J@mes Posted December 29, 2007 Share Posted December 29, 2007 Hello everyone sorry before hand if this because a long post but i really do need so help as i have only been working with PHP for a few weeks now. my university project this year is to create a forum and include all features such as a moderator , being able to post, view and delete topics. so here is my problem so far i have created a logging script which works fine as i have been following a tutorial on how to get this working what i'm trying to do is get the usersid and send it to the next page (login_success.php) to tell if this user is a moderator. checklogin.php:- <<?php ini_set( 'display_errors', '1' ); error_reporting( E_ALL | E_STRICT ); ob_start(); $host="localhost"; // Host name $username="root"; // Mysql username $password=""; // Mysql password $db_name="test"; // Database name $tbl_name="members"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // Define $myusername and $mypassword $myusername=mysql_escape_string($_POST['myusername']); //edited 12/27/07 $mypassword=mysql_escape_string($_POST['mypassword']); $sql="SELECT * FROM $tbl_name WHERE username = '$myusername' and password = '$mypassword'"; $result=mysql_query($sql); $id_result ="SELECT id FROM $tbl_name WHERE username = '$myusername'and password = '$mypassword'"; $id=mysql_query($id_result); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1) { session_register("myusername"); session_register("mypassword"); header("location:login_success.php?id=$id"); } else { echo "Wrong Username or Password"; } ob_end_flush(); ?> login_success.php <? session_start(); if(!session_is_registered(myusername)) { header("location:main_login.php"); } ?> <html> <body> </body> </html> <? echo "you are logged in as: ",$_SESSION[myusername]; $id = intval( $_GET['id'] ); echo $id; //echo for testing ?> Thanks James [attachment deleted by admin] Quote Link to comment Share on other sites More sharing options...
revraz Posted December 29, 2007 Share Posted December 29, 2007 I hope they are teaching you to code with Register Globals Off. The User ID shouldn't tell the script if they are a Moderator, there should be some sort of access level in the user table instead. Also, no need to do two sql queries when your first query gets the ID as well, since you are doing a SELECT *. Make sure you put session_start(); at the top of your login_success.php page, and use $_SESSION['myusername'] = $myusername; $_SESSION['mypassword'] = $mypassword; instead of session_register("myusername"); session_register("mypassword"); Not really sure why you need the PW in a session though. You should add one more session from the user table for their access level, and then you can check that on each page or action that requires a certain access. Quote Link to comment Share on other sites More sharing options...
J@mes Posted December 29, 2007 Author Share Posted December 29, 2007 Thank you for the fast reply "The User ID shouldn't tell the script if they are a Moderator, there should be some sort of access level in the user table instead". how to i go about doing this? sorry to ask so much but i'm on a major learning curve i have changed my code to what you recommended Thanks James Quote Link to comment Share on other sites More sharing options...
revraz Posted December 29, 2007 Share Posted December 29, 2007 Add some sort of access level field in your database, then when you do your query just read that variable. You can set it up anyway you like, using numbers or names, it's all up to you. Quote Link to comment Share on other sites More sharing options...
J@mes Posted December 29, 2007 Author Share Posted December 29, 2007 ok so add another field into my php myadmin database? how do i know if it is a access level field? Quote Link to comment Share on other sites More sharing options...
revraz Posted December 29, 2007 Share Posted December 29, 2007 You determine that. You need to design the field and decide if you want to use a VARCHAR or INT (alpha or numbers). Quote Link to comment Share on other sites More sharing options...
J@mes Posted December 29, 2007 Author Share Posted December 29, 2007 ok i think i understand i will create another field, which mysql command will allow me to the that value as i have learned that mysql_query() only returns true or false if the statment where executed rather then the data. Thanks for your time James Quote Link to comment Share on other sites More sharing options...
revraz Posted December 29, 2007 Share Posted December 29, 2007 You are already getting all the info here $sql="SELECT * FROM $tbl_name WHERE username = '$myusername' and password = '$mypassword'"; You'll want to do a mysql_fetch command on this and turn the resource into either an array or object. Quote Link to comment Share on other sites More sharing options...
J@mes Posted December 29, 2007 Author Share Posted December 29, 2007 as in something like this: $sql="SELECT * FROM $tbl_name WHERE username = '$myusername' and password = '$mypassword'"; $result=mysql_query($sql); $result = mysql_fetch_array($result) Quote Link to comment Share on other sites More sharing options...
redarrow Posted December 29, 2007 Share Posted December 29, 2007 database structure like his: users ----- users_id users_name users_password users_ip users_date_added users_email_activation users_member_type Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.