Hi, thank you for answering! I do have a session_start() in config.php. For now there is no redirection as you mentioned, but it should display a link to the corresponding next homepage based on user level, which it does not do at this time! I thought <div class="message"> was only a class? I already have a $message variable that do display: $message = 'The username or password is incorrect.'; When it comes to separating the code, I think this is a good idea, afraid this will mess the code further up to do at this point?! Regards Den 24. juli 2011 kl. 11.52 skrev Dajka Tamas: > Hi, > > I don't see any redirection in your script! It just displays the link to the > corresponding next homepage based on the user level. To really redirect, you > should user "header ('Location: URL');". Be aware, that if you pass ANY > content out, the additional headers can't be set, so either use output > buffer in php.ini, or ob_start somewhere. And hope you do session_start() in > config.php ;) > > Cheers, > > Tamas > > -----Original Message----- > From: alekto [mailto:alekto.antarctica@xxxxxxxxx] > Sent: Sunday, July 24, 2011 1:28 AM > To: php-general@xxxxxxxxxxxxx > Subject: Members area Login with permissions! > > Hi, > I need some help with my html/php, restricted access script. > The purpose with this script is to let users login to a members area; some > with admin permission, some with newbe permission and some with advanced > permissions. The permissions are pre-defined in the MySQL-DB with a > use_level-field in the user-table. > > The different user-groups should have access to the following content: > > admin - permissions to everything (for now the same as advanced) > advanced - lecture 1 and lecture 2 > newbe - only lecture 1 > > The problem with this script is that it does not redirect the different user > groups to their repective index-pages, please help me to detect why! > > > > <?php > include('config.php'); > ?> > <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" > "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> > <html xmlns="http://www.w3.org/1999/xhtml"> > <head> > <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> > <link href="<?php echo $design; ?>/style.css" rel="stylesheet" > title="Style" /> > <title>Connexion</title> > </head> > <body> > <div class="header"> > <a href="<?php echo $url_home; ?>"><img src="<?php echo > $design; ?>/images/logo.png" alt="Members Area" /></a> > </div> > <?php > //If the user is logged, we log him out > if(isset($_SESSION['username'])) > { > //We log him out by deleting the username and userid sessions > unset($_SESSION['username'], $_SESSION['userid']); > ?> > <div class="message">You have successfuly been loged out.<br /> > <a href="<?php echo $url_home; ?>">Home</a></div> > <?php > } > else > { > $ousername = ''; > //We check if the form has been sent > if(isset($_POST['username'], $_POST['password'])) > { > //We remove slashes depending on the configuration > if(get_magic_quotes_gpc()) > { > $ousername = stripslashes($_POST['username']); > $username = > mysql_real_escape_string(stripslashes($_POST['username'])); > $password = stripslashes($_POST['password']); > } > else > { > $username = > mysql_real_escape_string($_POST['username']); > $password = $_POST['password']; > } > //We get the password of the user > $req = mysql_query('select password,id,usr_level from users > where username="'.$username.'"'); > $dn = mysql_fetch_array($req); > //Get user level of the user > $usr_level = $req['usr_level']; > > //We compare the submited password and the real one, and we > check if the user exists > if($dn['password']==$password and mysql_num_rows($req)>0) > { > //If the password is good, we dont show the form > $form = false; > //We save the user name in the session username and > the user Id in the session userid > $_SESSION['username'] = $_POST['username']; > $_SESSION['userid'] = $dn['id']; > > if($usr_level == 1) > { > ?> > <div class="message">You have successfuly been logged in. You can now access > the admin area.<br /> > <a href="index2.php">Home</a></div> > <?php > } > if($usr_level == 10) > { > ?> > <div class="message">You have successfuly been logged in. You can now access > to the newbe area.<br /> > <a href="index1.php">Home</a></div> > <?php > } > if($usr_level == 11) > { > ?> > <div class="message">You have successfuly been logged in. You can now access > the advanced area.<br /> > <a href="index2.php">Home</a></div> > <?php > } > > } > else > { > //Otherwise, we say the password is incorrect. > $form = true; > $message = 'The username or password is incorrect.'; > } > } > else > { > $form = true; > } > if($form) > { > //We display a message if necessary > if(isset($message)) > { > echo '<div class="message">'.$message.'</div>'; > } > //We display the form > ?> > <div class="content"> > <form action="connexion.php" method="post"> > Please type your IDs to log in:<br /> > <div class="center"> > <label for="username">Username</label><input type="text" > name="username" id="username" value="<?php echo htmlentities($ousername, > ENT_QUOTES, 'UTF-8'); ?>" /><br /> > <label for="password">Password</label><input type="password" > name="password" id="password" /><br /> > <input type="submit" value="Log in" /> > </div> > </form> > </div> > <?php > } > } > ?> > <div class="foot"><a href="<?php echo $url_home; ?>">Go > Home</a></div> > </body> > </html> >