...

View Full Version : Please help me with user access levels



esanger21
03-25-2010, 02:59 AM
I own a computer repair company, and im obviously not a huge php coder, in fact, i really dont know much about it at all lol. I want to have two different types of users, technicians and admins. In the mysql table there is username, password, and admin. I want it so if admin=1 then it will display some menu links, but if admin=0 they dont appear. Here is what i have for coding. I have the login script which then takes that login info to a file called checklogin.php. Here is checklogin.php


<?php
$host="*********"; // Host name
$dbusername=*********"; // Mysql username
$dbpassword="*********"; // Mysql password
$db_name="*********"; // Database name
$tbl_name="*********"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$dbusername", "$dbpassword")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$username=$_POST['username'];
$password=$_POST['password'];

// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("username");
session_register("password");
header("location:login_success.php");
}
else {
echo "You have entered an invalid technician ID. Please try again.";
}
?>


How do i make it so if admin=1 it goes to admin.php and if admin=0 then it goes to login_success.php? Im so new to this i really dont know that much. Thank you.

DJCMBear
03-25-2010, 05:15 AM
I own a computer repair company, and im obviously not a huge php coder, in fact, i really dont know much about it at all lol. I want to have two different types of users, technicians and admins. In the mysql table there is username, password, and admin. I want it so if admin=1 then it will display some menu links, but if admin=0 they dont appear. Here is what i have for coding. I have the login script which then takes that login info to a file called checklogin.php. Here is checklogin.php


<?php
$host="*********"; // Host name
$dbusername=*********"; // Mysql username
$dbpassword="*********"; // Mysql password
$db_name="*********"; // Database name
$tbl_name="*********"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$dbusername", "$dbpassword")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$username=$_POST['username'];
$password=$_POST['password'];

// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("username");
session_register("password");
header("location:login_success.php");
}
else {
echo "You have entered an invalid technician ID. Please try again.";
}
?>


How do i make it so if admin=1 it goes to admin.php and if admin=0 then it goes to login_success.php? Im so new to this i really dont know that much. Thank you.

Here You Go:


<?php
$host="*********"; // Host name
$dbusername=*********"; // Mysql username
$dbpassword="*********"; // Mysql password
$db_name="*********"; // Database name
$tbl_name="*********"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$dbusername", "$dbpassword")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$username=$_POST['username'];
$password=$_POST['password'];

// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("username");
session_register("password");
while($row = mysql_fetch_array($result)){
if($row['admin']=='1'){
header("admin.php");
}else{
header("location:login_success.php?");
}}} else {
echo "You have entered an invalid technician ID. Please try again.";
}
?>

tomws
03-25-2010, 05:19 AM
You'll need to have a look at mysql_fetch_array (http://php.net/mysql_fetch_array), or one of its sisters, at least. Check out some php form handling tutorials. You should see lots of examples that show you how to do it. You'll be looking for sections of code that look something like this:

$result = mysql_query($query);
if (!$result)
{
// some error handling
}
$row = mysql_fetch_array($result);
if ($row['some_field'] == 'someValue')
{
// do stuff
}
else
{
// do other stuff
}

DJCMBear
03-25-2010, 05:28 AM
You'll need to have a look at mysql_fetch_array (http://php.net/mysql_fetch_array), or one of its sisters, at least. Check out some php form handling tutorials. You should see lots of examples that show you how to do it. You'll be looking for sections of code that look something like this:

$result = mysql_query($query);
if (!$result)
{
// some error handling
}
$row = mysql_fetch_array($result);
if ($row['some_field'] == 'someValue')
{
// do stuff
}
else
{
// do other stuff
}



Thats what I did in my code example it should work for esanger21 now.

tomws
03-25-2010, 05:33 AM
Thats what I did in my code example it should work for esanger21 now.

Congratulations on teaching him... oh wait. You didn't. You only taught him to copy and paste. Nevermind.

DJCMBear
03-25-2010, 05:37 AM
Congratulations on teaching him... oh wait. You didn't. You only taught him to copy and paste. Nevermind.

And you never wrote some php code...oh wait yes you did my bad. Maybe you should think before saying something. And yes I know you also said about using mysql_fetch_array or "one of it's sisters" but either way he's still geting his problem sorted out.

Zangeel
03-25-2010, 02:17 PM
And you never wrote some php code...oh wait yes you did my bad. Maybe you should think before saying something. And yes I know you also said about using mysql_fetch_array or "one of it's sisters" but either way he's still geting his problem sorted out.

Did he ever then try to negate someone elses post for being more educational? :D



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum