Jump to content

Recommended Posts

Barry made this, and the intention is to have the link activated only when logged in as a user or admin. I don't remember how it was set up. Somehow this is controlling the login users rights depending on the email address, which is the username.

I paste the sessions from the header.php, members.php and marina.php and the rest of the sites containing the content. I also attached other things related to the log in such as e.g. database etc. If there is something you feel I have forgotten, I hope you will ask. I only try to keep the post as short as possible. I want the user rights to be right again. Do you understand what I mean? Can you help me?, please

 

members.php session.

<?php
session_start();
$ROOT = str_replace('\\', '/', $_SERVER['DOCUMENT_ROOT']) . '/';
$HOST = 'http://' . $_SERVER['HTTP_HOST'] . '/';
$disabl1 = isset($_SESSION['member_id']) ? '' : 'w3-disabled'; 
$disabl2 = isset($_SESSION['member_id']) && isset($_SESSION['isadmin']) ? '' : 'w3-disabled';  
$log_btn = isset($_SESSION['member_id']) ?  'Logg ut' : 'Logg inn';
const SYSNAME = 'Nikolivia Maraina Management System';
const PAGETITLE = 'Velkommen';
const HELPBUTTON = "";
?>

 

marina.php session.

<?php
session_start();
include $ROOT.'db_inc.php';
$pdo = pdoConnect();
$loggedin =  $_SESSION['member_id'] ?? 0;
unset( $_SESSION['member_id'], $_SESSION['isadmin']);
if ($loggedin)  {
    header("Location: {$HOST}marina.php");
    exit;
}
?>

 

The database part with the records containing the user rights level settings.

marina_table.thumb.png.37673e4a0d52cf8525c766fea2636e1d.pngDB_map.thumb.png.0f0dee0432a32a22d86f0f2f9fa4d607.png

 

Here comes some of the HTML/PHP.

login.php

<?php
session_start();
include $ROOT.'db_inc.php';
$pdo = pdoConnect();
$ROOT = str_replace('\\', '/', $_SERVER['DOCUMENT_ROOT']) . '/';
$HOST = 'http://' . $_SERVER['HTTP_HOST'] . '/';
$loggedin =  $_SESSION['member_id'] ?? 0;
unset( $_SESSION['member_id'], $_SESSION['isadmin']);

if ($loggedin)  {
    header("Location: {$HOST}members.php");
    exit;
}

$msg = '';

if ($_SERVER['REQUEST_METHOD']=='POST') {
    $res = $pdo->prepare("SELECT password
                               , member_id
                               , admin
                          FROM member
                          WHERE email = ?     
                         ");
    $res->execute([ $_POST['email'] ]);
    $row = $res->fetch();
    if ($row && password_verify($_POST['password'], $row['password'])) {
        $_SESSION['member_id'] = $row['member_id'];
        if ($row['admin'] == 1) {
            $_SESSION['isadmin'] = 1;
        }
        header("Location: {$HOST}members.php");
        exit;
    }
    else $msg = "<div class='w3-panel w3-red w3-padding'><p>Ugyldig innlogging</p></div>";                     
}
?>
<?php
session_start();
$ROOT = str_replace('\\', '/', $_SERVER['DOCUMENT_ROOT']) . '/';
$HOST = 'http://' . $_SERVER['HTTP_HOST'] . '/';
$disabl1 = isset($_SESSION['member_id']) ? '' : 'w3-disabled'; 
$disabl2 = isset($_SESSION['member_id']) && isset($_SESSION['isadmin']) ? '' : 'w3-disabled';  
$log_btn = isset($_SESSION['member_id']) ?  'Log out' : 'Login';
const SYSNAME = 'Management System';
const PAGETITLE = 'Login';
const HELPBUTTON = "";
?>
<!DOCTYPE html>
<html lang='en'>
<head>
<title><?=SYSNAME?></title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>
<link rel="stylesheet" href="https://www.w3schools.com/w3css/4/w3.css">
<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.15.1/css/all.css">
<link href='css/footer.css' rel='stylesheet' type="text/css">
</head>
<body>
    <div class='w3-content w3-card-4 w3-light-gray' style='margin-top: 100px;'>
        <div class='w3-panel w3-black w3-padding'>
        <?=SYSNAME?> - <?=PAGETITLE?>
        </div>
        <?=$msg?>
        <form method='POST' class='w3-padding'>
            <label>E-mail</label>
            <input type='text' class='w3-input w3-border' name='email'>
            <label>Password</label>
            <input type='password' class='w3-input w3-border' name='password'>
            <br>
            <button type='submit' class='w3-button w3-blue w3-right'>Logg Inn</button>
            <br><br><br>
        </form>
    </div>
</body>
</html>

 

 

Is this another "someone else did some work for me earlier and I don't understand what they did so please do the work for me this time too" question?

This

$loggedin = $_SESSION['member_id'] ?? 0;

plus this

if ($loggedin) {

both look very much like they qualify as "activated only when logged in as a user or admin". Have you tried applying that to "the link" (I don't know what link you're talking about) so that it only appears when the person is logged in?

First of all, I must apologize for asking a question on a Q&A forum. Sorry for that, but thanks at the same time for the help I get.

So to what this thread is really about.
You are absolutely right Requinix, When you are logged in, the link or button on the navigation bar should be activated, while it should be deactivated/overshadowed when you are not logged in, and I do it in the following way. I only saw now that I have forgotten something important. Namely to add what is written in the header.php file. It is probably very important and I include that too. After I've pasted it in I'll show what I'm doing in trying to get this to work after I had to reconstruct the entire script after breaking what was done for me in an attempt to improve and add features myself, and which therefore turns out to be wrong. By the way. I include the navigation bar too below header.php

header.php


<?php
session_start();
$ROOT = str_replace('\\', '/', $_SERVER['DOCUMENT_ROOT']) . '/';
$HOST = 'http://' . $_SERVER['HTTP_HOST'] . '/';
$disabl1 = isset($_SESSION['member_id']) ? '' : 'w3-disabled';
$disabl2 = isset($_SESSION['member_id']) && isset($_SESSION['isadmin']) ? '' : 'w3-disabled';
$log_btn = isset($_SESSION['member_id']) ? 'Logg ut' : 'Logg inn';
const SYSNAME = 'Management System';
const PAGETITLE = 'Welcome';
const HELPBUTTON = "";
?>

Nav bar

<NAV>
    <div class='w3-bar w3-light-gray w3-margin-bottom' style='height: 39px'>
      <a id='nav-members' href='<?=$HOST?>index.php' class='w3-bar-item w3-button'>Hjem</a>
      <a id='nav-register' href='<?=$HOST?>register.php' class='w3-bar-item w3-button'>Registrering</a>
      <a id='nav-members' href='<?=$HOST?>members.php' class='w3-bar-item w3-button'>Medlemmer</a>
      <a id='nav-marina' href='<?=$HOST?>marina.php' class='w3-bar-item w3-button'>Båtplass</a>
      <a id='nav-invoice'  href='<?=$HOST?>invoice/invoice.php' class='w3-bar-item w3-button'>Faktura</a>
      <a id='nav-login' href='<?=$HOST?>login.php' class='w3-bar-item w3-button w3-right'><?=$log_btn?></a>
    </div>
</NAV>

Here's what I tried to get it to work:
<?=$disabl1?> or <?=$disabl2?>
All this do is too write "w3-disabled" on the navigation button. Will say, I do it the same way as it is done with login.php link in the navbar above.
Another error is that I have administrative rights regardless of whether I am logged in or not. I don't understand what I'm doing wrong or where, and after all the work I had to reconstruct the system, I don't dare touch it too much.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.