[SOLVED] yet another log-in problem!

[j33baS]

hi folks, been browsing the brilliant site trying to find some help, but thought id take the plunge and post some more code which is probably pretty common and boring for you people! I know theres many ways to achieve what i'm trying to do and many are explained just a few topics down but looks like im trying to do things a bit differently...

 

i want a user to log in and be displayed a page based on his/her level of authentication (admin or mod), currently the script displays the string  "display admin stuff here" on successful log in, regardless of being a admin or mod, my DB consists of user, password and authentication.  Im new to php and only other coding experience is in java, so any help would be appreciated !

 

<?php

session_start();

require("config.php");

$db = mysql_connect($dbhost, $dbuser, $dbpassword);
mysql_select_db($dbdatabase, $db);
// have to make connection here becuase header not called yet

if($_POST['submit']) {
$sql = "SELECT * FROM logins WHERE username = '" . $_POST['username'] . "' AND password = '" . $_POST['password'] . "';";

$result = mysql_query($sql);
$numrows = mysql_num_rows($result);
$authorisation = $row['auth'];

if($numrows == 1){
//if(($numrows == 1) && ($authorisation == "admin")) {  <-- this is what i was trying to do ?! (would have similar string comparrison for "mod"

	$row = mysql_fetch_assoc($result);
	session_register("USERNAME");
	session_register("USERID");

	$_SESSION['USERNAME'] = $row['username'];
	$_SESSION['USERID'] = $row['id'];

	require ("header2.php");

	echo "display the admin stuff here";
	//echo $authorisation;
	//echo $row['auth'];
	//header("Location: " . $config_basedir . "/admin.php");
	//successful login points admin/mod to admin or mod pag

}
else {
	header("Location: " . $config_basedir . "/login.php?error=1");
}
}

else {

require("header2.php");

if($_GET['error']) {
	echo "Incorrect login, please try again!";
}

?>

<form action="<?php echo $SCRIPT_NAME ?>" method="post">

<table>
<tr>
<td>Username</td>
<td><input type="text" name="username"></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="password"></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="submit" value="Login!"></td>
</tr>
</table>
</form>

<?php
}
require("footer2.php");
?>

 

so basically if the query is successful ( user and pass match up in DB) numrows will be == 1, and secretive log in stuff can be displayed ! but  i want to extend this further and add another check to see if they are an admin(display admin stuff) or mod(display mod stuff!)

 

hop that was all clear 

[revraz]

Remove these two lines

 

session_register("USERNAME");

session_register("USERID");

 

What determines if they are a Admin or a User?

 

[cunoodle2]

Yes, you need to be able to determine somewhere in the database if they are an admin or not.  Then use a switch statement like this...

 

<?php

switch ($row['user_type']) {

case "admin":

    echo "show all admin stuff here";

    break;

case "regular":

    echo "you are a regular user";

    break;

case "other":

    echo "you are one of the other types of users";

    break;

}

?>

 

That statement would work assuming you had a variable in your database called ['user_type'].  You need to set up some form of variable in your database and then move from there.

[adam291086]

edit...  cunoodle2 beat me to it

 

[j33baS]

yea sorry the variable in the database is "authorisation" ie.

 

if

 

$authorisation == "admin" {

echo "admin page"

}

 

else if

 

$authorisation == "mod" {

echo "mod page"

}

[revraz]

That logic should work fine.

[j33baS]

yea but I cant do it just like that because your waiting for this first

if($numrows == 1){

and i tried just nesting the mod/admin if and else if after  but it wouldnt work

[revraz]

Move this down

 

$authorisation = $row['auth'];

 

To where you do your sessions.

 

You just have to re-arrange your logic.

 

User Logins

Check if Username/PW matches

If yes, pull their info from DB

Act on their info

[j33baS]

hey revraz, thanks for helping! cheers for fixing $authorisation = $row['auth']; being where the sessions set up, i got it working so it would display whether the user was an admin or mod once they had logged in but that was coming straight from the DB so at least i know have the logged in user and the variable $authorisation is working so i can do a string comparison, but im still not quite all there ... do u know what im doing wrong here ?

 

if($numrows == 1){

	$row = mysql_fetch_assoc($result);
	session_register("USERNAME");
	session_register("USERID");

	$_SESSION['USERNAME'] = $row['username'];
	$_SESSION['USERID'] = $row['id'];

	$authorisation = $row['auth'];

		elseif($authorisation == "admin") {
		echo "admin page";
		}

		elseif($authorisation == "mod") {
		echo "mod page";
		}

}
else {
	header("Location: " . $config_basedir . "/login.php?error=1");
}
}

[revraz]

Change

elseif($authorisation == "admin") {
echo "admin page";
}

elseif($authorisation == "mod") {
echo "mod page";
}

 

to

 

if($authorisation == "admin") {
echo "admin page";
}

elseif($authorisation == "mod") {
echo "mod page";
}

 

We're removing the first elseif to just if since there is no if statement before it.

[j33baS]

awesome! cheers dude, i could give you some serious cyber loving right now thats been bugging me for ages.  Undoubtedly if im having any more problems im coming here first... and probably PM'ing u

 

thanks again, u made my night !

[revraz]

Cheers

[drummer101]

I use a column in my table called user level, 0 = member, 1 = admin, 2 = mod.

 

you could use an if($row['user_level'] == 1){ //admin stuff }

 

or cases work too. Just whatever is easier for you.

 

My standard user registration sets everyone to user_level 0 by default, and then I can open my user management and make changes from there.