robotman321 Posted January 15, 2008 Share Posted January 15, 2008 ok so i am trying to "amp" up this login script that i have: <?php // we must never forget to start the session, NEVER! session_start(); $errorMessage = ''; if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) { include '../connect/config.php'; include '../connect/useropendb.php'; $userId = $_POST['txtUserId']; $password = $_POST['txtPassword']; // check if the user id and password combination exist in database $sql = "SELECT user_id FROM users WHERE user_id = '$userId' AND user_password = PASSWORD('$password')"; $result = mysql_query($sql) or die('Query failed. ' . mysql_error()); if (mysql_num_rows($result) == 1) { // the user id and password match, // set the session $_SESSION['db_is_logged_in'] = true; // after login we move to the main page header('Location: index.php'); exit; } else { $errorMessage = 'Sorry, wrong user id / password'; } include '../connect/closedb.php'; } ?> it takes from a a username/password login form and creates the session, but i would like it to pull the user level and save it as a session as well, say user_level = 1, then the session is saved as a poster, user_level = 2, is then a moderator. Now i tried this: <?php // we must never forget to start the session session_start(); $errorMessage = ''; if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) { include '../connect/config.php'; include '../connect/useropendb.php'; $userId = $_POST['txtUserId']; $password = $_POST['txtPassword']; // check if the user id and password combination exist in database $sql = "SELECT user_id, user_level FROM users WHERE user_id = '$userId' AND user_password = PASSWORD('$password')"; $result = mysql_query($sql) or die('Query failed. ' . mysql_error()); $user_level = $row['user_level']; if (mysql_num_rows($result) == 1) { // the user id and password match, // set the session $_SESSION['db_is_logged_in'] = true; if ($user_level == "1") { $_SESSION['priceEditor'] = true; } elseif ($user_level == "2") { $_SESSION['siteEditor'] = true; } elseif ($user_level == '3') { $_SESSION['moderator'] = true; } elseif ($user_level == '4') { $_SESSION['siteAdmin'] = true; } // after login we move to the main page header('Location: index.php'); exit; } else { $errorMessage = 'Sorry, wrong user id / password'; } include '../connect/closedb.php'; } ?> to be used with this ssi navigation bar: <div class="title bg7"> <h2 class="text1">Editors Navigation</h2> </div> <div class="content"> Editors home<br /> <ul><a href="index.php">index page</a></ul> <?php // like i said, we must never forget to start the session session_start(); // does this work like this? can i pull from the session down here? if (!isset($_SESSION['priceEditor']) == true) echo "Edits<br /><ul><a href=\"items.php\">Edit an Item</a></ul>"; elseif (!isset($_SESSION['siteEditor']) == true) echo "Edits<br /> <ul><a href=\"items.php\">Edit an Item</a></ul> <ul><a href=\"monsters.php\">Edit a Monster</a></ul> <ul><a href=\"quests.php\">Edit a Quest</a></ul> <ul><a href=\"npcs.php\">Edit an NPC</a></ul> <ul><a href=\"maps.php\">Edit a Map</a></ul> <ul><a href=\"skillguides.php\">Edit a Skill guide</a></ul> Additons<br /> <ul><a href=\"additem.php\">Add an Item</a></ul> <ul><a href=\"addmonster.php\">Add a Monster</a></ul> <ul><a href=\"addquest.php\">Add a Quest</a></ul> <ul><a href=\"addnpc.php\">Add a NPC</a></ul> <ul><a href=\"addmap.php\">Add a Map</a></ul> <ul><a href=\"addskill.php\">Add a Skill Guide</a></ul>"; elseif (!isset($_SESSION['siteAdmin']) == true) echo "Edits<br /> <ul><a href=\"items.php\">Edit an Item</a></ul> <ul><a href=\"monsters.php\">Edit a Monster</a></ul> <ul><a href=\"quests.php\">Edit a Quest</a></ul> <ul><a href=\"npcs.php\">Edit an NPC</a></ul> <ul><a href=\"maps.php\">Edit a Map</a></ul> <ul><a href=\"skillguides.php\">Edit a Skill guide</a></ul> Additons<br /> <ul><a href=\"additem.php\">Add an Item</a></ul> <ul><a href=\"addmonster.php\">Add a Monster</a></ul> <ul><a href=\"addquest.php\">Add a Quest</a></ul> <ul><a href=\"addnpc.php\">Add a NPC</a></ul> <ul><a href=\"addmap.php\">Add a Map</a></ul> <ul><a href=\"addskill.php\">Add a Skill Guide</a></ul><br /> admin area"; ?> </div> Now it doesn't work and because i am php retarded i don't know why. I would LOVE and appreciate all help on this minor issue thanks again `Robo Quote Link to comment https://forums.phpfreaks.com/topic/86082-solved-minor-question-could-be-common/ Share on other sites More sharing options...
awpti Posted January 15, 2008 Share Posted January 15, 2008 $sql = "SELECT user_id, user_level FROM users WHERE user_id = '$userId' AND user_password = PASSWORD('$password')"; $result = mysql_query($sql) or die('Query failed. ' . mysql_error()); $row = mysql_fetch_assoc($result); if (mysql_num_rows($result) == 1) { $user_level = $row['user_level']; //.........rest of script Quote Link to comment https://forums.phpfreaks.com/topic/86082-solved-minor-question-could-be-common/#findComment-439556 Share on other sites More sharing options...
