...

View Full Version : Simple admin/user login declaration



snowdude2004
02-18-2012, 10:50 PM
I'm having a few minor issues with another section of my php apart from the email system which seems to have stumped other users....anyway.

When logging into my system I want the system to tell me if the user is a normal user or admin user and then redirect the admin to a different login instead of the one users are being sent to.

Currently my system just logs the user in if the login information is correct which is information stored on the sql database I have on my system and sends either users to the same place as there is nothing delclaring what is different from normal users and admin users.

Can you please point me in the right direction and give me some assistance with this issue.

My current code :


<?php

unset($error);
session_start();

if(isset($_GET['l'])){
switch($_GET['l']){
case 9: //logout
session_destroy();
break;
exit();
}

}

//check to see if user is already logged in
if(isset($_SESSION['username'])){
header("Location: LoggedIn.php");
exit();
}

//Check if username * password boxes have been filled
if(isset($_POST['UserName']) && isset($_POST['Password']))
{
//get the values and put them in variables
$username = $_POST['UserName'];
$password = $_POST['Password'];

// reference the library file so that the functions can be used.
require_once("mysqli.php");
// connect to the database
$db = new mysqliConnector();

//clean up the user name for nasties
$usernameS = $db->smart_in($username);

// Check that the user name exists in the database
$userCheck = $db->getValue("SELECT COUNT(*) AS num FROM tblCustomer WHERE UserName = $usernameS", "num");


if($userCheck == 1)
{

$passS = $db->smart_in($password);
$passCheck = $db->getValue("SELECT COUNT(*) AS num FROM tblCustomer WHERE UserName = $usernameS AND Password = $passS", "num");


if($passCheck == 1)
{
// if both username and password are correct ....


//start a session for this user ...

$_SESSION['username'] = $usernameS;

// go to main page
header("Location: LoggedIn.php");
exit();
break;

}else{
$error = "login pperror!";
}
}else{
$error = "login uuerror!";
}
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login</title>
<style type="text/css" media="screen">

body{

margin:0;

font: 100% Verdana, Arial, Helvetica, sans-serif;
color: #FFF;


}

.Container {

margin:0 auto;

padding:0;

width:800px; height:600px;

position: relative;

background:#7b0619;

border-left: 3px solid black;
border-right: 3px solid black;
border-bottom: 3px solid black;


}

.Header {
margin:0 auto;

padding:0;

position: relative;

Width : 800px; Height:70px;

Background:#FFF;

color: #000;

border-left: 3px solid black;
border-right: 3px solid black;
border-top: 3px solid black;
}

.register {


</style>
</head>

<body>

<div class="Header">

<table width="800" border="0">
<tr>
<td width="545"><font size="5"><p> Log In </p></font></td>
<td width="245"><font size="7" face="Kunstler Script"><p> Finding Serenity </p></font></td>
</tr>
</table>
</div>
<div class="Container">
<div align="center">



<br/>
<br/>
<?php if(isset($error)){echo $error;}?> <br/>
<br/>
<br/>
<p> Please login below to make a booking </p>
<br/>
<br/>

<table width="300" border="0" align="center" cellpadding="0" cellspacing="1">
<tr>
<form name="form1" method="post" action="Login.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input type="text" name="UserName" id="UserName" /></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input type="password" name="Password" id="Password" /></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>


<br/>
<br/>
<br/>
<br/>
<br/>
<br/>

<p> Need to make a boooking?</p>
<br/>
<p> Then click below</p>
<p>
<input type="button" value="Register"
ONCLICK="window.location.href='/57134/Registration.php'" />
<p>&nbsp;</p>
<p>&nbsp;</p>
</div>
</div>


</body>
</html>

litebearer
02-19-2012, 12:08 AM
do you have a field in your db table to distinguish them? ie field name = level, values are 1 for user, 2 for admin. then when login happens, set a session variable with the appropriate level value for that user. finally, check the session variable on each "admin only' page to make sure the user has admin status.

clear as mud? ;)

snowdude2004
02-19-2012, 12:22 AM
I currently have an admin true/false 0/1 thing going along I just dont know how i'd go about coding it to read which one is which and distinguish between the two in php, In terms of logic I know what I need to do but in terms of php, how shall I say this.... dumbstruck

litebearer
02-19-2012, 01:23 AM
Rough psuedo code...

/* login processing page */
$query = "SELECT id, level FROM mytable WHERE username = '$username' AND password = '$password'";
$result = mysql_query($query);
check to make sure one and only one record is returned
if no record, then send back to login page with error messaage
if more than one record, then you have a problem, as there should only be one or none

if result = 1
$row = mysql_fetch_array($result);
$_SESSION[userid] = $row['id'];
$_SESSION['userlevel'] = $row['level'];
if($row['level'] == 1) {
/* use header to redirect to admin page(s) */
}else{
/* use header to redirect to NON-admin page(s) */
}

/* top of admin only pages */
<?PHP
session_start();
check to see if:
A) session variables have been set
B) session varible userlevel = 1
IF either one is wrong/false, redirect to login page with an error message



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum