!-- Bootstrap -->
    <link href="css/bootstrap.min.css" rel="stylesheet">
    <link href="css/style.css" rel="stylesheet">

    <!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries -->
    <!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
    <!--[if lt IE 9]>
      <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
      <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
    <![endif]-->
  </head>
  <body>
    
    <div class="navbar navbar-default navbar-fixed-top" role="navigation">
      <div class="container">
        <div class="navbar-header">
          <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target=".navbar-collapse">
            <span class="sr-only">Toggle navigation</span>
            <span class="icon-bar"></span>
            <span class="icon-bar"></span>
            <span class="icon-bar"></span>
          </button>
          <a class="navbar-brand" href="http://techyari.in">Techyari.in</a>
        </div>

        <div class="navbar-collapse collapse">
          <ul class="nav navbar-nav navbar-right">
            
            
            <li><a href="#"><?php echo $_SESSION['sess_username'];?></a></li>
            <li><a href="logout.php">Logout</a></li>
            <li><a href="registration.php">Register User</a></li>
          </ul>
        </div>
      </div>
    </div>

    <div class="container homepage">
      <div class="row">
         <div class="col-md-3"></div>
            <div class="col-md-6 welcome-page">
              <h2>This is Admin area.</h2>
            </div>
          <div class="col-md-3"></div>
        </div>
    </div>    

    <!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
    <!-- Include all compiled plugins (below), or include individual files as needed -->
    <script src="js/bootstrap.min.js"></script>
    </body>
</html>

userhome:

<?php 
    session_start();
    
   
    
    $role = $_SESSION['sess_userrole'];
    if(!isset($_SESSION['sess_username']) || $role!="user"){
      header('Location: index.php?err=2');
      
      
    $stmt = $c9->prepare("SELECT id FROM users WHERE id=:id");
    $stmt->execute(array(':id' => $id));
    $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
    
    }
    
  ?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>Bootstrap 101 Template</title>

    <!-- Bootstrap -->
    <link href="css/bootstrap.min.css" rel="stylesheet">
    <link href="css/style.css" rel="stylesheet">

    <!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries -->
    <!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
    <!--[if lt IE 9]>
      <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
      <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
    <![endif]-->
  </head>
  <body>
    
    <div class="navbar navbar-default navbar-fixed-top" role="navigation">
      <div class="container">
        <div class="navbar-header">
          <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target=".navbar-collapse">
            <span class="sr-only">Toggle navigation</span>
            <span class="icon-bar"></span>
            <span class="icon-bar"></span>
            <span class="icon-bar"></span>
          </button>
          <a class="navbar-brand" href="http://techyari.in">Techyari.in</a>
        </div>

        <div class="navbar-collapse collapse">
          <ul class="nav navbar-nav navbar-right">
          
          
            <li><a href="#"><?php echo $_SESSION['sess_username'];?></a></li>
            <li><a href="logout.php">Logout</a></li>
            
          </ul>
        </div>
      </div>
    </div>

    <div class="container homepage">
      <div class="row">
         <div class="col-md-3"></div>
            <div class="col-md-6 welcome-page">
              <h2>This is User area.</h2>
              





            </div>
          <div class="col-md-3"></div>
        </div>
    </div>    

    <!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
    <!-- Include all compiled plugins (below), or include individual files as needed -->
    <script src="js/bootstrap.min.js"></script>
    </body>
</html>





<?php 
 session_start();
 session_destroy();
 header('Location: index.php');
?>

registration:

<?php includes("database-config.php"); ?> 

<html>
  <head>
    <tile>Create Account-Admin Panel</tile>
    <link rel="stylesheet" type="text/css" href= "style.css">
  </head>
  <body>
    
    <h3>Create a New User</h3>
    
    <form method="POST">
      
    <?php
    
    
      if($_SERVER['REQUEST_METHOD'] == "POST" ) {
        
        /*echo "<p>Submit button is working.</p>"; */ 
        
        
        $username = $_POST["username"];
        $password = $_POST["password"]; 
        $confirm_password = $_POST["confirm_password"]; 
        
        if(empty($username) || empty($password) || empty($confirm_password)){
          
          $error="Fields were empty."; 
          
        } else {
          
      
    
       $sql = "INSERT INTO users VALUES ('', '$username', '$password', 'User')";
                
                
              
                $result = $conn->query($sql);

                if( $result == TRUE) { 
               
               $error = "User created"; 
                } 
                
                else {
                  
                $error = "Error in creating account."; 
                
                } 
                
        }
      
        echo "<p>$error</p>"; 
        
      }
    
    
    ?>
    
    
    <form>
      
      Username: <br/>
      <input type="text" name="username" /> 
      <br/><br/>
      
      Password: <br/> 
      <input type="password" name="password" /> 
      <br/><br/>
      
      Confirm password: <br/>
      <input type="password" name="confirm password" />
      <br/><br/>
      
      <input type="submit" value="Create Account" />
      
    </form>
    
    
  </body>
  
</html>
Link to comment
Share on other sites
ginerjm Prolific Member

ginerjm

Posted
Posted

For a person to say they are new to php and yet have all this code.... Something's not right. If you are son new how did you get this?

 

As for your use of the term "login mode", what do you mean by that?

 

Your login process will be the same for anyone, any type, any role that your system needs. You don't really believe that you will create two login modes, do you?

 

Concentrate on getting a solid secure login process using a user id, a password and a table that stores those values properly (using a secured password column). Then add the role column to that table so that when one logs in successfully you can return that role to the app for use down the road.

 

Work on just this one thing for now.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.