[SOLVED] PHP Login

[Calgaryalberta]

I have a PHP Validation script that I did not make unfortunately, my programmer is not around anymore and Im trying to edit the script here, my php knowledge isn't huge...My question right now is I want my script to automatically assign the number 1, after the user clicks the activation link they receive in the email we send them.

 

So in PHPMyAdmin in my table  in the database I added a row called 'accesslevel'

 

now the reason I added that row is because the table that takes this information from the users is going to be used to retrieve the username/password when user's login, once a user trys to login, the script will check the user's user name then the user's password, then which access level they are allowed acccess too, if it's just level 1, then its the members area, level 2 is the admin area, and so on. So Im looking for help on what excatly I can add to the script below to automatically get the script to assign the number 1 in the access level row.  - Thanks

 

This is the handle page, that  handles the information from the join form and sends the email and displays the activation link.

 

<?php

if( isset($_POST['submit']) ) {
$error = array();
$first = mysql_real_escape_string(trim($_POST['first']));
$last = mysql_real_escape_string(trim($_POST['last']));
$email1 = trim($_POST['email']);
$email2 = trim($_POST['emailconfirm']);
$pass1 = trim($_POST['password']);
$pass2 = trim($_POST['passwordconfirm']);
$vatsimid = trim($_POST['vatsimid']);
$country = mysql_real_escape_string(trim($_POST['country']));
$region = mysql_real_escape_string(trim($_POST['region0']));

if( empty($first) ) 
	$error[] = "Need a first name";

if( empty($last) )
	$error[] = "Need a last name";

if( $email1 != $email2 ) 
	$error[] = "Emails do not match";

if( !preg_match('/^[a-zA-Z0-9_\.\-]+@[a-zA-Z0-9\-]+\.[a-zA-Z0-9\-\.]+$/', $email1) )
	$error[] = "Invalid Email";

if( empty($pass1) ) 
	$error[] = "Need a password";

if( $pass1 != $pass2 ) 
	$error[] = "Passwords do not match";

if( !preg_match('/^[\d]{6}$/', $vatsimid) ) 
	$error[] = "Invalid VATSIM ID";

if( $country == "Select a country from list..." )
	$error[] = "Please select a country";

if( $region == "Select a region..." )
	$error[] = "Please select a region";

if( count($error) == 0 ) {
	$res = mysql_query("SELECT 1 FROM users WHERE email='".mysql_real_escape_string($email1)."'");
	print mysql_error();
	if( $res ) {
		if( mysql_num_rows($res) == 0 ) {
			$key = generateKey();
			$res = @mysql_query("INSERT INTO users (`email`, `pass`, `key`, `country`, `region`, `vatsimid`, `first`, `last`) ".
								"VALUES ('".mysql_real_escape_string($email1)."', '".mysql_real_escape_string($pass1)."', '".mysql_real_escape_string($key)."', ".
								"'$country', '$region', '$vatsimid', '$first', '$last')");

			if( $res ) {
				$uid = mysql_insert_id();
				mail($email, "Account Activation",
					"Thank you for registering with us.\n\n".
					"After you activate your account, you can login in with the following...\n".
					"    Pilot Id: $uid\n".
					"    Password: $pass1\n".
					"To activate your account please visit the following URL...\n".
					"    http://www.mydomain.net/join/activate.php?uid=$uid&key=".urlencode($key)." \n\n",
					"From: postmaster@mydomain.net\r\n".
					"Reply-To: postmaster@mydomain.net\r\n".
					"X-Mailer: PHP/".phpversion());
				print "Thank you for registering! Please check your email for activation instructions.";
			} else {
				print mysql_error();
			}
		} else {
			print "There is a user already registered with that email.";
		}
	} else {
		print mysql_error();
	}
} else {
	foreach($error as $err)
		print "<b>$err</b><br />";
}
} else {
?>

 

Or is there another file somewhere that Im missing that I need to post instead of this? - thanks

[marcus]

assign the number 1 to what

[Calgaryalberta]

assign the number 1 in the accesslevel under that user and all  users who join the site

so when they login and the php script checks their username/password and accesslevel 

and by seeing they're only allowed access to level 1 which is the members area, the login script forwards them to the members area page

if they have level 2 access and try to login, the login script forwards them to the administrators area

if they have level 3 access and try and login, the login script forwards them to the managers area

 

[nethnet]

You'll need to do this in activate.php.  When the activation script is run, have it update the database with this:

 

$id = $_REQUEST['uid'];
mysql_query("UPDATE users SET accesslevel = 1 WHERE id = $id");

 

You'll have to change "id" to whatever you call the user id in your database.

