Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    Regular Coder
    Join Date
    Aug 2013
    Posts
    114
    Thanks
    15
    Thanked 0 Times in 0 Posts

    Adding a login with different categories

    What would be the best way to add a simple login where there is a few different "levels" of members. For example an admin login that when logs in goes to one page where a "driver" login when logs in goes to another but only one login field?

  • #2
    Senior Coder
    Join Date
    Jun 2008
    Location
    New Jersey
    Posts
    2,530
    Thanks
    45
    Thanked 259 Times in 256 Posts
    Create a permissions table that determines what level a user is at (it can be a column in the user table if its just a single value), then in PHP redirect based on the value.

  • Users who have thanked Keleth for this post:

    7daytheory (08-21-2013)

  • #3
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,020
    Thanks
    75
    Thanked 4,323 Times in 4,289 Posts
    If there are only two "levels", then Keleth's idea of a single value in the main user's table is more than adequate.

    If you had several different levels all with different target pages, then you might want to create a separate DB table just for that.

    e.g.:
    Code:
    CREATE TABLE permissions (
        level INT,
        page VARCHAR(100)
    );
    
    level -- page
        1 -- peons.php
        2 -- workerbees.php
        3 -- supervisors.php
        4 -- admins.php
        5 -- worshipfulmaster.php
    And then the field level in the users table becomes a FOREIGN KEY to level in the permissions table.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • Users who have thanked Old Pedant for this post:

    7daytheory (08-21-2013)

  • #4
    Regular Coder
    Join Date
    Aug 2013
    Posts
    114
    Thanks
    15
    Thanked 0 Times in 0 Posts
    I'm sorry I have never made a permissions table before so this is totally new to me.

    So I add a table just with levels that are integers ? Or do I put the integers inside the database with the usernames and passwords. And the integers in the permissions tables link to a page that are identified in the permission table?

  • #5
    Regular Coder
    Join Date
    Aug 2013
    Posts
    114
    Thanks
    15
    Thanked 0 Times in 0 Posts
    By the way Pedant Ive posted here 3 times and every time you have solved my problem so thanks for all the help

  • #6
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,020
    Thanks
    75
    Thanked 4,323 Times in 4,289 Posts
    Complete example:
    Code:
    CREATE TABLE permissions (
        level INT,
        page VARCHAR(100)
    ) ENGINE INNODB;
    
    CREATE TABLE users (
        userid INT AUTO_INCREMENT PRIMARY KEY,
        username VARCHAR(20),
        password VARCHAR(20),
        level INT,
        CONSTRAINT FOREIGN KEY (level) REFERENCES permissions(level)
    ) ENGINE INNODB;
    
    INSERT INTO permissions (level, page)
    VALUES (1,'peons.php'),(2,'workerbees.php'),(3,'supervisors.php'),
           (4,'admins.php'),(5,'worshipfulmaster.php');
    
    INSERT INTO users (username,password,level)
    VALUES ('oldpedant','asdfy88176',5),
           ('7daytheory','as882nn',4),
           ('joeschmo','easy',1);
    And I don't use PHP, as I'm sure you've seen me write, but for login.php you could do something like this:
    Code:
    <?php
    
    session_start();
    
    $oops = "";
    if ( $_POST["login"] == "Login" )
    {
        .. make your db connection ..
    
        $uname = mysql_real_escape_string($_POST["uname"]);
        $pwd = mysql_real_escape_string($_POST["pwd"]);
        $sql = "SELECT u.userid, p.level, p.page FROM users AS u, permissions AS p "
             . " WHERE u.level = p.level "
             . " AND u.username = '$uname' "
             . " AND u.password = '$pwd' ";
        $result = mysql_query($sql) or die(mysql_error());
        if ( $row = mysql_fetch_assoc( $result ) )
        {
            $_SESSION["userid"] = $row["userid"];
            $_SESSION["userlevel"] = $row["level"];
            $page = $row["page"];
            echo "<html><head><meta http-equiv=\"refresh\" content=\"0; url=$page\" />\n";
            echo "</head><body>redirecting to $page</body></html>\n";
            exit(0);    
        }
        $oops = "ERROR: Invalid login credentials.";
    }
    ?>
    <!DOCTYPE html>
    <html>
    <head>
    <style type="text/css">
    #oops {
        font-weight: bold;
        color: red;
    }
    </style>
    </head>
    <body>
    <div id="oops"><?php echo $oops; ?></div>
    <form method="post">
    username: <input name="uname"/><br/>
    password: <input name="pwd"/><br/>
    <input type="submit" name="login" value="Login" />
    </form>
    </body>
    </html>
    Not sure that's the best way to do the redirect to page. Some PHP person would know.

    I did read that you can't use header("Location:...") as it doesn't preserve the session, which we would surely want to do. So the META REFRESH seemed like best alternative.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • Users who have thanked Old Pedant for this post:

    7daytheory (08-21-2013)

  • #7
    Regular Coder
    Join Date
    Aug 2013
    Posts
    114
    Thanks
    15
    Thanked 0 Times in 0 Posts
    Thanks again! Seems like it should work well and if not a good starting point.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •