Re: [PHP] Members area Login with permissions!
you didn't set the $message for example here that you mentioned: div class=messageYou have successfuly been logged in. You can now access the advanced area.br / change it to $message=You have successfuly been logged in. You can now access the advanced area; hope it will help.
RE: [PHP] Members area Login with permissions!
Hi,
I don't see any redirection in your script! It just displays the link to the
corresponding next homepage based on the user level. To really redirect, you
should user header ('Location: URL');. Be aware, that if you pass ANY
content out, the additional headers can't be set, so either use output
buffer in php.ini, or ob_start somewhere. And hope you do session_start() in
config.php ;)
Cheers,
Tamas
-Original Message-
From: alekto [mailto:alekto.antarct...@gmail.com]
Sent: Sunday, July 24, 2011 1:28 AM
To: php-general@lists.php.net
Subject: [PHP] Members area Login with permissions!
Hi,
I need some help with my html/php, restricted access script.
The purpose with this script is to let users login to a members area; some
with admin permission, some with newbe permission and some with advanced
permissions. The permissions are pre-defined in the MySQL-DB with a
use_level-field in the user-table.
The different user-groups should have access to the following content:
admin - permissions to everything (for now the same as advanced)
advanced - lecture 1 and lecture 2
newbe - only lecture 1
The problem with this script is that it does not redirect the different user
groups to their repective index-pages, please help me to detect why!
?php
include('config.php');
?
!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;
html xmlns=http://www.w3.org/1999/xhtml;
head
meta http-equiv=Content-Type content=text/html; charset=utf-8 /
link href=?php echo $design; ?/style.css rel=stylesheet
title=Style /
titleConnexion/title
/head
body
div class=header
a href=?php echo $url_home; ?img src=?php echo
$design; ?/images/logo.png alt=Members Area //a
/div
?php
//If the user is logged, we log him out
if(isset($_SESSION['username']))
{
//We log him out by deleting the username and userid sessions
unset($_SESSION['username'], $_SESSION['userid']);
?
div class=messageYou have successfuly been loged out.br /
a href=?php echo $url_home; ?Home/a/div
?php
}
else
{
$ousername = '';
//We check if the form has been sent
if(isset($_POST['username'], $_POST['password']))
{
//We remove slashes depending on the configuration
if(get_magic_quotes_gpc())
{
$ousername = stripslashes($_POST['username']);
$username =
mysql_real_escape_string(stripslashes($_POST['username']));
$password = stripslashes($_POST['password']);
}
else
{
$username =
mysql_real_escape_string($_POST['username']);
$password = $_POST['password'];
}
//We get the password of the user
$req = mysql_query('select password,id,usr_level from users
where username='.$username.'');
$dn = mysql_fetch_array($req);
//Get user level of the user
$usr_level = $req['usr_level'];
//We compare the submited password and the real one, and we
check if the user exists
if($dn['password']==$password and mysql_num_rows($req)0)
{
//If the password is good, we dont show the form
$form = false;
//We save the user name in the session username and
the user Id in the session userid
$_SESSION['username'] = $_POST['username'];
$_SESSION['userid'] = $dn['id'];
if($usr_level == 1)
{
?
div class=messageYou have successfuly been logged in. You can now access
the admin area.br /
a href=index2.phpHome/a/div
?php
}
if($usr_level == 10)
{
?
div class=messageYou have successfuly been logged in. You can now access
to the newbe area.br /
a href=index1.phpHome/a/div
?php
}
if($usr_level == 11)
{
?
div class=messageYou have successfuly been logged in. You can now access
the advanced area.br /
a href=index2.phpHome/a/div
?php
}
}
else
{
//Otherwise, we say the password is incorrect.
$form = true;
$message = 'The username or password is incorrect.';
}
}
else
{
$form = true;
}
if($form)
{
//We display a message if necessary
if(isset($message))
{
echo 'div class=message'.$message.'/div';
}
//We display the form
?
div class=content
form action
RE: [PHP] Members area Login with permissions!
One more thought, why not separating the things? I mean separate HTML with a
template engine ( like Smarty ) and separate PHP code ( also separated to
files ).
Like:
index.php:
if ( ! $_session['username'] ) {
$_SESSION['message'] = Please log in;
header('Location: login.php');
}
//process $_Session['message'] if any, and assign it to template variable,
etc
switch ( $_session['username'] ) {
case '10':
//processing, template display
break;
case '11':
//processing, template display
break;
}
---
login.php:
if ( $_POST['username'] $_POST['password'] ) {
//process login
if ( $login_ok ) {
$_SESSION['message'] = MESSAGE;
header('Locatin: index.php');
} else {
$_SESSION['message'] = MESSAGE;
}
}
//display login form, with message, if any ( bad user name, etc )
--
On more complex sites, you may want to use classes, so the PHP code gets
really separated and clean.
