2 Replies - 328 Views - Last Post: 19 April 2011 - 09:39 PM Rate Topic: -----

#1 metalloid  Icon User is offline

  • D.I.C Head

Reputation: -3
  • View blog
  • Posts: 114
  • Joined: 11-September 08

How to set log in with privilege

Posted 19 April 2011 - 06:35 PM

I am making a log in to my page but I do not know where to put the restriction/privilege to a user. Given that they input usernames and passwords in a general log in form, but upon log in they would be directed to the page they are allowed only to see and manipulate.

For example if the log in detects that the user_lvl is 1 it would show the user the admin page, or if the user_lvl is 2 it would show the clerks page, or if the user_lvl is 3 it would redirect the user to the view only page.

here is my code:
<?php
session_start();
include ('config.php'); 

$username = $_POST["username"]; 
$password = md5($_POST["password"]);

$sql="SELECT * FROM users WHERE username='$username' and password='$password'";
$result=mysql_query($sql,$con);

$count=mysql_num_rows($result);


$rec = mysql_fetch_row($result);

if($count==1){
	
	session_register("username");
	session_register("password");
	$_SESSION['name1'] = $rec[1]." ".$rec[3];
	$_SESSION['id'] = $rec[0];
	$_SESSION['ok'] = 1;
	header("location:lloydfinals.php");
}else {
	include ('erroruser.php'); 
}
?>



Is This A Good Question/Topic? 0
  • +

Replies To: How to set log in with privilege

#2 metalloid  Icon User is offline

  • D.I.C Head

Reputation: -3
  • View blog
  • Posts: 114
  • Joined: 11-September 08

Re: How to set log in with privilege

Posted 19 April 2011 - 07:33 PM

I tried this code but it won't work...

It's for the ADMIN first...

<?php
session_start();
include ('config.php'); 

$username = $_POST["username"]; 
$password = $_POST["password"];

$sql="SELECT * FROM users WHERE username='$username' and password='$password' and user_lvl= '$user_lvl'";
$result=mysql_query($sql,$con);

$count=mysql_num_rows($result);


$rec = mysql_fetch_row($result);

if($count==1){
	
	session_register("username");
	session_register("password");
	session_register("user_lvl") ==1;
	$_SESSION['name1'] = $rec[1]." ".$rec[3];
	$_SESSION['id'] = $rec[0];
	$_SESSION['ok'] = 1;
	header("location: Admin_main.php");
}else {
	include ('erroruser.php'); 
}
?>


Was This Post Helpful? 0
  • +
  • -

#3 macosxnerd101  Icon User is online

  • Self-Trained Economist
  • member icon




Reputation: 10766
  • View blog
  • Posts: 40,087
  • Joined: 27-December 08

Re: How to set log in with privilege

Posted 19 April 2011 - 09:39 PM

Telling us it doesn't work isn't much help to us. What is wrong with it? Be specific!

Looking through your code, I noticed a few things. First, I don't see where you declared the $user_lvl variable. Second, never pass your user inputs (or values in general) to your queries until you have sanitized your input. And make sure you aren't storing passwords directly in the database. Always hash and salt them first. There are plenty of hash functions that come with PHP like md5() or sha1().
password='$password' and user_lvl= '$user_lvl'";



For a lot of the PHP sites you see in use, they don't redirect to other pages based on permissions to view the same material, as you are describing. Rather, they include in the appropriate HTML pages. If they are truly different pages with different purposes, then a redirect would be appropriate. But if they are the same welcome/start page with some additional or different permissions, then includes might be more appropriate.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1