Jump to content

Recommended Posts

hi folks, been browsing the brilliant site trying to find some help, but thought id take the plunge and post some more code which is probably pretty common and boring for you people! I know theres many ways to achieve what i'm trying to do and many are explained just a few topics down but looks like im trying to do things a bit differently...

 

i want a user to log in and be displayed a page based on his/her level of authentication (admin or mod), currently the script displays the string  "display admin stuff here" on successful log in, regardless of being a admin or mod, my DB consists of user, password and authentication.  Im new to php and only other coding experience is in java, so any help would be appreciated !

 

<?php

session_start();

require("config.php");

$db = mysql_connect($dbhost, $dbuser, $dbpassword);
mysql_select_db($dbdatabase, $db);
// have to make connection here becuase header not called yet

if($_POST['submit']) {
$sql = "SELECT * FROM logins WHERE username = '" . $_POST['username'] . "' AND password = '" . $_POST['password'] . "';";

$result = mysql_query($sql);
$numrows = mysql_num_rows($result);
$authorisation = $row['auth'];

if($numrows == 1){
//if(($numrows == 1) && ($authorisation == "admin")) {  <-- this is what i was trying to do ?! (would have similar string comparrison for "mod"

	$row = mysql_fetch_assoc($result);
	session_register("USERNAME");
	session_register("USERID");

	$_SESSION['USERNAME'] = $row['username'];
	$_SESSION['USERID'] = $row['id'];

	require ("header2.php");

	echo "display the admin stuff here";
	//echo $authorisation;
	//echo $row['auth'];
	//header("Location: " . $config_basedir . "/admin.php");
	//successful login points admin/mod to admin or mod pag

}
else {
	header("Location: " . $config_basedir . "/login.php?error=1");
}
}

else {

require("header2.php");

if($_GET['error']) {
	echo "Incorrect login, please try again!";
}

?>

<form action="<?php echo $SCRIPT_NAME ?>" method="post">

<table>
<tr>
<td>Username</td>
<td><input type="text" name="username"></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="password"></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="submit" value="Login!"></td>
</tr>
</table>
</form>

<?php
}
require("footer2.php");
?>

 

so basically if the query is successful ( user and pass match up in DB) numrows will be == 1, and secretive log in stuff can be displayed ! but  i want to extend this further and add another check to see if they are an admin(display admin stuff) or mod(display mod stuff!)

 

hop that was all clear  ::)

Link to comment
https://forums.phpfreaks.com/topic/84314-solved-yet-another-log-in-problem/
Share on other sites

Yes, you need to be able to determine somewhere in the database if they are an admin or not.  Then use a switch statement like this...

 

<?php

switch ($row['user_type']) {

case "admin":

    echo "show all admin stuff here";

    break;

case "regular":

    echo "you are a regular user";

    break;

case "other":

    echo "you are one of the other types of users";

    break;

}

?>

 

That statement would work assuming you had a variable in your database called ['user_type'].  You need to set up some form of variable in your database and then move from there.

Move this down

 

$authorisation = $row['auth'];

 

To where you do your sessions.

 

You just have to re-arrange your logic.

 

User Logins

Check if Username/PW matches

If yes, pull their info from DB

Act on their info

hey revraz, thanks for helping! cheers for fixing $authorisation = $row['auth']; being where the sessions set up, i got it working so it would display whether the user was an admin or mod once they had logged in but that was coming straight from the DB so at least i know have the logged in user and the variable $authorisation is working so i can do a string comparison, but im still not quite all there ... do u know what im doing wrong here ?

 

if($numrows == 1){

	$row = mysql_fetch_assoc($result);
	session_register("USERNAME");
	session_register("USERID");

	$_SESSION['USERNAME'] = $row['username'];
	$_SESSION['USERID'] = $row['id'];

	$authorisation = $row['auth'];

		elseif($authorisation == "admin") {
		echo "admin page";
		}

		elseif($authorisation == "mod") {
		echo "mod page";
		}

}
else {
	header("Location: " . $config_basedir . "/login.php?error=1");
}
}

Change

elseif($authorisation == "admin") {
echo "admin page";
}

elseif($authorisation == "mod") {
echo "mod page";
}

 

to

 



if($authorisation == "admin") {
echo "admin page";
}

elseif($authorisation == "mod") {
echo "mod page";
}


 

We're removing the first elseif to just if since there is no if statement before it.

I use a column in my table called user level, 0 = member, 1 = admin, 2 = mod.

 

you could use an if($row['user_level'] == 1){ //admin stuff }

 

or cases work too. Just whatever is easier for you.

 

My standard user registration sets everyone to user_level 0 by default, and then I can open my user management and make changes from there.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.