samowns Posted December 8, 2019 Share Posted December 8, 2019 <!DOCTYPE html> <html> <head> <style type="text/css" media="screen"> .ss { border-width: 1px; border-style:solid; width: 100px; height: 100px; </style> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <title></title> <link rel="stylesheet" href=""> </head> <body> <form action="index.php" method="post"> <table align="center" class="ss"> <tr> <td>Name<input type="text" name="name"> </td> </tr> <tr> <td>Pass :<input type="password" name="pass"> </td> </tr> <tr> <td>Email<input type="text" name="eml"> </td> <tr> <td><input type="submit" name="sb"> </td> </table> </form> </body> </html> <?php include "db.php"; session_start(); if(isset($_POST['sb'])) { $name=mysqli_real_escape_string($con, $_POST['eml']); $pass=mysqli_real_escape_string($con, $_POST['pass']); $usr=mysqli_real_escape_string($con,'user'); $std='std'; $type='admin'; $qer="select * from users where eml='$name' AND pass='$pass' AND type='$type'"; $sql=mysqli_query($con,$qer); $qer=" select * from users where eml='$name' AND pass='$pass' AND type='$std'"; $sql1=mysqli_query($con,$qer); $qer=" select * from users where eml='$name' AND pass='$pass' AND type='$usr'"; $sql3=mysqli_query($con,$qer); $fe=mysqli_fetch_array($sql); if(is_array($fe)) { $name=$name; $pass=$pass; { header("location:wel.php?msg=Scuessfull login"); } echo "Admin of this site"; } else if($fe=mysqli_fetch_array($sql1)){ if(is_array($fe)) $name=$name; $pass=$pass; echo "Moderator of the site"; { header("location:mod.php?msg=Scuessfull login"); } } else if($fe=mysqli_fetch_array($sql3)){ if(is_array($fe)) $name=$name; $pass=$pass; $_SESSION['eml'] =true; header("location:sim.php?msg=Scuessfull login"); echo "Simple user this site"; } else { echo "invalid pass"; } } ?> Quote Link to comment https://forums.phpfreaks.com/topic/309655-how-to-set-session-multileve-login-php/ Share on other sites More sharing options...
Barand Posted December 8, 2019 Share Posted December 8, 2019 Do you have a particular reason for posting that mess? Quote Link to comment https://forums.phpfreaks.com/topic/309655-how-to-set-session-multileve-login-php/#findComment-1572370 Share on other sites More sharing options...
samowns Posted December 8, 2019 Author Share Posted December 8, 2019 I want to know that if i login as admin wel.php open and if i want to login as mod so mod.php open programs runs fine but when i login as admin or mod same session work i want different page scure Quote Link to comment https://forums.phpfreaks.com/topic/309655-how-to-set-session-multileve-login-php/#findComment-1572371 Share on other sites More sharing options...
mac_gyver Posted December 8, 2019 Share Posted December 8, 2019 when someone logs in, you are authenticating who they are, not what they can do or see on a web page. the only data you should store in a session variable is the user's id (auto-increment integer primary index.) you should then query on each page request to get any other user data. if you have a need to redirect upon a successful login (which is a bad design), retrieve the type value and use it to determine what url to redirect to. all of this takes only one query. you should be using php's password_hash() and password_verify() for password hashing. the post method form processing code should be before the start of the html document. if you also switch to the much simpler PDO database extension and use prepared queries, all of the database code will be simplified. Quote Link to comment https://forums.phpfreaks.com/topic/309655-how-to-set-session-multileve-login-php/#findComment-1572372 Share on other sites More sharing options...