If you decide to a template engine, you may also want to create a global
$conf var and export that to the engine, so you can set the design, lang
code, etc from one variable.
Let me know, if I can helo you further :)
Cheers,
Tamas
-Original Message-
From: Dajka Tamas [mailto:vi...@vipernet.hu]
Sent: Sunday, July 24, 2011 11:53 AM
To: 'alekto'; php-general@lists.php.net
Subject: RE: [PHP] Members area Login with permissions!
Hi,
I don't see any redirection in your script! It just displays the link to the
corresponding next homepage based on the user level. To really redirect, you
should user header ('Location: URL');. Be aware, that if you pass ANY
content out, the additional headers can't be set, so either use output
buffer in php.ini, or ob_start somewhere. And hope you do session_start() in
config.php ;)
Cheers,
Tamas
-Original Message-
From: alekto [mailto:alekto.antarct...@gmail.com]
Sent: Sunday, July 24, 2011 1:28 AM
To: php-general@lists.php.net
Subject: [PHP] Members area Login with permissions!
Hi,
I need some help with my html/php, restricted access script.
The purpose with this script is to let users login to a members area; some
with admin permission, some with newbe permission and some with advanced
permissions. The permissions are pre-defined in the MySQL-DB with a
use_level-field in the user-table.
The different user-groups should have access to the following content:
admin - permissions to everything (for now the same as advanced)
advanced - lecture 1 and lecture 2
newbe - only lecture 1
The problem with this script is that it does not redirect the different user
groups to their repective index-pages, please help me to detect why!
?php
include('config.php');
?
!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;
html xmlns=http://www.w3.org/1999/xhtml;
head
meta http-equiv=Content-Type content=text/html; charset=utf-8 /
link href=?php echo $design; ?/style.css rel=stylesheet
title=Style /
titleConnexion/title
/head
body
div class=header
a href=?php echo $url_home; ?img src=?php echo
$design; ?/images/logo.png alt=Members Area //a
/div
?php
//If the user is logged, we log him out
if(isset($_SESSION['username']))
{
//We log him out by deleting the username and userid sessions
unset($_SESSION['username'], $_SESSION['userid']);
?
div class=messageYou have successfuly been loged out.br /
a href=?php echo $url_home; ?Home/a/div
?php
}
else
{
$ousername = '';
//We check if the form has been sent
if(isset($_POST['username'], $_POST['password']))
{
//We remove slashes depending on the configuration
if(get_magic_quotes_gpc())
{
$ousername = stripslashes($_POST['username']);
$username =
mysql_real_escape_string(stripslashes($_POST['username']));
$password = stripslashes($_POST['password']);
}
else
{
$username =
mysql_real_escape_string($_POST['username']);
$password = $_POST['password'];
}
//We get the password of the user
$req = mysql_query('select password,id,usr_level from users
where username='.$username.'');
$dn = mysql_fetch_array($req);
//Get user level of the user
$usr_level = $req['usr_level'];
//We compare the submited password and the real one, and we
check if the user exists
if($dn['password']==$password and mysql_num_rows($req)0)
{
//If the password is good, we dont show
Re: [PHP] Members area Login with permissions!
Hi,
thank you for answering! I do have a session_start() in config.php.
For now there is no redirection as you mentioned, but it should display a link
to
the corresponding next homepage based on user level, which it does not do at
this time!
I thought div class=message was only a class? I already have a $message
variable that do display:
$message = 'The username or password is incorrect.';
When it comes to separating the code, I think this is a good idea, afraid this
will mess the code further up to do at this point?!
Regards
Den 24. juli 2011 kl. 11.52 skrev Dajka Tamas:
Hi,
I don't see any redirection in your script! It just displays the link to the
corresponding next homepage based on the user level. To really redirect, you
should user header ('Location: URL');. Be aware, that if you pass ANY
content out, the additional headers can't be set, so either use output
buffer in php.ini, or ob_start somewhere. And hope you do session_start() in
config.php ;)
Cheers,
Tamas
-Original Message-
From: alekto [mailto:alekto.antarct...@gmail.com]
Sent: Sunday, July 24, 2011 1:28 AM
To: php-general@lists.php.net
Subject: [PHP] Members area Login with permissions!
Hi,
I need some help with my html/php, restricted access script.
The purpose with this script is to let users login to a members area; some
with admin permission, some with newbe permission and some with advanced
permissions. The permissions are pre-defined in the MySQL-DB with a
use_level-field in the user-table.
The different user-groups should have access to the following content:
admin - permissions to everything (for now the same as advanced)
advanced - lecture 1 and lecture 2
newbe - only lecture 1
The problem with this script is that it does not redirect the different user
groups to their repective index-pages, please help me to detect why!
?php
include('config.php');
?
!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;
html xmlns=http://www.w3.org/1999/xhtml;
head
meta http-equiv=Content-Type content=text/html; charset=utf-8 /
link href=?php echo $design; ?/style.css rel=stylesheet
title=Style /
titleConnexion/title
/head
body
div class=header
a href=?php echo $url_home; ?img src=?php echo
$design; ?/images/logo.png alt=Members Area //a
/div
?php
//If the user is logged, we log him out
if(isset($_SESSION['username']))
{
//We log him out by deleting the username and userid sessions
unset($_SESSION['username'], $_SESSION['userid']);
?
div class=messageYou have successfuly been loged out.br /
a href=?php echo $url_home; ?Home/a/div
?php
}
else
{
$ousername = '';
//We check if the form has been sent
if(isset($_POST['username'], $_POST['password']))
{
//We remove slashes depending on the configuration
if(get_magic_quotes_gpc())
{
$ousername = stripslashes($_POST['username']);
$username =
mysql_real_escape_string(stripslashes($_POST['username']));
$password = stripslashes($_POST['password']);
}
else
{
$username =
mysql_real_escape_string($_POST['username']);
$password = $_POST['password'];
}
//We get the password of the user
$req = mysql_query('select password,id,usr_level from users
where username='.$username.'');
$dn = mysql_fetch_array($req);
//Get user level of the user
$usr_level = $req['usr_level'];
//We compare the submited password and the real one, and we
check if the user exists
if($dn['password']==$password and mysql_num_rows($req)0)
{
//If the password is good, we dont show the form
$form = false;
//We save the user name in the session username and
the user Id in the session userid
$_SESSION['username'] = $_POST['username'];
$_SESSION['userid'] = $dn['id'];
if($usr_level == 1)
{
?
div class=messageYou have successfuly been logged in. You can now access
the admin area.br /
a href=index2.phpHome/a/div
?php
}
if($usr_level == 10)
{
?
div class=messageYou have successfuly been logged in. You can now access
to the newbe area.br /
a href=index1.phpHome/a/div
?php
}
if($usr_level == 11)
{
?
div class=messageYou have successfuly been logged in. You can now access
the advanced
RE: [PHP] Members area Login with permissions!
Hi,
yes, class=message just sets the HTML class for that div element.
BTW, I've found the error:
//We get the password of the user
$req = mysql_query('select password,id,usr_level from users
where username='.$username.'');
$dn = mysql_fetch_array($req);
//Get user level of the user
$usr_level = $req['usr_level'];
You're setting $usr_level from a mysql_resource! So it's always null ( you
would have guessed it by adding a var_dump($usr_level); after setting
$usr_level ).
The fix: just change it to:
$usr_level = $dn['usr_level'];
Cheers,
Tamas
From: alekto [mailto:alekto.antarct...@gmail.com]
Sent: Sunday, July 24, 2011 1:00 PM
To: Dajka Tamas
Cc: php-general@lists.php.net
Subject: Re: [PHP] Members area Login with permissions!
Hi,
thank you for answering! I do have a session_start() in config.php.
For now there is no redirection as you mentioned, but it should display a
link to
the corresponding next homepage based on user level, which it does not do at
this time!
I thought div class=message was only a class? I already have a $message
variable that do display:
$message = 'The username or password is incorrect.';
When it comes to separating the code, I think this is a good idea, afraid
this will mess the code further up to do at this point?!
Regards
Den 24. juli 2011 kl. 11.52 skrev Dajka Tamas:
Hi,
I don't see any redirection in your script! It just displays the link to the
corresponding next homepage based on the user level. To really redirect, you
should user header ('Location: URL');. Be aware, that if you pass ANY
content out, the additional headers can't be set, so either use output
buffer in php.ini, or ob_start somewhere. And hope you do session_start() in
config.php ;)
Cheers,
Tamas
-Original Message-
From: alekto [mailto:alekto.antarct...@gmail.com]
Sent: Sunday, July 24, 2011 1:28 AM
To: php-general@lists.php.net
Subject: [PHP] Members area Login with permissions!
Hi,
I need some help with my html/php, restricted access script.
The purpose with this script is to let users login to a members area; some
with admin permission, some with newbe permission and some with advanced
permissions. The permissions are pre-defined in the MySQL-DB with a
use_level-field in the user-table.
The different user-groups should have access to the following content:
admin - permissions to everything (for now the same as advanced)
advanced - lecture 1 and lecture 2
newbe - only lecture 1
The problem with this script is that it does not redirect the different user
groups to their repective index-pages, please help me to detect why!
?php
include('config.php');
?
!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;
html xmlns=http://www.w3.org/1999/xhtml;
head
meta http-equiv=Content-Type content=text/html; charset=utf-8 /
link href=?php echo $design; ?/style.css rel=stylesheet
title=Style /
titleConnexion/title
/head
body
div class=header
a href=?php echo $url_home; ?img src=?php echo
$design; ?/images/logo.png alt=Members Area //a
/div
?php
//If the user is logged, we log him out
if(isset($_SESSION['username']))
{
//We log him out by deleting the username and userid sessions
unset($_SESSION['username'], $_SESSION['userid']);
?
div class=messageYou have successfuly been loged out.br /
a href=?php echo $url_home; ?Home/a/div
?php
}
else
{
$ousername = '';
//We check if the form has been sent
if(isset($_POST['username'], $_POST['password']))
{
//We remove slashes depending on the configuration
if(get_magic_quotes_gpc())
{
$ousername = stripslashes($_POST['username']);
$username =
mysql_real_escape_string(stripslashes($_POST['username']));
$password = stripslashes($_POST['password']);
}
else
{
$username =
mysql_real_escape_string($_POST['username']);
$password = $_POST['password'];
}
//We get the password of the user
$req = mysql_query('select password,id,usr_level from users
where username='.$username.'');
$dn = mysql_fetch_array($req);
//Get user level of the user
$usr_level = $req['usr_level'];
//We compare the submited password and the real one, and we
check if the user exists
if($dn['password']==$password and mysql_num_rows($req)0)
{
//If the password is good, we dont show the form
$form = false;
//We save the user name in the session username and
the user Id
RE: [PHP] Members area Login with permissions!
I don't think, that separating the code messes up anything, cos it's just
separating processing/displaying and you can always debug processing by
adding some echo $var, print_r($var) or var_dump($var). Moreover, by
separating the PHP and HTML you get clearer code for both, giving easier
debugging,
Tamas
From: alekto [mailto:alekto.antarct...@gmail.com]
Sent: Sunday, July 24, 2011 1:00 PM
To: Dajka Tamas
Cc: php-general@lists.php.net
Subject: Re: [PHP] Members area Login with permissions!
Hi,
thank you for answering! I do have a session_start() in config.php.
For now there is no redirection as you mentioned, but it should display a
link to
the corresponding next homepage based on user level, which it does not do at
this time!
I thought div class=message was only a class? I already have a $message
variable that do display:
$message = 'The username or password is incorrect.';
When it comes to separating the code, I think this is a good idea, afraid
this will mess the code further up to do at this point?!
Regards
Den 24. juli 2011 kl. 11.52 skrev Dajka Tamas:
Hi,
I don't see any redirection in your script! It just displays the link to the
corresponding next homepage based on the user level. To really redirect, you
should user header ('Location: URL');. Be aware, that if you pass ANY
content out, the additional headers can't be set, so either use output
buffer in php.ini, or ob_start somewhere. And hope you do session_start() in
config.php ;)
Cheers,
Tamas
-Original Message-
From: alekto [mailto:alekto.antarct...@gmail.com]
Sent: Sunday, July 24, 2011 1:28 AM
To: php-general@lists.php.net
Subject: [PHP] Members area Login with permissions!
Hi,
I need some help with my html/php, restricted access script.
The purpose with this script is to let users login to a members area; some
with admin permission, some with newbe permission and some with advanced
permissions. The permissions are pre-defined in the MySQL-DB with a
use_level-field in the user-table.
The different user-groups should have access to the following content:
admin - permissions to everything (for now the same as advanced)
advanced - lecture 1 and lecture 2
newbe - only lecture 1
The problem with this script is that it does not redirect the different user
groups to their repective index-pages, please help me to detect why!
?php
include('config.php');
?
!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;
html xmlns=http://www.w3.org/1999/xhtml;
head
meta http-equiv=Content-Type content=text/html; charset=utf-8 /
link href=?php echo $design; ?/style.css rel=stylesheet
title=Style /
titleConnexion/title
/head
body
div class=header
a href=?php echo $url_home; ?img src=?php echo
$design; ?/images/logo.png alt=Members Area //a
/div
?php
//If the user is logged, we log him out
if(isset($_SESSION['username']))
{
//We log him out by deleting the username and userid sessions
unset($_SESSION['username'], $_SESSION['userid']);
?
div class=messageYou have successfuly been loged out.br /
a href=?php echo $url_home; ?Home/a/div
?php
}
else
{
$ousername = '';
//We check if the form has been sent
if(isset($_POST['username'], $_POST['password']))
{
//We remove slashes depending on the configuration
if(get_magic_quotes_gpc())
{
$ousername = stripslashes($_POST['username']);
$username =
mysql_real_escape_string(stripslashes($_POST['username']));
$password = stripslashes($_POST['password']);
}
else
{
$username =
mysql_real_escape_string($_POST['username']);
$password = $_POST['password'];
}
//We get the password of the user
$req = mysql_query('select password,id,usr_level from users
where username='.$username.'');
$dn = mysql_fetch_array($req);
//Get user level of the user
$usr_level = $req['usr_level'];
//We compare the submited password and the real one, and we
check if the user exists
if($dn['password']==$password and mysql_num_rows($req)0)
{
//If the password is good, we dont show the form
$form = false;
//We save the user name in the session username and
the user Id in the session userid
$_SESSION['username'] = $_POST['username'];
$_SESSION['userid'] = $dn['id'];
if($usr_level == 1)
{
?
div class=messageYou have successfuly been logged in. You can now access
the admin area.br /
a href=index2.phpHome/a/div
?php
Re: [PHP] Members area Login with permissions!
