LeonLatex Posted May 20, 2023 Share Posted May 20, 2023 Barry made this, and the intention is to have the link activated only when logged in as a user or admin. I don't remember how it was set up. Somehow this is controlling the login users rights depending on the email address, which is the username. I paste the sessions from the header.php, members.php and marina.php and the rest of the sites containing the content. I also attached other things related to the log in such as e.g. database etc. If there is something you feel I have forgotten, I hope you will ask. I only try to keep the post as short as possible. I want the user rights to be right again. Do you understand what I mean? Can you help me?, please members.php session. <?php session_start(); $ROOT = str_replace('\\', '/', $_SERVER['DOCUMENT_ROOT']) . '/'; $HOST = 'http://' . $_SERVER['HTTP_HOST'] . '/'; $disabl1 = isset($_SESSION['member_id']) ? '' : 'w3-disabled'; $disabl2 = isset($_SESSION['member_id']) && isset($_SESSION['isadmin']) ? '' : 'w3-disabled'; $log_btn = isset($_SESSION['member_id']) ? 'Logg ut' : 'Logg inn'; const SYSNAME = 'Nikolivia Maraina Management System'; const PAGETITLE = 'Velkommen'; const HELPBUTTON = ""; ?> marina.php session. <?php session_start(); include $ROOT.'db_inc.php'; $pdo = pdoConnect(); $loggedin = $_SESSION['member_id'] ?? 0; unset( $_SESSION['member_id'], $_SESSION['isadmin']); if ($loggedin) { header("Location: {$HOST}marina.php"); exit; } ?> The database part with the records containing the user rights level settings. Here comes some of the HTML/PHP. login.php <?php session_start(); include $ROOT.'db_inc.php'; $pdo = pdoConnect(); $ROOT = str_replace('\\', '/', $_SERVER['DOCUMENT_ROOT']) . '/'; $HOST = 'http://' . $_SERVER['HTTP_HOST'] . '/'; $loggedin = $_SESSION['member_id'] ?? 0; unset( $_SESSION['member_id'], $_SESSION['isadmin']); if ($loggedin) { header("Location: {$HOST}members.php"); exit; } $msg = ''; if ($_SERVER['REQUEST_METHOD']=='POST') { $res = $pdo->prepare("SELECT password , member_id , admin FROM member WHERE email = ? "); $res->execute([ $_POST['email'] ]); $row = $res->fetch(); if ($row && password_verify($_POST['password'], $row['password'])) { $_SESSION['member_id'] = $row['member_id']; if ($row['admin'] == 1) { $_SESSION['isadmin'] = 1; } header("Location: {$HOST}members.php"); exit; } else $msg = "<div class='w3-panel w3-red w3-padding'><p>Ugyldig innlogging</p></div>"; } ?> <?php session_start(); $ROOT = str_replace('\\', '/', $_SERVER['DOCUMENT_ROOT']) . '/'; $HOST = 'http://' . $_SERVER['HTTP_HOST'] . '/'; $disabl1 = isset($_SESSION['member_id']) ? '' : 'w3-disabled'; $disabl2 = isset($_SESSION['member_id']) && isset($_SESSION['isadmin']) ? '' : 'w3-disabled'; $log_btn = isset($_SESSION['member_id']) ? 'Log out' : 'Login'; const SYSNAME = 'Management System'; const PAGETITLE = 'Login'; const HELPBUTTON = ""; ?> <!DOCTYPE html> <html lang='en'> <head> <title><?=SYSNAME?></title> <meta http-equiv='Content-Type' content='text/html; charset=utf-8'> <link rel="stylesheet" href="https://www.w3schools.com/w3css/4/w3.css"> <link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.15.1/css/all.css"> <link href='css/footer.css' rel='stylesheet' type="text/css"> </head> <body> <div class='w3-content w3-card-4 w3-light-gray' style='margin-top: 100px;'> <div class='w3-panel w3-black w3-padding'> <?=SYSNAME?> - <?=PAGETITLE?> </div> <?=$msg?> <form method='POST' class='w3-padding'> <label>E-mail</label> <input type='text' class='w3-input w3-border' name='email'> <label>Password</label> <input type='password' class='w3-input w3-border' name='password'> <br> <button type='submit' class='w3-button w3-blue w3-right'>Logg Inn</button> <br><br><br> </form> </div> </body> </html> Quote Link to comment Share on other sites More sharing options...
requinix Posted May 21, 2023 Share Posted May 21, 2023 Is this another "someone else did some work for me earlier and I don't understand what they did so please do the work for me this time too" question? This $loggedin = $_SESSION['member_id'] ?? 0; plus this if ($loggedin) { both look very much like they qualify as "activated only when logged in as a user or admin". Have you tried applying that to "the link" (I don't know what link you're talking about) so that it only appears when the person is logged in? Quote Link to comment Share on other sites More sharing options...
LeonLatex Posted May 21, 2023 Author Share Posted May 21, 2023 First of all, I must apologize for asking a question on a Q&A forum. Sorry for that, but thanks at the same time for the help I get. So to what this thread is really about. You are absolutely right Requinix, When you are logged in, the link or button on the navigation bar should be activated, while it should be deactivated/overshadowed when you are not logged in, and I do it in the following way. I only saw now that I have forgotten something important. Namely to add what is written in the header.php file. It is probably very important and I include that too. After I've pasted it in I'll show what I'm doing in trying to get this to work after I had to reconstruct the entire script after breaking what was done for me in an attempt to improve and add features myself, and which therefore turns out to be wrong. By the way. I include the navigation bar too below header.php header.php <?php session_start(); $ROOT = str_replace('\\', '/', $_SERVER['DOCUMENT_ROOT']) . '/'; $HOST = 'http://' . $_SERVER['HTTP_HOST'] . '/'; $disabl1 = isset($_SESSION['member_id']) ? '' : 'w3-disabled'; $disabl2 = isset($_SESSION['member_id']) && isset($_SESSION['isadmin']) ? '' : 'w3-disabled'; $log_btn = isset($_SESSION['member_id']) ? 'Logg ut' : 'Logg inn'; const SYSNAME = 'Management System'; const PAGETITLE = 'Welcome'; const HELPBUTTON = ""; ?> Nav bar <NAV> <div class='w3-bar w3-light-gray w3-margin-bottom' style='height: 39px'> <a id='nav-members' href='<?=$HOST?>index.php' class='w3-bar-item w3-button'>Hjem</a> <a id='nav-register' href='<?=$HOST?>register.php' class='w3-bar-item w3-button'>Registrering</a> <a id='nav-members' href='<?=$HOST?>members.php' class='w3-bar-item w3-button'>Medlemmer</a> <a id='nav-marina' href='<?=$HOST?>marina.php' class='w3-bar-item w3-button'>Båtplass</a> <a id='nav-invoice' href='<?=$HOST?>invoice/invoice.php' class='w3-bar-item w3-button'>Faktura</a> <a id='nav-login' href='<?=$HOST?>login.php' class='w3-bar-item w3-button w3-right'><?=$log_btn?></a> </div> </NAV> Here's what I tried to get it to work: <?=$disabl1?> or <?=$disabl2?> All this do is too write "w3-disabled" on the navigation button. Will say, I do it the same way as it is done with login.php link in the navbar above. Another error is that I have administrative rights regardless of whether I am logged in or not. I don't understand what I'm doing wrong or where, and after all the work I had to reconstruct the system, I don't dare touch it too much. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.