[Calgaryalberta]

Ok, let me try it here, I have the file open Ill try it right now

[marcus]

on login

 

<?php

// supposing their info is correct
$sql = "SELECT accesslevel FROM `users` WHERE `username`='".mysql_real_escape_string($_POST['username'])."'";
$res = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_assoc($res);

switch($row['accesslevel']){
case 1:
	header("Location: /members/index.php");
break;

case 2:
	header("Location: /admin/index.php");
break;

case 3:
	header("Location: /manager/index.php");
break;

default:
	header("Location: /members/index.php");
}

?>

 

and your query for registration/confirmation w/e

 

<?php

$reg_sql = "INSERT INTO `users` (`all`,`other`,`values`,`here`,`accesslevel`)
		VALUES('".$all."','".$other."','".$values."','".$here."','1')";
$reg_res = mysql_query($reg_sql) or die(mysql_error());

// or for confirmation

$con_sql = "UPDATE `users` SET `accesslevel`='1' WHERE `username`='".$user."'";
$con_res = mysql_query($con_sql) or die(mysql_error());

?>

[Calgaryalberta]

Ok, I haven't got to the login yet, but I made a note of your script, Ill use it when I get to the login. So the script did look like this

 

<?php
/**
** Register script
**/


include "config.php";

$db = @mysql_connect($db_host, $db_user, $db_pass);

if( !$db )
die(mysql_error());

$link = mysql_select_db($db_name, $db);

if( !$link ) 
die(mysql_error());

$uid = (int)$_GET['uid'];
$key = mysql_real_escape_string($_GET['key']);
//print "SELECT 1 FROM users WHERE uid = '$uid' AND `key` = '$key'";
$res = @mysql_query("SELECT 1 FROM users WHERE uid = '$uid' AND `key` = '$key'");

if( !$res ) 
die(mysql_error());
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office"><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>Untitled 5</title>

<style type="text/css">
h2 {font:1.48em verdana;color:#0084C9;margin:0px 0px 12px 0px;padding:0;}
.bluetop {border-top:2px solid #0084C9;padding:9px 0px 0px 0px;}
.box9 {padding:8px 17px 18px 17px;border-top:2px solid #0084C9;border-bottom:1px solid #0084C9;background:#efefea;}
.small {font-size:.925em;font-family:verdana;}
input {color:#666;}

.formwidth {width: 300px;}

select {color:#666;}

.button {background-color: #339E35; border:0; padding:2px; margin:10px 0 0; font-weight:700; color:#fff; font-size:.8em; font-family: "Tahoma", "Lucida Grande" , san-serif;}
.style9 {
font-size: large;
font-family: "Times New Roman", Times, serif;
}
.style10 {
font-size: small;
font-family: "Times New Roman", Times, serif;
}
.style11 {
font-size: small;
font-family: Verdana;
}
</style></head><body>

<table style="margin-left: 18px;" border="0" width="690">
<!--WIDTH="590"--><!--  remove add icons  TR>
<TD align="right"><A href="javascript:GotoAd();"><IMG name="Rotate" src="ENA.gif" width="325" height="52" border="0" align="right" ></a></TD></TR --><!--<TR><TD align="center"><A Href="http://interbiz.cai.com/Education/default.asp" class="minilinks">   <U>interBiz Courses</U></A></TD></TR>-->
<tbody><tr>
	<td align="left">
	<h2>Join</h2>

<table style="margin-left: 18px;" border="0" width="690">
<tbody><tr>
	<td>
	<div class="bluetop">
		</div>
	</td>
</tr>
</tbody></table>
	</td>
</tr>
</tbody></table>
<?php
if( mysql_num_rows($res) == 1 ) {
print "Account activated!\n";
@mysql_query("UPDATE users SET activated=1 WHERE uid = '$uid'");
} else {
print "Account not found";
}
?>
</body></html>

 

And you're recommending it looks like this:

 

 

 

<?php
/**
** Register script
**/

include "config.php";

