Login page with member levels

[mallen]

I am creating a simple log in form to protect a "member" page. What i have done is assigned a "1" or a "2" to each subscriber. Only people with "2" can view the member page. Here is what I have so far. Its rough I know. I have some pseudo code in there just to get the outline right.

 

There are three pages. The member page that I am protecting, the login page that takes the submitted data, and the register page they get directed to if the log in fails.

----------------------------------------------------

member page

----------------------------------------------------

<?php

session_start();

$status = $status[0]; //member or not. If status "1" direct to register.php, if "2" show page.

session_register ('email');

session_register ('password');

session_register ('status');

 

if (isset ($POST['submit'])) {

if ((!empty ($_POST['email']))

 

if email and user name are a match when sent to login.php 

//show content on page below//

//All content will go here.....///

 

else

//print form to sign in

print '<p>Please sign in using your email address and your password</p>';

 

print '<form action=login.php" method="post"><p>Email: <input type="text" name="email" size="20" /><br/>

Password: <input type="password" name="password" size="20" /><br /> <input type="submit" name="submit" value=Log in /></p> </form>';

?>

 

---------------------------------------------

The login.php page

---------------------------------------------

<?php $username=$_POST['email'];//get data posted from members form

$password=$_POST['password'];

$success = "members.php";

$failed = "register.php";

//check user's email and password. Also if status is "1" redirect to register.php

//if status is "2" redirect to members.php and show the page.

SELECT email, password, and status FROM members

if email and password are ok and status is "2" then go to members page. Show as logged in.

else

if status is "1" redirect to register page.

 

[teng84]

create a account page and include that in all your page or if you have one page that is included in all your pages just add a script that has a condition you want...

[mallen]

....yeah..... that's what I was trying to get help with.

I think it would be easier if I had one page. Where it checked if you were signed in. If not show the sign in form. Then once signed in show the content on the page.

[mallen]

I found some script to use and I modified it. Does anything here look incorrect? Becuase it gives me the message "Sorry, could not log you in. Wrong login information." All I am doing is checking for "email" and "password"

 

<?php
session_start();
require_once('./Connections/....'); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<?php
if ($_GET["op"] == "login")
{
if (!$_POST["email"] || !$_POST["password"])
  {
  die("You need to provide a username and password.");
  }

// Create query
$q = "SELECT * FROM `members` "
."WHERE `email`='".$_POST["email"]."' "
  ."AND `password`= PASSWORD('".$_POST["password"]."') "
  ."LIMIT 1";
// Run query
$r = mysql_query($q);

if ( $obj = @mysql_fetch_object($r) )
  {
  // Login good, create session variables
  $_SESSION["valid_id"] = $obj->id;
  $_SESSION["valid_user"] = $_POST["email"];
  $_SESSION["valid_time"] = time();

  // Redirect to member page
  Header("Location: members.php");
  }
else
  {
  // Login not successful
  die("Sorry, could not log you in. Wrong login information.");

  }
}
else
{
//If all went right the Web form appears and users can log in
echo "<form action=\"?op=login\" method=\"POST\">";
echo "Username: <input name=\"email\"><br />";
echo "Password: <input name=\"password\"><br />";
echo "<input type=\"submit\" value=\"Login\">";
echo "</form>";
}
?>