Members area Login with permissions!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,
I need some help with my html/php, restricted access script. 
The purpose with this script is to let users login to a members area; some with admin permission, some with newbe permission and some with advanced permissions. The permissions are pre-defined in the MySQL-DB with a use_level-field in the user-table. 

The different user-groups should have access to the following content:

admin - permissions to everything (for now the same as advanced)
advanced - lecture 1 and lecture 2
newbe - only lecture 1

The problem with this script is that it does not redirect the different user groups to their repective index-pages, please help me to detect why!



<?php
include('config.php');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
<html xmlns="http://www.w3.org/1999/xhtml";>
   <head>
       <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
       <link href="<?php echo $design; ?>/style.css" rel="stylesheet" title="Style" />
       <title>Connexion</title>
   </head>
   <body>
       <div class="header">
               <a href="<?php echo $url_home; ?>"><img src="<?php echo $design; ?>/images/logo.png" alt="Members Area" /></a>
           </div>
<?php
//If the user is logged, we log him out
if(isset($_SESSION['username']))
{
       //We log him out by deleting the username and userid sessions
       unset($_SESSION['username'], $_SESSION['userid']);
?>
<div class="message">You have successfuly been loged out.<br />
<a href="<?php echo $url_home; ?>">Home</a></div>
<?php
}
else
{
       $ousername = '';
       //We check if the form has been sent
       if(isset($_POST['username'], $_POST['password']))
       {
               //We remove slashes depending on the configuration
               if(get_magic_quotes_gpc())
               {
                       $ousername = stripslashes($_POST['username']);
                       $username = mysql_real_escape_string(stripslashes($_POST['username']));
                       $password = stripslashes($_POST['password']);
               }
               else
               {
                       $username = mysql_real_escape_string($_POST['username']);
                       $password = $_POST['password'];
               }
               //We get the password of the user
               $req = mysql_query('select password,id,usr_level from users where username="'.$username.'"');
               $dn = mysql_fetch_array($req);
               //Get user level of the user
               $usr_level = $req['usr_level'];

               //We compare the submited password and the real one, and we check if the user exists
               if($dn['password']==$password and mysql_num_rows($req)>0)
               {
                       //If the password is good, we dont show the form
                       $form = false;
                       //We save the user name in the session username and the user Id in the session userid
                       $_SESSION['username'] = $_POST['username'];
                       $_SESSION['userid'] = $dn['id'];

                if($usr_level == 1)
                       {
                         ?>
<div class="message">You have successfuly been logged in. You can now access the admin area.<br />
<a href="index2.php">Home</a></div>
<?php
                       }
                       if($usr_level == 10)
                       {
                       ?>
<div class="message">You have successfuly been logged in. You can now access to the newbe area.<br />
<a href="index1.php">Home</a></div>
<?php
                       }
                       if($usr_level == 11)
                       {
                       ?>
<div class="message">You have successfuly been logged in. You can now access the advanced area.<br />
<a href="index2.php">Home</a></div>
<?php
                       }	                  

               }
               else
               {
                       //Otherwise, we say the password is incorrect.
                       $form = true;
                       $message = 'The username or password is incorrect.';
               }
       }
       else
       {
               $form = true;
       }
       if($form)
       {
               //We display a message if necessary
       if(isset($message))
       {
               echo '<div class="message">'.$message.'</div>';
       }
       //We display the form
?>
<div class="content">
   <form action="connexion.php" method="post">
       Please type your IDs to log in:<br />
       <div class="center">
           <label for="username">Username</label><input type="text" name="username" id="username" value="<?php echo htmlentities($ousername, ENT_QUOTES, 'UTF-8'); ?>" /><br />
           <label for="password">Password</label><input type="password" name="password" id="password" /><br />
           <input type="submit" value="Log in" />
               </div>
   </form>
</div>
<?php
       }
}
?>
               <div class="foot"><a href="<?php echo $url_home; ?>">Go Home</a></div>
       </body>
</html>

[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux