Jump to content

Recommended Posts

ok so i am trying to "amp" up this login script that i have:

<?php
// we must never forget to start the session, NEVER!
session_start();

$errorMessage = '';
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
include '../connect/config.php';
include '../connect/useropendb.php';

$userId   = $_POST['txtUserId'];
$password = $_POST['txtPassword'];

// check if the user id and password combination exist in database
$sql = "SELECT user_id 
        FROM users
		WHERE user_id = '$userId' AND user_password = PASSWORD('$password')";

$result = mysql_query($sql) or die('Query failed. ' . mysql_error()); 

if (mysql_num_rows($result) == 1) {
	// the user id and password match, 
	// set the session
	$_SESSION['db_is_logged_in'] = true;

	// after login we move to the main page
	header('Location: index.php');
	exit;
} else {
	$errorMessage = 'Sorry, wrong user id / password';
}

include '../connect/closedb.php';
}
?>

it takes from a a username/password login form and creates the session, but i would like it to pull the user level and save it as a session as well, say user_level = 1, then the session is saved as a poster, user_level = 2, is then a moderator.  Now i tried this:

<?php
// we must never forget to start the session
session_start();

$errorMessage = '';
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
include '../connect/config.php';
include '../connect/useropendb.php';

$userId   = $_POST['txtUserId'];
$password = $_POST['txtPassword'];

// check if the user id and password combination exist in database
$sql = "SELECT user_id, user_level 
        FROM users
		WHERE user_id = '$userId' AND user_password = PASSWORD('$password')";

$result = mysql_query($sql) or die('Query failed. ' . mysql_error()); 

$user_level = $row['user_level'];

if (mysql_num_rows($result) == 1) {
	// the user id and password match, 
	// set the session
	$_SESSION['db_is_logged_in'] = true;
	if ($user_level == "1")
	{
		$_SESSION['priceEditor'] = true;
	}
	elseif ($user_level == "2")
	{ 
		$_SESSION['siteEditor'] = true;
	}
	elseif ($user_level == '3') 
	{
		$_SESSION['moderator'] = true;
	}
	elseif ($user_level == '4')
	{
		$_SESSION['siteAdmin'] = true;
	}
	// after login we move to the main page
	header('Location: index.php');
	exit;
} else {
	$errorMessage = 'Sorry, wrong user id / password';
}

include '../connect/closedb.php';
}
?>

 

to be used with this ssi navigation bar:

<div class="title bg7">
						<h2 class="text1">Editors Navigation</h2>
					</div>
					<div class="content">
                        Editors home<br />
                        	<ul><a href="index.php">index page</a></ul>
                            <?php
						// like i said, we must never forget to start the session
						session_start();

						// does this work like this? can i pull from the session down here?
							if (!isset($_SESSION['priceEditor']) == true)
							echo "Edits<br /><ul><a href=\"items.php\">Edit an Item</a></ul>";
							elseif (!isset($_SESSION['siteEditor']) == true)
							echo "Edits<br />
								<ul><a href=\"items.php\">Edit an Item</a></ul>
								<ul><a href=\"monsters.php\">Edit a Monster</a></ul>
                            		<ul><a href=\"quests.php\">Edit a Quest</a></ul>
                            		<ul><a href=\"npcs.php\">Edit an NPC</a></ul>
                            		<ul><a href=\"maps.php\">Edit a Map</a></ul>
                            		<ul><a href=\"skillguides.php\">Edit a Skill guide</a></ul>
								Additons<br />
                            		<ul><a href=\"additem.php\">Add an Item</a></ul>
                           			<ul><a href=\"addmonster.php\">Add a Monster</a></ul>
                           			<ul><a href=\"addquest.php\">Add a Quest</a></ul>
                            		<ul><a href=\"addnpc.php\">Add a NPC</a></ul>
                            		<ul><a href=\"addmap.php\">Add a Map</a></ul>
                            		<ul><a href=\"addskill.php\">Add a Skill Guide</a></ul>";
							elseif (!isset($_SESSION['siteAdmin']) == true)
							echo "Edits<br />
								<ul><a href=\"items.php\">Edit an Item</a></ul>
								<ul><a href=\"monsters.php\">Edit a Monster</a></ul>
                            		<ul><a href=\"quests.php\">Edit a Quest</a></ul>
                            		<ul><a href=\"npcs.php\">Edit an NPC</a></ul>
                            		<ul><a href=\"maps.php\">Edit a Map</a></ul>
                            		<ul><a href=\"skillguides.php\">Edit a Skill guide</a></ul>
								Additons<br />
                            		<ul><a href=\"additem.php\">Add an Item</a></ul>
                           			<ul><a href=\"addmonster.php\">Add a Monster</a></ul>
                           			<ul><a href=\"addquest.php\">Add a Quest</a></ul>
                            		<ul><a href=\"addnpc.php\">Add a NPC</a></ul>
                            		<ul><a href=\"addmap.php\">Add a Map</a></ul>
                            		<ul><a href=\"addskill.php\">Add a Skill Guide</a></ul><br /> admin area";
							?>
					</div>

 

Now it doesn't work and because i am php retarded i don't know why. 