Thanks a lot :)
This solved the user level issue, I can now login with different user levels
and get displayed with a link to the corresponding index-pages.
But I am now facing a new issue regarding this; when I am entering the URL's of
the corresponding index-pages I do get access to the
corresponding index-pages without having to login at all!! Is there a way to
prevent this form happening?
And is there also a way to hide the
URL's that goes beyond www.url.com, e.i. www.url.com/index_admin.php?
Regard
Den 24. juli 2011 kl. 13.26 skrev Dajka Tamas:
Hi,
yes, class=”message” just sets the HTML class for that div element.
BTW, I’ve found the error:
//We get the password of the user
$req = mysql_query('select password,id,usr_level from users
where username='.$username.'');
$dn = mysql_fetch_array($req);
//Get user level of the user
$usr_level = $req['usr_level'];
You’re setting $usr_level from a mysql_resource! So it’s always null ( you
would have guessed it by adding a var_dump($usr_level); after setting
$usr_level ).
The fix: just change it to:
$usr_level = $dn[’usr_level’];
Cheers,
Tamas
From: alekto [mailto:alekto.antarct...@gmail.com]
Sent: Sunday, July 24, 2011 1:00 PM
To: Dajka Tamas
Cc: php-general@lists.php.net
Subject: Re: [PHP] Members area Login with permissions!
Hi,
thank you for answering! I do have a session_start() in config.php.
For now there is no redirection as you mentioned, but it should display a
link to
the corresponding next homepage based on user level, which it does not do at
this time!
I thought div class=message was only a class? I already have a $message
variable that do display:
$message = 'The username or password is incorrect.';
When it comes to separating the code, I think this is a good idea, afraid
this will mess the code further up to do at this point?!
Regards
Den 24. juli 2011 kl. 11.52 skrev Dajka Tamas:
Hi,
I don't see any redirection in your script! It just displays the link to the
corresponding next homepage based on the user level. To really redirect, you
should user header ('Location: URL');. Be aware, that if you pass ANY
content out, the additional headers can't be set, so either use output
buffer in php.ini, or ob_start somewhere. And hope you do session_start() in
config.php ;)
Cheers,
Tamas
-Original Message-
From: alekto [mailto:alekto.antarct...@gmail.com]
Sent: Sunday, July 24, 2011 1:28 AM
To: php-general@lists.php.net
Subject: [PHP] Members area Login with permissions!
Hi,
I need some help with my html/php, restricted access script.
The purpose with this script is to let users login to a members area; some
with admin permission, some with newbe permission and some with advanced
permissions. The permissions are pre-defined in the MySQL-DB with a
use_level-field in the user-table.
The different user-groups should have access to the following content:
admin - permissions to everything (for now the same as advanced)
advanced - lecture 1 and lecture 2
newbe - only lecture 1
The problem with this script is that it does not redirect the different user
groups to their repective index-pages, please help me to detect why!
?php
include('config.php');
?
!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;
html xmlns=http://www.w3.org/1999/xhtml;
head
meta http-equiv=Content-Type content=text/html; charset=utf-8 /
link href=?php echo $design; ?/style.css rel=stylesheet
title=Style /
titleConnexion/title
/head
body
div class=header
a href=?php echo $url_home; ?img src=?php echo
$design; ?/images/logo.png alt=Members Area //a
/div
?php
//If the user is logged, we log him out
if(isset($_SESSION['username']))
{
//We log him out by deleting the username and userid sessions
unset($_SESSION['username'], $_SESSION['userid']);
?
div class=messageYou have successfuly been loged out.br /
a href=?php echo $url_home; ?Home/a/div
?php
}
else
{
$ousername = '';
//We check if the form has been sent
if(isset($_POST['username'], $_POST['password']))
{
//We remove slashes depending on the configuration
if(get_magic_quotes_gpc())
{
$ousername = stripslashes($_POST['username']);
$username =
mysql_real_escape_string(stripslashes($_POST['username']));
$password = stripslashes($_POST['password']);
}
else
{
$username =
mysql_real_escape_string($_POST['username']);
$password = $_POST['password
RE: [PHP] Members area Login with permissions!
You're welcome J
Yes, you can hide the urls, just google for url rewriting or seo urls.
Unfortunatelly, this is not basic level stuff and you cannot hide completly
the urls.
About your issue: that's why I've added to my example's index.php this line:
if ( ! $_session['username'] ) {
$_SESSION['message'] = Please log in;
header('Location: login.php');
}
For your situation, I would change it a bit ( for ANY index pages, which is
not a login page ):
if ( ! $_SESSION['username'] || $_SESSION['usr_level'] !=
CURRENT_SITE_PERMISSION ) {
//we set a message in session to the user
$_SESSION['message'] = Please log in;
//we redirect the user to the login page
header('Location: index.php');
}
This will redirect an unlogged user to the login form ( if logged in, but
has no access rights, your login page will log out the user ).
Don't forget to store the users' access level in the session, or this will
not work!
Cheers,
Tamas
From: alekto [mailto:alekto.antarct...@gmail.com]
Sent: Sunday, July 24, 2011 3:23 PM
To: Dajka Tamas
Cc: php-general@lists.php.net
Subject: Re: [PHP] Members area Login with permissions!
Thanks a lot :)
This solved the user level issue, I can now login with different user levels
and get displayed with a link to the corresponding index-pages.
But I am now facing a new issue regarding this; when I am entering the URL's
of the corresponding index-pages I do get access to the
corresponding index-pages without having to login at all!! Is there a way to
prevent this form happening?
And is there also a way to hide the
URL's that goes beyond www.url.com, e.i. www.url.com/index_admin.php?
Regard
Den 24. juli 2011 kl. 13.26 skrev Dajka Tamas:
Hi,
yes, class=message just sets the HTML class for that div element.
BTW, I've found the error:
//We get the password of the user
$req = mysql_query('select password,id,usr_level from users
where username='.$username.'');
$dn = mysql_fetch_array($req);
//Get user level of the user
$usr_level = $req['usr_level'];
You're setting $usr_level from a mysql_resource! So it's always null ( you
would have guessed it by adding a var_dump($usr_level); after setting
$usr_level ).
The fix: just change it to:
$usr_level = $dn['usr_level'];
Cheers,
Tamas
From: alekto [mailto:alekto.antarct...@gmail.com]
Sent: Sunday, July 24, 2011 1:00 PM
To: Dajka Tamas
Cc: php-general@lists.php.net
Subject: Re: [PHP] Members area Login with permissions!
Hi,
thank you for answering! I do have a session_start() in config.php.
For now there is no redirection as you mentioned, but it should display a
link to
the corresponding next homepage based on user level, which it does not do at
this time!
I thought div class=message was only a class? I already have a $message
variable that do display:
$message = 'The username or password is incorrect.';
When it comes to separating the code, I think this is a good idea, afraid
this will mess the code further up to do at this point?!
Regards
Den 24. juli 2011 kl. 11.52 skrev Dajka Tamas:
Hi,
I don't see any redirection in your script! It just displays the link to the
corresponding next homepage based on the user level. To really redirect, you
should user header ('Location: URL');. Be aware, that if you pass ANY
content out, the additional headers can't be set, so either use output
buffer in php.ini, or ob_start somewhere. And hope you do session_start() in
config.php ;)
Cheers,
Tamas
-Original Message-
From: alekto [mailto:alekto.antarct...@gmail.com]
Sent: Sunday, July 24, 2011 1:28 AM
To: php-general@lists.php.net
Subject: [PHP] Members area Login with permissions!
Hi,
I need some help with my html/php, restricted access script.
The purpose with this script is to let users login to a members area; some
with admin permission, some with newbe permission and some with advanced
permissions. The permissions are pre-defined in the MySQL-DB with a
use_level-field in the user-table.
The different user-groups should have access to the following content:
admin - permissions to everything (for now the same as advanced)
advanced - lecture 1 and lecture 2
newbe - only lecture 1
The problem with this script is that it does not redirect the different user
groups to their repective index-pages, please help me to detect why!
?php
include('config.php');
?
!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;
html xmlns=http://www.w3.org/1999/xhtml;
head
meta http-equiv=Content-Type content=text/html; charset=utf-8 /
link href=?php echo $design; ?/style.css rel=stylesheet
title=Style /
titleConnexion/title
/head
body
div class=header
Re: [PHP] Members area Login with permissions!
One again, Thank you!! Your excellent advice saved my day ;)
Den 24. juli 2011 kl. 16.07 skrev Dajka Tamas:
You’re welcome J
Yes, you can hide the urls, just google for „url rewriting” or „seo urls”.
Unfortunatelly, this is not basic level stuff and you cannot hide completly
the urls…
About your issue: that’s why I’ve added to my example’s index.php this line:
if ( ! $_session['username'] ) {
$_SESSION['message'] = Please log in;
header('Location: login.php');
}
For your situation, I would change it a bit ( for ANY index pages, which is
not a login page ):
if ( ! $_SESSION['username'] || $_SESSION[’usr_level’] !=
CURRENT_SITE_PERMISSION ) {
//we set a message in session to the user
$_SESSION['message'] = Please log in;
//we redirect the user to the login page
header('Location: index.php');
}
This will redirect an unlogged user to the login form ( if logged in, but has
no access rights, your login page will log out the user ).
Don’t forget to store the users’ access level in the session, or this will
not work!
Cheers,
Tamas
From: alekto [mailto:alekto.antarct...@gmail.com]
Sent: Sunday, July 24, 2011 3:23 PM
To: Dajka Tamas
Cc: php-general@lists.php.net
Subject: Re: [PHP] Members area Login with permissions!
Thanks a lot :)
This solved the user level issue, I can now login with different user levels
and get displayed with a link to the corresponding index-pages.
But I am now facing a new issue regarding this; when I am entering the URL's
of the corresponding index-pages I do get access to the
corresponding index-pages without having to login at all!! Is there a way to
prevent this form happening?
And is there also a way to hide the
URL's that goes beyond www.url.com, e.i. www.url.com/index_admin.php?
Regard
Den 24. juli 2011 kl. 13.26 skrev Dajka Tamas:
Hi,
yes, class=”message” just sets the HTML class for that div element.
BTW, I’ve found the error:
//We get the password of the user
$req = mysql_query('select password,id,usr_level from users
where username='.$username.'');
$dn = mysql_fetch_array($req);
//Get user level of the user
$usr_level = $req['usr_level'];
You’re setting $usr_level from a mysql_resource! So it’s always null ( you
would have guessed it by adding a var_dump($usr_level); after setting
$usr_level ).
The fix: just change it to:
$usr_level = $dn[’usr_level’];
Cheers,
Tamas
From: alekto [mailto:alekto.antarct...@gmail.com]
Sent: Sunday, July 24, 2011 1:00 PM
To: Dajka Tamas
Cc: php-general@lists.php.net
Subject: Re: [PHP] Members area Login with permissions!
Hi,
thank you for answering! I do have a session_start() in config.php.
For now there is no redirection as you mentioned, but it should display a
link to
the corresponding next homepage based on user level, which it does not do at
this time!
I thought div class=message was only a class? I already have a $message
variable that do display:
$message = 'The username or password is incorrect.';
When it comes to separating the code, I think this is a good idea, afraid
this will mess the code further up to do at this point?!
Regards
Den 24. juli 2011 kl. 11.52 skrev Dajka Tamas:
Hi,
I don't see any redirection in your script! It just displays the link to the
corresponding next homepage based on the user level. To really redirect, you
should user header ('Location: URL');. Be aware, that if you pass ANY
content out, the additional headers can't be set, so either use output
buffer in php.ini, or ob_start somewhere. And hope you do session_start() in
config.php ;)
Cheers,
Tamas
-Original Message-
From: alekto [mailto:alekto.antarct...@gmail.com]
Sent: Sunday, July 24, 2011 1:28 AM
To: php-general@lists.php.net
Subject: [PHP] Members area Login with permissions!
Hi,
I need some help with my html/php, restricted access script.
The purpose with this script is to let users login to a members area; some
with admin permission, some with newbe permission and some with advanced
permissions. The permissions are pre-defined in the MySQL-DB with a
use_level-field in the user-table.
The different user-groups should have access to the following content:
admin - permissions to everything (for now the same as advanced)
advanced - lecture 1 and lecture 2
newbe - only lecture 1
The problem with this script is that it does not redirect the different user
groups to their repective index-pages, please help me to detect why!
?php
include('config.php');
?
!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;
html xmlns=http://www.w3.org/1999/xhtml;
head
meta http-equiv
[PHP] Members area Login with permissions!
Hi,
I need some help with my html/php, restricted access script.
The purpose with this script is to let users login to a members area; some with
admin permission, some with newbe permission and some with advanced
permissions. The permissions are pre-defined in the MySQL-DB with a
use_level-field in the user-table.
The different user-groups should have access to the following content:
admin - permissions to everything (for now the same as advanced)
advanced - lecture 1 and lecture 2
newbe - only lecture 1
The problem with this script is that it does not redirect the different user
groups to their repective index-pages, please help me to detect why!
?php
include('config.php');
?
!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;
html xmlns=http://www.w3.org/1999/xhtml;
head
meta http-equiv=Content-Type content=text/html; charset=utf-8 /
link href=?php echo $design; ?/style.css rel=stylesheet
title=Style /
titleConnexion/title
/head
body
div class=header
a href=?php echo $url_home; ?img src=?php echo $design;
?/images/logo.png alt=Members Area //a
/div
?php
//If the user is logged, we log him out
if(isset($_SESSION['username']))
{
//We log him out by deleting the username and userid sessions
unset($_SESSION['username'], $_SESSION['userid']);
?
div class=messageYou have successfuly been loged out.br /
a href=?php echo $url_home; ?Home/a/div
?php
}
else
{
$ousername = '';
//We check if the form has been sent
if(isset($_POST['username'], $_POST['password']))
{
//We remove slashes depending on the configuration
if(get_magic_quotes_gpc())
{
$ousername = stripslashes($_POST['username']);
$username =
mysql_real_escape_string(stripslashes($_POST['username']));
$password = stripslashes($_POST['password']);
}
else
{
$username = mysql_real_escape_string($_POST['username']);
$password = $_POST['password'];
}
//We get the password of the user
$req = mysql_query('select password,id,usr_level from users
where username='.$username.'');
$dn = mysql_fetch_array($req);
//Get user level of the user
$usr_level = $req['usr_level'];
//We compare the submited password and the real one, and we
check if the user exists
if($dn['password']==$password and mysql_num_rows($req)0)
{
//If the password is good, we dont show the form
$form = false;
//We save the user name in the session username and the
user Id in the session userid
$_SESSION['username'] = $_POST['username'];
$_SESSION['userid'] = $dn['id'];
if($usr_level == 1)
{
?
div class=messageYou have successfuly been logged in. You can now access
the admin area.br /
a href=index2.phpHome/a/div
?php
}
if($usr_level == 10)
{
?
div class=messageYou have successfuly been logged in. You can now access to
the newbe area.br /
a href=index1.phpHome/a/div
?php
}
if($usr_level == 11)
{
?
div class=messageYou have successfuly been logged in. You can now access
the advanced area.br /
a href=index2.phpHome/a/div
?php
}
}
else
{
//Otherwise, we say the password is incorrect.
$form = true;
$message = 'The username or password is incorrect.';
}
}
else
{
$form = true;
}
if($form)
{
//We display a message if necessary
if(isset($message))
{
echo 'div class=message'.$message.'/div';
}
//We display the form
?
div class=content
form action=connexion.php method=post
Please type your IDs to log in:br /
div class=center
label for=usernameUsername/labelinput type=text
name=username id=username value=?php echo htmlentities($ousername,
ENT_QUOTES, 'UTF-8'); ? /br /
label for=passwordPassword/labelinput type=password
name=password id=password /br /
input type=submit value=Log in /
/div
/form
/div
?php
}
}
?
div class=foota href=?php echo $url_home; ?Go
Home/a/div
/body
/html
Re: [PHP] Members area
Brandon, The tutorials are there - look for them. They collectively describe all that you want to do vis-a-vis database manipulation. Miles At 06:58 PM 2/27/01 -0800, you wrote: Yea i cant find a good Tut, ok... i have a members directory with the inside that folder is status, goodies, ect and i want to get the information out my database for that specific member, how would i connect to my database, what would i select from "members" (my database) to get the field for that one person, so i can put there infomation when the logg in the members area Miles Thompson wrote: Brandon, It's a little confusing. Are you saying: 1. You have the members area - a directory, what? 2. You have created a database containing your members information. and now you: 3. Want to know how to connect to the database? 4. Add information to the database about the members? 5. Have the members add information to the database? Which database are you using? What kind of information do you want to capture? We need more information - Miles Thompson PS Have you looked at the PHP database tutorials at various php sites, like www.thickbook.com, devshed, php essentials, php builder etc.? /mt At 05:34 PM 2/27/01 -0800, Brandon Feldhahn wrote: Hi, eveyone, my name is brandon, and i made a members area for my site, a database driven http authentication and a database for all my members i got everything working but how do i make a database connection that recieve the infomation for that user that has loggin into the members area. If i wasen clear enough just tell me. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Members area
Hi, eveyone, my name is brandon, and i made a members area for my site, a database driven http authentication and a database for all my members i got everything working but how do i make a database connection that recieve the infomation for that user that has loggin into the members area. If i wasen clear enough just tell me. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Members area
Brandon, It's a little confusing. Are you saying: 1. You have the members area - a directory, what? 2. You have created a database containing your members information. and now you: 3. Want to know how to connect to the database? 4. Add information to the database about the members? 5. Have the members add information to the database? Which database are you using? What kind of information do you want to capture? We need more information - Miles Thompson PS Have you looked at the PHP database tutorials at various php sites, like www.thickbook.com, devshed, php essentials, php builder etc.? /mt At 05:34 PM 2/27/01 -0800, Brandon Feldhahn wrote: Hi, eveyone, my name is brandon, and i made a members area for my site, a database driven http authentication and a database for all my members i got everything working but how do i make a database connection that recieve the infomation for that user that has loggin into the members area. If i wasen clear enough just tell me. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
