Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    New Coder
    Join Date
    Aug 2009
    Posts
    51
    Thanks
    10
    Thanked 0 Times in 0 Posts

    Simple admin/user login declaration

    I'm having a few minor issues with another section of my php apart from the email system which seems to have stumped other users....anyway.

    When logging into my system I want the system to tell me if the user is a normal user or admin user and then redirect the admin to a different login instead of the one users are being sent to.

    Currently my system just logs the user in if the login information is correct which is information stored on the sql database I have on my system and sends either users to the same place as there is nothing delclaring what is different from normal users and admin users.

    Can you please point me in the right direction and give me some assistance with this issue.

    My current code :

    Code:
    <?php
    
         unset($error); 
    	 session_start();
    	 
    	 if(isset($_GET['l'])){
    			switch($_GET['l']){
    			case 9: //logout	
    				session_destroy();
    				break;
    				exit();
    			}
    			 
    	 }
    	 
    	 //check to see if user is already logged in
    	 if(isset($_SESSION['username'])){
    		header("Location: LoggedIn.php");
    		exit();
    	}
    	 	 
    	 //Check if username * password boxes have been filled
    	 if(isset($_POST['UserName']) && isset($_POST['Password']))
    	 {
    		//get the values and put them in variables
    		$username =  $_POST['UserName'];
    		$password = $_POST['Password'];
    		
    		// reference the library file so that the functions can be used.
    			require_once("mysqli.php");
    			// connect to the database
    			$db = new mysqliConnector();
    		
    		//clean up the user name for nasties
    			$usernameS = $db->smart_in($username);
    			
    			// Check that the user name exists in the database
    			$userCheck = $db->getValue("SELECT COUNT(*) AS num FROM tblCustomer WHERE UserName = $usernameS", "num");
    			
    			
    		if($userCheck == 1)
    		{
    			
    			$passS = $db->smart_in($password);
    			$passCheck = $db->getValue("SELECT COUNT(*) AS num FROM tblCustomer WHERE UserName = $usernameS AND Password = $passS", "num");
    			
    			
    			if($passCheck == 1)
    			{
    			// if both username and password are correct ....
    			
    			
    			//start a session for this user ...
    			
    			$_SESSION['username'] = $usernameS;
    			
    			// go to main page
    			header("Location: LoggedIn.php");
    			exit();
    			break;
    				
    			}else{
    				$error = "login pperror!";
    				}
    		}else{
    			$error = "login uuerror!";
    		}
    	 }
    ?>
    
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Login</title>
    <style type="text/css" media="screen"> 
    
    body{
     
    	margin:0;
     
    	font: 100% Verdana, Arial, Helvetica, sans-serif;
    	color: #FFF;
     
     
    }
     
    .Container {
    	
    	margin:0 auto;
     
    	padding:0;
     
    	width:800px; height:600px;
    	
    	position: relative;
     
    	background:#7b0619;
    	
    	border-left: 3px solid black;
    		border-right: 3px solid black;
    			border-bottom: 3px solid black;
    
     
    }
    
    .Header {
    		margin:0 auto;
    		
    		padding:0;
    		
    		position: relative;
    		
    	Width : 800px; Height:70px;
    	
    	Background:#FFF;
    	
    	color: #000;
    	
    	border-left: 3px solid black;
    		border-right: 3px solid black;
    			border-top: 3px solid black;
    }
    
    .register {
    	
    
    </style>
    </head>
    
    <body>
    
    <div class="Header">
    
    <table width="800" border="0">
      <tr>
        <td width="545"><font size="5"><p> Log In </p></font></td>
        <td width="245"><font size="7" face="Kunstler Script"><p> Finding Serenity </p></font></td>
      </tr>
    </table>
    </div>
    <div class="Container">
    <div align="center">
    
    
    
    <br/> 
    <br/> 
    <?php if(isset($error)){echo $error;}?> <br/>
    <br/> 
    <br/> 
    <p> Please login below to make a booking </p>
    <br/> 
    <br/> 
    
    <table width="300" border="0" align="center" cellpadding="0" cellspacing="1">
    <tr>
    <form name="form1" method="post" action="Login.php">
    <td>
    <table width="100%" border="0" cellpadding="3" cellspacing="1">
    <tr>
    <td colspan="3"><strong>Member Login </strong></td>
    </tr>
    <tr>
    <td width="78">Username</td>
    <td width="6">:</td>
    <td width="294"><input type="text" name="UserName" id="UserName" /></td>
    </tr>
    <tr>
    <td>Password</td>
    <td>:</td>
    <td><input type="password" name="Password" id="Password" /></td>
    </tr>
    <tr>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    <td><input type="submit" name="Submit" value="Login"></td>
    </tr>
    </table>
    </td>
    </form>
    </tr>
    </table>
    
    
    <br/> 
    <br/> 
    <br/> 
    <br/> 
    <br/> 
    <br/> 
    
     <p> Need to make a boooking?</p>
    <br/>
    <p> Then click below</p>
    <p>
      <input type="button" value="Register"
      ONCLICK="window.location.href='/57134/Registration.php'" />
    <p>&nbsp;</p>
    <p>&nbsp;</p>
    </div>
    </div>
    
    
    </body>
    </html>

  • #2
    Regular Coder
    Join Date
    Apr 2004
    Posts
    298
    Thanks
    0
    Thanked 23 Times in 23 Posts
    do you have a field in your db table to distinguish them? ie field name = level, values are 1 for user, 2 for admin. then when login happens, set a session variable with the appropriate level value for that user. finally, check the session variable on each "admin only' page to make sure the user has admin status.

    clear as mud?

  • #3
    New Coder
    Join Date
    Aug 2009
    Posts
    51
    Thanks
    10
    Thanked 0 Times in 0 Posts
    I currently have an admin true/false 0/1 thing going along I just dont know how i'd go about coding it to read which one is which and distinguish between the two in php, In terms of logic I know what I need to do but in terms of php, how shall I say this.... dumbstruck

  • #4
    Regular Coder
    Join Date
    Apr 2004
    Posts
    298
    Thanks
    0
    Thanked 23 Times in 23 Posts
    Rough psuedo code...

    /* login processing page */
    $query = "SELECT id, level FROM mytable WHERE username = '$username' AND password = '$password'";
    $result = mysql_query($query);
    check to make sure one and only one record is returned
    if no record, then send back to login page with error messaage
    if more than one record, then you have a problem, as there should only be one or none

    if result = 1
    $row = mysql_fetch_array($result);
    $_SESSION[userid] = $row['id'];
    $_SESSION['userlevel'] = $row['level'];
    if($row['level'] == 1) {
    /* use header to redirect to admin page(s) */
    }else{
    /* use header to redirect to NON-admin page(s) */
    }

    /* top of admin only pages */
    <?PHP
    session_start();
    check to see if:
    A) session variables have been set
    B) session varible userlevel = 1
    IF either one is wrong/false, redirect to login page with an error message


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •