Beck3 Posted April 21, 2017 Share Posted April 21, 2017 Hello, I'm trying to build a student management information system. It has to have two login modes, admin and user. I have some code, but the database is not working. When I try to login, I'm just send the message that the login failed. How do I compare the user credentials to what is in the database already so that the user logs in based on user role? I have creared a users table with the following attributes: user_id (PK), first_name, last_name, username, and pwd(FK). And another table called role with the attribute of role. Role is the primary key. Any help would be appreciated! config.php https://pastebin.com/PUqhMdsY SQLFunctions.php https://pastebin.com/X7LvBC5M login.php https://pastebin.com/36fTGzgh loginsubmit.php https://pastebin.com/1RpRkmTj sessions.php https://pastebin.com/6XWVZF9K Link to comment Share on other sites More sharing options...
benanamen Posted April 21, 2017 Share Posted April 21, 2017 You have many, many problems with this code. It will pretty much require a complete rewrite. I would suggest you use PDO when you do that. https://phpdelusions.net/pdo Link to comment Share on other sites More sharing options...
ginerjm Posted April 21, 2017 Share Posted April 21, 2017 Let's start with the login. Why a user id and a username? Wouldn't one work? Why two "login modes"? Aren't these just multiple user ids with assigned roles? I'd put role in the user table and dump the roles table. Let your other pages check the role that you return with a valid login. If you need to have multiple roles, return an array of roles instead of a single one and store the roles in your role table, linked by userid. In either case add a std. function to each of your pages to check the returned role variable and return a true/false answer when checking if a user is allowed access to that page. That way you can change the roles around should you have to with very little work. And if you are not using PDO, I'll jump on the bandwagon to tell you to switch to that NOW. And use prepared queries too - life will be much simpler. Let's get the login working. Be sure to wrap any code you post here properly. And when next you post - post your question along with the PERTINENT code that you think is the root of your problem. Many of us don't look at links to other sites and having a slew of them posted just discourages interest. IMHO. Link to comment Share on other sites More sharing options...
Beck3 Posted April 22, 2017 Author Share Posted April 22, 2017 Let's start with the login. Why a user id and a username? Wouldn't one work? Why two "login modes"? Aren't these just multiple user ids with assigned roles? I'd put role in the user table and dump the roles table. Let your other pages check the role that you return with a valid login. If you need to have multiple roles, return an array of roles instead of a single one and store the roles in your role table, linked by userid. In either case add a std. function to each of your pages to check the returned role variable and return a true/false answer when checking if a user is allowed access to that page. That way you can change the roles around should you have to with very little work. And if you are not using PDO, I'll jump on the bandwagon to tell you to switch to that NOW. And use prepared queries too - life will be much simpler. Let's get the login working. Be sure to wrap any code you post here properly. And when next you post - post your question along with the PERTINENT code that you think is the root of your problem. Many of us don't look at links to other sites and having a slew of them posted just discourages interest. IMHO. To be honest, I'm new to PHP. I don't really know much about it. I have to create two log in modes because the project needs an admin to log in and have that person be in charged of the whole database to edit, delete, insert, etc information. The other mode is just user aka the student. The student should only be able to view courses, grades,and tests. Why is PDO better? I did found a tutorial with PDO log in system and it works, but I find the queries hard to understand. I made a registration page in the admin page, but it didn't work. It will not connect to my database. I understand some of the logic behind the code, but not all. index: <div class="col-md-6 col-md-offset-3"> <h4></span>Log in with your credentials<span class="glyphicon glyphicon-user"></h4><br/> <div class="block-margin-top"> <?php $errors = array( 1=>"Invalid user name or password, Try again", 2=>"Please login to access this area" ); $error_id = isset($_GET['err']) ? (int)$_GET['err'] : 0; if ($error_id == 1) { echo '<p class="text-danger">'.$errors[$error_id].'</p>'; }elseif ($error_id == 2) { echo '<p class="text-danger">'.$errors[$error_id].'</p>'; } ?> <form action="authenticate.php" method="POST" class="form-signin col-md-8 col-md-offset-2" role="form"> <input type="text" name="username" class="form-control" placeholder="Username" required autofocus><br/> <input type="password" name="password" class="form-control" placeholder="Password" required><br/> <button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button> </form> </div> </div> authenticate: <?php require 'database-config.php'; session_start(); $username = ""; $password = ""; if(isset($_POST['username'])){ $username = $_POST['username']; } if (isset($_POST['password'])) { $password = $_POST['password']; } $q = 'SELECT * FROM users WHERE username=:username AND password=:password'; $query = $dbh->prepare($q); $query->execute(array(':username' => $username, ':password' => $password)); if($query->rowCount() == 0){ header('Location: index.php?err=1'); }else{ $row = $query->fetch(PDO::FETCH_ASSOC); session_regenerate_id(); $_SESSION['sess_user_id'] = $row['id']; $_SESSION['sess_username'] = $row['username']; $_SESSION['sess_userrole'] = $row['role']; echo $_SESSION['sess_userrole']; session_write_close(); if( $_SESSION['sess_userrole'] == "admin"){ header('Location: adminhome.php'); }else{ header('Location: userhome.php'); } } ?> data-base config: <?php // define database related variables $database = 'c9'; $host = '127.0.0.1'; $user = 'kittykat77'; $pass = ''; // try to conncet to database $dbh = new PDO("mysql:dbname={$database};host={$host};port={3306}", $user, $pass); if(!$dbh){ echo "unable to connect to database"; } ?> adminhome: <?php session_start(); $role = $_SESSION['sess_userrole']; if(!isset($_SESSION['sess_username']) || $role!="admin"){ header('Location: index.php?err=2'); } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Bootstrap 101 Template</title> <!-- Bootstrap --> <link href="css/bootstrap.min.css" rel="stylesheet"> <link href="css/style.css" rel="stylesheet"> <!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries --> <!-- WARNING: Respond.js doesn't work if you view the page via file:// --> <!--[if lt IE 9]> <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script> <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script> <![endif]--> </head> <body> <div class="navbar navbar-default navbar-fixed-top" role="navigation"> <div class="container"> <div class="navbar-header"> <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target=".navbar-collapse"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="navbar-brand" href="http://techyari.in">Techyari.in</a> </div> <div class="navbar-collapse collapse"> <ul class="nav navbar-nav navbar-right"> <li><a href="#"><?php echo $_SESSION['sess_username'];?></a></li> <li><a href="logout.php">Logout</a></li> <li><a href="registration.php">Register User</a></li> </ul> </div> </div> </div> <div class="container homepage"> <div class="row"> <div class="col-md-3"></div> <div class="col-md-6 welcome-page"> <h2>This is Admin area.</h2> </div> <div class="col-md-3"></div> </div> </div> <!-- jQuery (necessary for Bootstrap's JavaScript plugins) --> <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script> <!-- Include all compiled plugins (below), or include individual files as needed --> <script src="js/bootstrap.min.js"></script> </body> </html> userhome: <?php session_start(); $role = $_SESSION['sess_userrole']; if(!isset($_SESSION['sess_username']) || $role!="user"){ header('Location: index.php?err=2'); $stmt = $c9->prepare("SELECT id FROM users WHERE id=:id"); $stmt->execute(array(':id' => $id)); $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Bootstrap 101 Template</title> <!-- Bootstrap --> <link href="css/bootstrap.min.css" rel="stylesheet"> <link href="css/style.css" rel="stylesheet"> <!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries --> <!-- WARNING: Respond.js doesn't work if you view the page via file:// --> <!--[if lt IE 9]> <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script> <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script> <![endif]--> </head> <body> <div class="navbar navbar-default navbar-fixed-top" role="navigation"> <div class="container"> <div class="navbar-header"> <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target=".navbar-collapse"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="navbar-brand" href="http://techyari.in">Techyari.in</a> </div> <div class="navbar-collapse collapse"> <ul class="nav navbar-nav navbar-right"> <li><a href="#"><?php echo $_SESSION['sess_username'];?></a></li> <li><a href="logout.php">Logout</a></li> </ul> </div> </div> </div> <div class="container homepage"> <div class="row"> <div class="col-md-3"></div> <div class="col-md-6 welcome-page"> <h2>This is User area.</h2> </div> <div class="col-md-3"></div> </div> </div> <!-- jQuery (necessary for Bootstrap's JavaScript plugins) --> <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script> <!-- Include all compiled plugins (below), or include individual files as needed --> <script src="js/bootstrap.min.js"></script> </body> </html> <?php session_start(); session_destroy(); header('Location: index.php'); ?> registration: <?php includes("database-config.php"); ?> <html> <head> <tile>Create Account-Admin Panel</tile> <link rel="stylesheet" type="text/css" href= "style.css"> </head> <body> <h3>Create a New User</h3> <form method="POST"> <?php if($_SERVER['REQUEST_METHOD'] == "POST" ) { /*echo "<p>Submit button is working.</p>"; */ $username = $_POST["username"]; $password = $_POST["password"]; $confirm_password = $_POST["confirm_password"]; if(empty($username) || empty($password) || empty($confirm_password)){ $error="Fields were empty."; } else { $sql = "INSERT INTO users VALUES ('', '$username', '$password', 'User')"; $result = $conn->query($sql); if( $result == TRUE) { $error = "User created"; } else { $error = "Error in creating account."; } } echo "<p>$error</p>"; } ?> <form> Username: <br/> <input type="text" name="username" /> <br/><br/> Password: <br/> <input type="password" name="password" /> <br/><br/> Confirm password: <br/> <input type="password" name="confirm password" /> <br/><br/> <input type="submit" value="Create Account" /> </form> </body> </html> Link to comment Share on other sites More sharing options...
benanamen Posted April 22, 2017 Share Posted April 22, 2017 I suggest you learn what is at the link I provided instead of just copy/paste code you don't understand. Link to comment Share on other sites More sharing options...
ginerjm Posted April 22, 2017 Share Posted April 22, 2017 For a person to say they are new to php and yet have all this code.... Something's not right. If you are son new how did you get this? As for your use of the term "login mode", what do you mean by that? Your login process will be the same for anyone, any type, any role that your system needs. You don't really believe that you will create two login modes, do you? Concentrate on getting a solid secure login process using a user id, a password and a table that stores those values properly (using a secured password column). Then add the role column to that table so that when one logs in successfully you can return that role to the app for use down the road. Work on just this one thing for now. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.