awpti Posted January 15, 2008 Share Posted January 15, 2008 Since the timelimit for edits expired while i was editing.. You weren't pulling rows from the DB, which is where the mysql_fetch_assoc comes in. another note; Store the userlevel in the session and just check against that instead of assigning TRUE to different SESSION vars. The more levels of access you have, the messier that conditional is going to get. if($_SESSION['user_level'] === 4) // User is siteadmin { //...display the page } else { //... kick 'em out. } Quote Link to comment https://forums.phpfreaks.com/topic/86082-solved-minor-question-could-be-common/#findComment-439557 Share on other sites More sharing options...
robotman321 Posted January 15, 2008 Author Share Posted January 15, 2008 um yeah, i think its me but it didn't work -.- EDIT: each of the session checks are on top of the pages to make sure they are logged in. I.e. my index page <?php // like i said, we must never forget to start the session session_start(); // is the one accessing this page logged in or not? if (!isset($_SESSION['db_is_logged_in']) || $_SESSION['db_is_logged_in'] !== true) { // not logged in, move to login page header('Location: login.php'); exit; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <title>RS-Serenity's Editors corner</title> <meta name="keywords" content="" /> <meta name="description" content="" /> <link href="../default.css" rel="stylesheet" type="text/css" /> <style type="text/css"> <!-- @import url("../layout.css"); --> </style> </head> <body> <div id="wrapper" class="bg1"> <div id="header"> <div id="logo"> </div> <div id="search" class="bg2"> <!--<form id="form1" name="form1" method="get" action=""> <input id="inputtext1" type="text" name="textfield" class="input1" /> <input id="inputsubmit1" type="submit" name="Submit" value="Submit" class="submit1" /> </form>--> </div> </div> <!-- end #header --> <?php include("../includes/navtop.php"); ?> <!-- end #menu --> <div id="page" class="bg4"> <div class="bg5"> <div class="bg6" style="padding: 0px 0px 50px 0px;"> <div id="rightbar"> <?php include("../includes/datetime.php");?> <?php include("../includes/login.php");?> <?php include("../includes/articles.php");?> <?php include("../includes/additions.php"); ?> </div> <!-- end #rightbar --> <div id="content"> <div id="box1"> <div class="title bg8"> <h2 class="text1">Login Notes!</h2> </div> <div class="content"> New addition to items DB, "staff Notes" staff notes need to be in this format: Jan 01, 2007 - added item - Robotman321 the format is the first 3 letters of the month, two (2) digits for the date and the year in 4 digits. This will be used to validate if you had done the item on the boards.<br /> Note 2. keywords need to be implimented, just take the name and add it to the keywords, do it short hand, use your best judgement when adding these. <br /> ~Brad <p></p> Forget that, the Items DB is fully functional, tell me on the forums how you want the items to be displayed! Please go through the items and make sure the proper extentions are on it, i will be checking the DB and making images to go through. 12 items down 3,000 to go lol, let the fun begin <br /> ~Brad <p></p> Ok Additem is online! maker sure the proper extention is in there, i.e. gp, Mil, or k for prices, PLEASSSEEE do that<br /> ~Brad <p></p> None of the actual Queries are working, you got this far, good job but i am still creating the base layout -.- <br />~Brad</div> </div> </div> <!-- end #content --> <div id="leftbar"> <div id="box6"> <?php include("editorsnavigation.php"); ?> </div> <center><a href="logout.php"><h1>Logout</h1></a></center> </div> <!-- end #leftbar --> <div style="clear: both;"> </div> </div> </div> </div> </div> <!-- end #wrapper --> <?php include("includes/footer.php"); ?> </body> </html> i still don't understand =/ Quote Link to comment https://forums.phpfreaks.com/topic/86082-solved-minor-question-could-be-common/#findComment-439589 Share on other sites More sharing options...
awpti Posted January 15, 2008 Share Posted January 15, 2008 Is if (mysql_num_rows($result) == 1) { actually evaluating as expected? Quote Link to comment https://forums.phpfreaks.com/topic/86082-solved-minor-question-could-be-common/#findComment-439598 Share on other sites More sharing options...
robotman321 Posted January 15, 2008 Author Share Posted January 15, 2008 yeha because i can login and it will let me stay logged in =/ otherwise it would take me back to the login page as each one contains the: <?php // like i said, we must never forget to start the session session_start(); // is the one accessing this page logged in or not? if (!isset($_SESSION['db_is_logged_in']) || $_SESSION['db_is_logged_in'] !== true) { // not logged in, move to login page header('Location: login.php'); exit; } ?> its above any html code :? Quote Link to comment https://forums.phpfreaks.com/topic/86082-solved-minor-question-could-be-common/#findComment-439604 Share on other sites More sharing options...
robotman321 Posted January 15, 2008 Author Share Posted January 15, 2008 I GOT IT!!!! omg my fiddling got it xD, thanks for the help, it didnt work at first but after a while of looking at it i got it! Quote Link to comment https://forums.phpfreaks.com/topic/86082-solved-minor-question-could-be-common/#findComment-439628 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.