 

I would LOVE and appreciate all help on this minor issue :D

 

thanks again

`Robo

Link to comment
https://forums.phpfreaks.com/topic/86082-solved-minor-question-could-be-common/
Share on other sites

$sql = "SELECT user_id, user_level 
        FROM users
		WHERE user_id = '$userId' AND user_password = PASSWORD('$password')";

$result = mysql_query($sql) or die('Query failed. ' . mysql_error()); 
$row = mysql_fetch_assoc($result);
        if (mysql_num_rows($result) == 1) {
            $user_level = $row['user_level'];
            //.........rest of script

Since the timelimit for edits expired while i was editing..

 

You weren't pulling rows from the DB, which is where the mysql_fetch_assoc comes in.

 

another note;

 

Store the userlevel in the session and just check against that instead of assigning TRUE to different SESSION vars.

 

The more levels of access you have, the messier that conditional is going to get.

 

if($_SESSION['user_level'] === 4) // User is siteadmin
{
    //...display the page
}
else
{
   //... kick 'em out.
}

 

um yeah, i think its me but it didn't work -.-

 

EDIT:

each of the session checks are on top of the pages to make sure they are logged in.

 

I.e. my index page

 

<?php
// like i said, we must never forget to start the session
session_start();

// is the one accessing this page logged in or not?
if (!isset($_SESSION['db_is_logged_in']) || $_SESSION['db_is_logged_in'] !== true) {
// not logged in, move to login page
header('Location: login.php');
exit;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>RS-Serenity's Editors corner</title>
<meta name="keywords" content="" />
<meta name="description" content="" />
<link href="../default.css" rel="stylesheet" type="text/css" />
<style type="text/css">
<!--
@import url("../layout.css");
-->
</style>
</head>
<body>
<div id="wrapper" class="bg1">
<div id="header">
	<div id="logo">

	</div>
	<div id="search" class="bg2">
		<!--<form id="form1" name="form1" method="get" action="">
			<input id="inputtext1" type="text" name="textfield" class="input1" />
			<input id="inputsubmit1" type="submit" name="Submit" value="Submit" class="submit1" />
		</form>-->
	</div>
</div>
<!-- end #header -->
	<?php include("../includes/navtop.php"); ?>
<!-- end #menu -->
<div id="page" class="bg4">
	<div class="bg5">
		<div class="bg6" style="padding: 0px 0px 50px 0px;">
			<div id="rightbar">
                	<?php include("../includes/datetime.php");?>
				<?php include("../includes/login.php");?>
				<?php include("../includes/articles.php");?>
				<?php include("../includes/additions.php"); ?>

			</div>
			<!-- end #rightbar -->
			<div id="content">
				<div id="box1">
					<div class="title bg8">
						<h2 class="text1">Login Notes!</h2>
					</div>
                        <div class="content">
                        New addition to items DB, "staff Notes" staff notes need to be in this format: Jan 01, 2007 - added item - Robotman321 the format is the first 3 letters of the month, two (2) digits for the date and the year in 4 digits.  This will be used to validate if you had done the item on the boards.<br /> Note 2. keywords need to be implimented, just take the name and add it to the keywords, do it short hand, use your best judgement when adding these. <br /> ~Brad
                        <p></p>
                        Forget that, the Items DB is fully functional, tell me on the forums how you want the items to be displayed!  Please go through the items and make sure the proper extentions are on it, i will be checking the DB and making images to go through.  12 items down 3,000 to go lol, let the fun begin <br /> ~Brad
                        <p></p>
                        Ok Additem is online! maker sure the proper extention is in there, i.e. gp, Mil, or k for prices, PLEASSSEEE do that<br /> ~Brad
                        <p></p>
					None of the actual Queries are working, you got this far, good job but i am still creating the base layout -.- <br />~Brad</div>
			  </div>
			</div>
			<!-- end #content -->
			<div id="leftbar">
				<div id="box6">
					<?php include("editorsnavigation.php"); ?>
                    </div>
                   <center><a href="logout.php"><h1>Logout</h1></a></center>
			</div>
			<!-- end #leftbar -->
			<div style="clear: both;"> </div>
		</div>
	</div>
</div>
</div>
<!-- end #wrapper -->
<?php include("includes/footer.php"); ?>
</body>
</html>

 

i still don't understand =/

yeha because i can login and it will let me stay logged in =/ otherwise it would take me back to the login page as each one contains the:

<?php
// like i said, we must never forget to start the session
session_start();

// is the one accessing this page logged in or not?
if (!isset($_SESSION['db_is_logged_in']) || $_SESSION['db_is_logged_in'] !== true) {
// not logged in, move to login page
header('Location: login.php');
exit;
}
?>

its above any html code :?

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.