$db = @mysql_connect($db_host, $db_user, $db_pass);

if( !$db )
die(mysql_error());

$link = mysql_select_db($db_name, $db);

if( !$link ) 
die(mysql_error());

$uid = (int)$_GET['uid'];
$key = mysql_real_escape_string($_GET['key']);
//print "SELECT 1 FROM users WHERE uid = '$uid' AND `key` = '$key'";
$res = @mysql_query("SELECT 1 FROM users WHERE uid = '$uid' AND `key` = '$key'");

if( !$res ) 
die(mysql_error());
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office"><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>Untitled 5</title>

<style type="text/css">
h2 {font:1.48em verdana;color:#0084C9;margin:0px 0px 12px 0px;padding:0;}
.bluetop {border-top:2px solid #0084C9;padding:9px 0px 0px 0px;}
.box9 {padding:8px 17px 18px 17px;border-top:2px solid #0084C9;border-bottom:1px solid #0084C9;background:#efefea;}
.small {font-size:.925em;font-family:verdana;}
input {color:#666;}

.formwidth {width: 300px;}

select {color:#666;}

.button {background-color: #339E35; border:0; padding:2px; margin:10px 0 0; font-weight:700; color:#fff; font-size:.8em; font-family: "Tahoma", "Lucida Grande" , san-serif;}
.style9 {
font-size: large;
font-family: "Times New Roman", Times, serif;
}
.style10 {
font-size: small;
font-family: "Times New Roman", Times, serif;
}
.style11 {
font-size: small;
font-family: Verdana;
}
</style></head><body>

<table style="margin-left: 18px;" border="0" width="690">
<!--WIDTH="590"--><!--  remove add icons  TR>
<TD align="right"><A href="javascript:GotoAd();"><IMG name="Rotate" src="ENA.gif" width="325" height="52" border="0" align="right" ></a></TD></TR --><!--<TR><TD align="center"><A Href="http://interbiz.cai.com/Education/default.asp" class="minilinks">   <U>interBiz Courses</U></A></TD></TR>-->
<tbody><tr>
	<td align="left">
	<h2>Join</h2>

<table style="margin-left: 18px;" border="0" width="690">
<tbody><tr>
	<td>
	<div class="bluetop">
		</div>
	</td>
</tr>
</tbody></table>
	</td>
</tr>
</tbody></table>
<?php
$id = $_REQUEST['uid'];
mysql_query("UPDATE users SET accesslevel = 1 WHERE id = $id");

if( mysql_num_rows($res) == 1 ) {
print "Account activated!\n";
@mysql_query("UPDATE users SET activated=1 WHERE uid = '$uid'");
} else {
print "Account not found";
}
?>
</body></html>

[Calgaryalberta]

At the very end is where I added the script you mentioned to add in, the

$id = $_REQUEST['uid'];

mysql_query("UPDATE users SET accesslevel = 1 WHERE id = $id"); 

[nethnet]

Combine them into one query.

 

"UPDATE users SET activated=1 AND accesslevel=1 WHERE uid='$uid'"

[marcus]

You don't use AND operation when updating.

 

$sql = "UPDATE `users` SET `activated`=1,`accesslevel`=1 WHERE `uid`='".$uid."'";

[Calgaryalberta]

ok lets see if this works, stand by

[Calgaryalberta]

Ok, before I upload this script  to my server, Im going to post it with you're updates tell me if this is the way it should look .

Thanks for all the help! I guess before I know if it for sure works Ill have to develop the login, but Ill use the script posted above, Ill just edit it to the best of my ability

 

Look ok?

 

<?php
/**
** Register script
**/

include "config.php";

$db = @mysql_connect($db_host, $db_user, $db_pass);

if( !$db )
die(mysql_error());

$link = mysql_select_db($db_name, $db);

if( !$link ) 
die(mysql_error());

$uid = (int)$_GET['uid'];
$sql = "UPDATE `users` SET `activated`=1,`accesslevel`=1 WHERE `uid`='".$uid."'";

$key = mysql_real_escape_string($_GET['key']);
//print "SELECT 1 FROM users WHERE uid = '$uid' AND `key` = '$key'";
$res = @mysql_query("SELECT 1 FROM users WHERE uid = '$uid' AND `key` = '$key'");

if( !$res ) 
die(mysql_error());
?>