RE: Members area Login with permissions!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

 

yes, class="message" just sets the HTML class for that div element.

 

BTW, I've found the error:

 

 

              //We get the password of the user

              $req = mysql_query('select password,id,usr_level from users
where username="'.$username.'"');

              $dn = mysql_fetch_array($req);

              //Get user level of the user

              $usr_level = $req['usr_level'];

 

You're setting $usr_level from a mysql_resource! So it's always null ( you
would have guessed it by adding a var_dump($usr_level); after setting
$usr_level ). 

 

The fix: just change it to:

 

               $usr_level = $dn['usr_level'];

 

Cheers,

 

               Tamas

 

 

 

From: alekto [mailto:alekto.antarctica@xxxxxxxxx] 
Sent: Sunday, July 24, 2011 1:00 PM
To: Dajka Tamas
Cc: php-general@xxxxxxxxxxxxx
Subject: Re:  Members area Login with permissions!

 

Hi,

 

thank you for answering! I do have a session_start() in config.php.

For now there is no redirection as you mentioned, but it should display a
link to 

the corresponding next homepage based on user level, which it does not do at
this time!

 

I thought <div class="message"> was only a class? I already have a $message
variable that do display:

$message = 'The username or password is incorrect.';

 

When it comes to separating the code, I think this is a good idea, afraid
this will mess the code further up to do at this point?!

 

Regards

 

 

 

Den 24. juli 2011 kl. 11.52 skrev Dajka Tamas:





Hi,

I don't see any redirection in your script! It just displays the link to the
corresponding next homepage based on the user level. To really redirect, you
should user "header ('Location: URL');". Be aware, that if you pass ANY
content out, the additional headers can't be set, so either use output
buffer in php.ini, or ob_start somewhere. And hope you do session_start() in
config.php ;)

Cheers,

            Tamas

-----Original Message-----
From: alekto [mailto:alekto.antarctica@xxxxxxxxx] 
Sent: Sunday, July 24, 2011 1:28 AM
To: php-general@xxxxxxxxxxxxx
Subject:  Members area Login with permissions!

Hi,
I need some help with my html/php, restricted access script. 
The purpose with this script is to let users login to a members area; some
with admin permission, some with newbe permission and some with advanced
permissions. The permissions are pre-defined in the MySQL-DB with a
use_level-field in the user-table. 

The different user-groups should have access to the following content:

admin - permissions to everything (for now the same as advanced)
advanced - lecture 1 and lecture 2
newbe - only lecture 1

The problem with this script is that it does not redirect the different user
groups to their repective index-pages, please help me to detect why!



<?php
include('config.php');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
<html xmlns="http://www.w3.org/1999/xhtml";>
  <head>
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
      <link href="<?php echo $design; ?>/style.css" rel="stylesheet"
title="Style" />
      <title>Connexion</title>
  </head>
  <body>
      <div class="header">
              <a href="<?php echo $url_home; ?>"><img src="<?php echo
$design; ?>/images/logo.png" alt="Members Area" /></a>
          </div>
<?php
//If the user is logged, we log him out
if(isset($_SESSION['username']))
{
      //We log him out by deleting the username and userid sessions
      unset($_SESSION['username'], $_SESSION['userid']);
?>
<div class="message">You have successfuly been loged out.<br />
<a href="<?php echo $url_home; ?>">Home</a></div>
<?php
}
else
{
      $ousername = '';
      //We check if the form has been sent
      if(isset($_POST['username'], $_POST['password']))
      {
              //We remove slashes depending on the configuration
              if(get_magic_quotes_gpc())
              {
                      $ousername = stripslashes($_POST['username']);
                      $username =
mysql_real_escape_string(stripslashes($_POST['username']));
                      $password = stripslashes($_POST['password']);
              }
              else
              {
                      $username =
mysql_real_escape_string($_POST['username']);
                      $password = $_POST['password'];
              }
              //We get the password of the user
              $req = mysql_query('select password,id,usr_level from users
where username="'.$username.'"');
              $dn = mysql_fetch_array($req);
              //Get user level of the user
              $usr_level = $req['usr_level'];

              //We compare the submited password and the real one, and we
check if the user exists
              if($dn['password']==$password and mysql_num_rows($req)>0)
              {
                      //If the password is good, we dont show the form
                      $form = false;
                      //We save the user name in the session username and
the user Id in the session userid
                      $_SESSION['username'] = $_POST['username'];
                      $_SESSION['userid'] = $dn['id'];

               if($usr_level == 1)
                      {
                        ?>
<div class="message">You have successfuly been logged in. You can now access
the admin area.<br />
<a href="index2.php">Home</a></div>
<?php
                      }
                      if($usr_level == 10)
                      {
                      ?>
<div class="message">You have successfuly been logged in. You can now access
to the newbe area.<br />
<a href="index1.php">Home</a></div>
<?php
                      }
                      if($usr_level == 11)
                      {
                      ?>
<div class="message">You have successfuly been logged in. You can now access
the advanced area.<br />
<a href="index2.php">Home</a></div>
<?php
                      }                            

              }
              else
              {
                      //Otherwise, we say the password is incorrect.
                      $form = true;
                      $message = 'The username or password is incorrect.';
              }
      }
      else
      {
              $form = true;
      }
      if($form)
      {
              //We display a message if necessary
      if(isset($message))
      {
              echo '<div class="message">'.$message.'</div>';
      }
      //We display the form
?>
<div class="content">
  <form action="connexion.php" method="post">
      Please type your IDs to log in:<br />
      <div class="center">
          <label for="username">Username</label><input type="text"
name="username" id="username" value="<?php echo htmlentities($ousername,
ENT_QUOTES, 'UTF-8'); ?>" /><br />
          <label for="password">Password</label><input type="password"
name="password" id="password" /><br />
          <input type="submit" value="Log in" />
              </div>
  </form>
</div>
<?php
      }
}
?>
              <div class="foot"><a href="<?php echo $url_home; ?>">Go
Home</a></div>
      </body>
</html>

 


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux