You're welcome J
Yes, you can hide the urls, just google for "url rewriting" or "seo urls".
Unfortunatelly, this is not basic level stuff and you cannot hide completly
the urls.
About your issue: that's why I've added to my example's index.php this line:
if ( ! $_session['username'] ) {
$_SESSION['message'] = "Please log in";
header('Location: login.php');
}
For your situation, I would change it a bit ( for ANY index pages, which is
not a login page ):
if ( ! $_SESSION['username'] || $_SESSION['usr_level'] !=
CURRENT_SITE_PERMISSION ) {
//we set a message in session to the user
$_SESSION['message'] = "Please log in";
//we redirect the user to the login page
header('Location: index.php');
}
This will redirect an unlogged user to the login form ( if logged in, but
has no access rights, your login page will log out the user ).
Don't forget to store the users' access level in the session, or this will
not work!
Cheers,
Tamas
From: alekto [mailto:alekto.antarctica@xxxxxxxxx]
Sent: Sunday, July 24, 2011 3:23 PM
To: Dajka Tamas
Cc: php-general@xxxxxxxxxxxxx
Subject: Re: Members area Login with permissions!
Thanks a lot :)
This solved the user level issue, I can now login with different user levels
and get displayed with a link to the corresponding index-pages.
But I am now facing a new issue regarding this; when I am entering the URL's
of the corresponding index-pages I do get access to the
corresponding index-pages without having to login at all!! Is there a way to
prevent this form happening?
And is there also a way to hide the
URL's that goes beyond www.url.com, e.i. www.url.com/index_admin.php?
Regard
Den 24. juli 2011 kl. 13.26 skrev Dajka Tamas:
Hi,
yes, class="message" just sets the HTML class for that div element.
BTW, I've found the error:
//We get the password of the user
$req = mysql_query('select password,id,usr_level from users
where username="'.$username.'"');
$dn = mysql_fetch_array($req);
//Get user level of the user
$usr_level = $req['usr_level'];
You're setting $usr_level from a mysql_resource! So it's always null ( you
would have guessed it by adding a var_dump($usr_level); after setting
$usr_level ).
The fix: just change it to:
$usr_level = $dn['usr_level'];
Cheers,
Tamas
From: alekto [mailto:alekto.antarctica@xxxxxxxxx]
Sent: Sunday, July 24, 2011 1:00 PM
To: Dajka Tamas
Cc: php-general@xxxxxxxxxxxxx
Subject: Re: Members area Login with permissions!
Hi,
thank you for answering! I do have a session_start() in config.php.
For now there is no redirection as you mentioned, but it should display a
link to
the corresponding next homepage based on user level, which it does not do at
this time!
I thought <div class="message"> was only a class? I already have a $message
variable that do display:
$message = 'The username or password is incorrect.';
When it comes to separating the code, I think this is a good idea, afraid
this will mess the code further up to do at this point?!
Regards
Den 24. juli 2011 kl. 11.52 skrev Dajka Tamas:
Hi,
I don't see any redirection in your script! It just displays the link to the
corresponding next homepage based on the user level. To really redirect, you
should user "header ('Location: URL');". Be aware, that if you pass ANY
content out, the additional headers can't be set, so either use output
buffer in php.ini, or ob_start somewhere. And hope you do session_start() in
config.php ;)
Cheers,
Tamas
-----Original Message-----
From: alekto [mailto:alekto.antarctica@xxxxxxxxx]
Sent: Sunday, July 24, 2011 1:28 AM
To: php-general@xxxxxxxxxxxxx
Subject: Members area Login with permissions!
Hi,
I need some help with my html/php, restricted access script.
The purpose with this script is to let users login to a members area; some
with admin permission, some with newbe permission and some with advanced
permissions. The permissions are pre-defined in the MySQL-DB with a
use_level-field in the user-table.
The different user-groups should have access to the following content:
admin - permissions to everything (for now the same as advanced)
advanced - lecture 1 and lecture 2
newbe - only lecture 1
The problem with this script is that it does not redirect the different user
groups to their repective index-pages, please help me to detect why!
<?php
include('config.php');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
<html xmlns="http://www.w3.org/1999/xhtml";>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="<?php echo $design; ?>/style.css" rel="stylesheet"
title="Style" />
<title>Connexion</title>
</head>
<body>
<div class="header">
<a href="<?php echo $url_home; ?>"><img src="<?php echo
$design; ?>/images/logo.png" alt="Members Area" /></a>
</div>
<?php
//If the user is logged, we log him out
if(isset($_SESSION['username']))
{
//We log him out by deleting the username and userid sessions
unset($_SESSION['username'], $_SESSION['userid']);
?>
<div class="message">You have successfuly been loged out.<br />
<a href="<?php echo $url_home; ?>">Home</a></div>
<?php
}
else
{
$ousername = '';
//We check if the form has been sent
if(isset($_POST['username'], $_POST['password']))
{
//We remove slashes depending on the configuration
if(get_magic_quotes_gpc())
{
$ousername = stripslashes($_POST['username']);
$username =
mysql_real_escape_string(stripslashes($_POST['username']));
$password = stripslashes($_POST['password']);
}
else
{
$username =
mysql_real_escape_string($_POST['username']);
$password = $_POST['password'];
}
//We get the password of the user
$req = mysql_query('select password,id,usr_level from users
where username="'.$username.'"');
$dn = mysql_fetch_array($req);
//Get user level of the user
$usr_level = $req['usr_level'];
//We compare the submited password and the real one, and we
check if the user exists
if($dn['password']==$password and mysql_num_rows($req)>0)
{
//If the password is good, we dont show the form
$form = false;
//We save the user name in the session username and
the user Id in the session userid
$_SESSION['username'] = $_POST['username'];
$_SESSION['userid'] = $dn['id'];
if($usr_level == 1)
{
?>
<div class="message">You have successfuly been logged in. You can now access
the admin area.<br />
<a href="index2.php">Home</a></div>
<?php
}
if($usr_level == 10)
{
?>
<div class="message">You have successfuly been logged in. You can now access
to the newbe area.<br />
<a href="index1.php">Home</a></div>
<?php
}
if($usr_level == 11)
{
?>
<div class="message">You have successfuly been logged in. You can now access
the advanced area.<br />
<a href="index2.php">Home</a></div>
<?php
}
}
else
{
//Otherwise, we say the password is incorrect.
$form = true;
$message = 'The username or password is incorrect.';
}
}
else
{
$form = true;
}
if($form)
{
//We display a message if necessary
if(isset($message))
{
echo '<div class="message">'.$message.'</div>';
}
//We display the form
?>
<div class="content">
<form action="connexion.php" method="post">
Please type your IDs to log in:<br />
<div class="center">
<label for="username">Username</label><input type="text"
name="username" id="username" value="<?php echo htmlentities($ousername,
ENT_QUOTES, 'UTF-8'); ?>" /><br />
<label for="password">Password</label><input type="password"
name="password" id="password" /><br />
<input type="submit" value="Log in" />
</div>
</form>
</div>
<?php
}
}
?>
<div class="foot"><a href="<?php echo $url_home; ?>">Go
Home</a></div>
</body>
</html>