Barand Posted December 8, 2019 Share Posted December 8, 2019 As @mac_gyver said, when the user registers, create a hash of their password using password_hash() and store that hash value, not the plain-text value. You then verify the password hash using password_verify() (See line 36 in the code) That being said, my test table for the code below is ... CREATE TABLE `sam_user` ( `user_id` int(11) NOT NULL AUTO_INCREMENT, `eml` varchar(50) DEFAULT NULL, `pass` varchar(120) DEFAULT NULL, `type` varchar(10) NOT NULL DEFAULT 'user', PRIMARY KEY (`user_id`), UNIQUE KEY `idx_sam_user_eml` (`eml`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; +---------+---------------+--------------------------------------------------------------+-------+ | user_id | eml | pass | type | +---------+---------------+--------------------------------------------------------------+-------+ | 1 | curly@abc.com | $2y$10$OKAmeyWZpKJcg/VgPAcx3uQr7R1KF23pPZFapmOmn0BhnWLqqVAP6 | user | | 2 | larry@abc.com | $2y$10$NeqCtTFo79wxGyAacPJLbeyU7Er4hPKrjwZv1G/Vr6YgHV/vnV9.6 | std | | 3 | mo@abc.com | $2y$10$6TBuStg179rLeMOm2URoNuwEOseYyOIXEVTvbwq7x9G5c9Jw0Bxoi | admin | +---------+---------------+--------------------------------------------------------------+-------+ This is my version of your code ... <?php session_start(); include 'db_inc.php'; // database credentials and custom pdoConnect function $db = pdoConnect('test'); // connect to DB 'test' using PDO // DEFAULT FORM VALUES $eml = ''; $pass = ''; $messages = ''; // HAS FORM DATA BEEN POSTED? if ($_SERVER['REQUEST_METHOD'] == 'POST') { $post = array_map('trim', $_POST); $eml = $post['eml'] ?? ''; $pass = $post['pass'] ?? ''; $errors = []; if ($post['eml']=='') { $errors[] = 'You must enter your email address'; } if ($post['pass']=='') { $errors[] = 'You must enter your password'; } $stmt = $db->prepare("SELECT user_id , pass , type FROM sam_user WHERE eml = ? "); $stmt->execute([$post['eml']]); $row = $stmt->fetch(); if (!$row) { $errors[] = "Invalid login request"; } else { if (!password_verify($post['pass'], $row['pass'])) { // verify the hashed password $errors[] = "Invalid login request"; } } if (!$errors) { $_SESSION['user'] = $row['user_id']; $qdata = []; switch ($row['type']) { case 'admin': $page = 'wel.php'; $qdata['msg'] = 'Administrator successfully logged in'; break; case 'std': $page = 'mod.php'; $qdata['msg'] = 'Moderator successfully logged in'; break; default: $page = 'sim.php'; $qdata['msg'] = 'User successfully logged in'; break; } $qstr = http_build_query($qdata); $url = "{$page}?{$qstr}"; // header("Location: $url"); // uncomment in production version echo $url; // TESTING ONLY exit; } else { unset($_SESSION['user']); $messages = "<div class='errors'>" . join('<br>', $errors) . "</div>\n"; } } ?> <!DOCTYPE html> <html> <head> <meta http-equiv="content-language" content="en"> <meta charset="utf-8"> <title>Example Login</title> <style type="text/css" media="screen"> body { font-family: calibri, sans-serif; font-size: 12pt; } header { padding: 25px; text-align: center; background-color: #2DABE1; color: #FFF;} label { width: 100px; height: 40px; font-weight: 600; display: inline-block; } fieldset { width: 300px; margin: 100px auto; padding: 20px; } .errors { width: 300px; background-color: #E02222; color: #FFF; margin: 0 auto; padding: 20px;} </style> </head> <body> <header> <h1>Example Login</h1> </header> <form action="" method="post"> <fieldset> <label>Email</label><input type="text" name="eml" value='<?=$eml?>'><br> <label>Password</label><input type="password" name="pass" value='<?=$pass?>'><br> <label> </label><input type="submit" name="sb" value='Log In'> </fieldset> </form> <?=$messages?> </body> </html> Quote Link to comment https://forums.phpfreaks.com/topic/309655-how-to-set-session-multileve-login-php/#findComment-1572373 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.